National Telecommunications and Information Administration

The Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP recently submitted formal comments to the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) in response to its request for public comments on developing the administration’s approach to consumer privacy.

Continue Reading CIPL Responds to NTIA Request for Comment on Developing the Administration’s Approach to Consumer Privacy

On November 9, 2018, the European Commission (“the Commission”) submitted comments to the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) in response to its request for public comments on developing the administration’s approach to consumer privacy. Continue Reading EU Commission Responds to NTIA Request for Comment on Developing the Administration’s Approach to Consumer Privacy

On September 26, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that it is seeking public comments on a proposed approach to advancing consumer privacy. The approach is divided into two parts: (1) a set of desired user-centric privacy outcomes of organizational practices, including transparency, control, reasonable minimization (of data collection, storage length, use and sharing), security, access and correction, risk management and accountability; and (2) a set of high-level goals that describe the outlines of the ecosystem that should be created to provide those protections, including harmonizing the regulatory landscape, balancing legal clarity and the flexibility to innovate, ensuring comprehensive application, employing a risk and outcome-based approach, creating mechanisms for interoperability with international norms and frameworks, incentivizing privacy research, ensuring that the Federal Trade Commission has the resources and authority to enforce, and ensuring scalability. Continue Reading NTIA Seeks Public Comment on Approach to Consumer Privacy with an Eye Toward Building Better Privacy Protections

On June 15, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that its multistakeholder process to develop a code of conduct regarding the commercial use of facial recognition technology had concluded with the group reaching a consensus on a best practices document. As we previously reported, the NTIA announced the multistakeholder process in December 2013 in response to the White House’s February 2012 privacy framework, which directed the NTIA to oversee the development of codes of conduct that specify how the Consumer Privacy Bill of Rights applies in specific business contexts.

Continue Reading NTIA Releases Facial Recognition Technology Best Practices

On May 19, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that its multistakeholder process to develop best practices to address privacy, transparency and accountability issues related to private and commercial use of unmanned aircraft systems (“UAS”) had concluded with the group reaching a consensus on a best practices document. As we previously reported, the NTIA announced in March 2015 the multistakeholder process in response to a Presidential Memorandum issued by the White House in February 2015, which directed NTIA to facilitate discussion between private sector entities to develop standards for commercial UAS use. Continue Reading NTIA Releases Drone Privacy Best Practices

As we previously reported, the Federal Aviation Administration’s (“FAA’s”) proposed “small drone rule” nears completion of the interagency review process, but one potential stumbling block has been removed, at least for now. On Tuesday, May 10, 2016, the U.S. Court of Appeals for the D.C. Circuit denied a request by the Electronic Privacy Information Center (“EPIC”) to review the FAA’s decision not to include privacy provisions in its Notice of Proposed Rulemaking for the Operation and Certification of Small Unmanned Aircraft Systems (“NPRM”), as well as its denial of an EPIC petition to the same effect. The court decided that there were no reasonable grounds for EPIC’s delay in filing for review of the FAA’s denial of EPIC’s 2012 petition that sought to cause the FAA to promulgate privacy regulations pertaining to drones. The court further concluded that EPIC’s challenge to the NPRM itself is premature, as the rule is not yet final. Continue Reading Privacy Provisions Not Included in Small Drone Rule

Earlier this month, the Payment Card Industry Security Standards Council (“PCI SSC”) published a set of enhanced validation procedures designed to provide greater assurance that certain entities are maintaining compliance with the PCI Data Security Standard (“PCI DSS”) effectively and on a continuing basis. The payment card brands and acquirers will determine which organizations are required to undergo a compliance assessment with respect to these supplemental validation requirements, which are entitled the PCI DSS Designated Entities Supplemental Validation (“DESV”).

Continue Reading PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

On June 16, 2015, the Consumer Federation of America announced in a joint statement with other privacy advocacy groups that they would no longer participate in the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) multistakeholder process to develop a code of conduct regarding the commercial use of facial recognition technology. The letter was signed by the Center for Democracy & Technology, the Center for Digital Democracy, the Consumer Federation of America, Common Sense Media, the Electronic Frontier Foundation, the American Civil Liberties Union, Consumer Action, Consumer Watchdog and the Center on Privacy & Technology at Georgetown University Law Center. This decision comes after 16 months of meetings and negotiations. In its announcement, the group highlighted its inability to come to an agreement with industry groups on how the issue of consumer consent would be addressed in a code of conduct regarding the use of facial recognition technology. Specifically, the disagreement between consumer and industry groups revolved around the default rule for consumer consent (i.e., whether the default should be opt-in or opt-out consent).

Continue Reading Consumer Groups Drop Out of NTIA Multistakeholder Process Regarding the Commercial Use of Facial Recognition Technology

On March 31, 2015, the Electronic Privacy Information Center (“EPIC”) filed a petition (the “Petition”) with the U.S. Court of Appeals for the District of Columbia Circuit accusing the Department of Transportation’s Federal Aviation Administration (“FAA”) of unlawfully failing to include privacy rules in the FAA’s proposed framework of regulations for unmanned aircraft systems (“UAS”), otherwise known as drones. The Petition stems from the FAA’s November 2014 denial of another EPIC petition calling for the FAA to address the threat of privacy and civil liberties associated with the deployment of aerial drones within the U.S.

Continue Reading Privacy Group Requests D.C. Circuit Review Regarding Lack of Privacy Rules in the FAA’s Proposed Drone Regulations