On June 15, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that its multistakeholder process to develop a code of conduct regarding the commercial use of facial recognition technology had concluded with the group reaching a consensus on a best practices document. As we previously reported, the NTIA announced the multistakeholder process in December 2013 in response to the White House’s February 2012 privacy framework, which directed the NTIA to oversee the development of codes of conduct that specify how the Consumer Privacy Bill of Rights applies in specific business contexts.
On May 19, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that its multistakeholder process to develop best practices to address privacy, transparency and accountability issues related to private and commercial use of unmanned aircraft systems (“UAS”) had concluded with the group reaching a consensus on a best practices document. As we previously reported, the NTIA announced in March 2015 the multistakeholder process in response to a Presidential Memorandum issued by the White House in February 2015, which directed NTIA to facilitate discussion between private sector entities to develop standards for commercial UAS use. Continue Reading NTIA Releases Drone Privacy Best Practices
On February 29, 2016, the European Commission issued the legal texts that will implement the EU-U.S. Privacy Shield. These texts include a draft adequacy decision from the European Commission, Frequently Asked Questions and a Communication summarizing the steps that have been taken in the last few years to restore trust in transatlantic data flows.
The agreement in support of the new EU-U.S. transatlantic data transfer framework, known as the EU-U.S. Privacy Shield, was reached on February 2, 2016, between the U.S. Department of Commerce and the European Commission. Once adopted, the adequacy decision will establish that the safeguards provided when transferring personal data pursuant to the new EU-U.S. Privacy Shield are equivalent to the EU data protection standards. In addition, the European Commission has stated that the new framework reflects the requirements that were set forth by the Court of Justice of the European Union (the “CJEU”) in the recent Schrems decision. Continue Reading European Commission Presents EU-U.S. Privacy Shield
On Monday, October 26, 2015, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, gave a speech before the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) on the recent ruling by the Court of Justice of the European Union (the “CJEU”) that invalidated the European Commission’s Safe Harbor Decision. The EU Commissioner welcomed the Article 29 Working Party’s statement and, in particular, its support for a new Safe Harbor framework by January 31, 2016. However, the EU Commissioner called for more clarity in the meantime. Accordingly, she announced that the European Commission will soon issue an explanatory document on the consequences of the CJEU’s ruling to provide guidance for businesses on international data transfers.
In an article published by E-Commerce Law Reports, Hunton & Williams partners Bridget Treacy and Lisa Sotto discuss the Court of Justice of the European Union’s (the “CJEU’s”) recent ruling invalidating the European Commission’s Safe Harbor Decision. Continue Reading Hunton Discusses the Safe Harbor Decision and Provides Next Steps
On July 9, 2015, the National Telecommunications and Information Administration (“NTIA”) announced the launch of its first cybersecurity multistakeholder process, in which representatives from across the security and technology industries will meet in September to discuss vulnerability research disclosure.
On June 16, 2015, the Consumer Federation of America announced in a joint statement with other privacy advocacy groups that they would no longer participate in the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) multistakeholder process to develop a code of conduct regarding the commercial use of facial recognition technology. The letter was signed by the Center for Democracy & Technology, the Center for Digital Democracy, the Consumer Federation of America, Common Sense Media, the Electronic Frontier Foundation, the American Civil Liberties Union, Consumer Action, Consumer Watchdog and the Center on Privacy & Technology at Georgetown University Law Center. This decision comes after 16 months of meetings and negotiations. In its announcement, the group highlighted its inability to come to an agreement with industry groups on how the issue of consumer consent would be addressed in a code of conduct regarding the use of facial recognition technology. Specifically, the disagreement between consumer and industry groups revolved around the default rule for consumer consent (i.e., whether the default should be opt-in or opt-out consent).
On June 2, 2015, the National Institute of Standards and Technology (“NIST”) issued a press release on its recently published draft report, entitled Privacy Risk Management Framework for Federal Information Systems (the “Report”). The Report describes a privacy risk management framework (“PRMF”) for federal information systems designed to promote “a greater understanding of privacy impacts and the capability to address them in federal information systems through risk management.” The draft PRMF includes a Privacy Risk Assessment Methodology (“PRAM”) consisting of several worksheets for assessing the privacy impact of data actions.
On March 31, 2015, the Electronic Privacy Information Center (“EPIC”) filed a petition (the “Petition”) with the U.S. Court of Appeals for the District of Columbia Circuit accusing the Department of Transportation’s Federal Aviation Administration (“FAA”) of unlawfully failing to include privacy rules in the FAA’s proposed framework of regulations for unmanned aircraft systems (“UAS”), otherwise known as drones. The Petition stems from the FAA’s November 2014 denial of another EPIC petition calling for the FAA to address the threat of privacy and civil liberties associated with the deployment of aerial drones within the U.S.
On April 7, 2015, the FTC announced proposed settlements with TES Franchising, LLC, an organization specializing in business coaching, and American International Mailing, Inc., an alternative mail transporting company, related to charges that the companies falsely claimed they were compliant with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.