On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading
On September 8, 2016, Advocate General Paolo Mengozzi of the Court of Justice of the European Union issued his Opinion on the compatibility of the draft agreement between Canada and the EU on the transfer of passenger name record data with the Charter of Fundamental Rights of the European Union. … Continue Reading
On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment regarding the Gramm Leach Bliley Act Safeguards Rule.… Continue Reading
Last month, the People’s Republic of China’s administrative departments jointly published the Interim Measures for the Administration of Operation and Services of E-hailing Taxis. E-hailing is an increasingly popular emerging business in China that the Measures seek to regulate. The Measures will come into effect on November 1, 2016.… Continue Reading
Recently, the People’s Republic of China’s Ministry of Public Security, the National Development and Reform Commission and six other administrative departments jointly published the Announcement on Regulating the Administration of the Use of Resident Identity Cards. The Announcement came into effect on July 15, 2016, the date of its issuance.… Continue Reading
The State Administration for Industry and Commerce of the People's Republic of China published a draft of its Implementing Regulations for the P.R.C. Law on the Protection of the Rights and Interests of Consumers for public comment. The draft is open for comment until September 5, 2016.… Continue Reading
On July 29, 2016, the Federal Trade Commission announced that it had issued an opinion and final order reversing the administrative law judge’s decision by finding that LabMD failed to maintain reasonable security practices to protect consumers’ sensitive personal information in violation of Section 5 of the FTC Act.… Continue Reading
On July 5, 2016, China’s Standing Committee of the National People’s Congress published the full second draft of the Cybersecurity Law. The public may file comments on the second draft of the Cybersecurity Law until August 4, 2016.… Continue Reading
On June 28, 2016, the State Internet Information Office of the People’s Republic of China published the Administrative Provisions on Information Services for Mobile Internet Applications (the “App Administrative Provisions”). This is the first regulation that expressly regulates mobile apps in the People’s Republic of China. Before the App Administrative Provisions were published, the P.R.C. … Continue Reading
On June 27, 2016, the Standing Committee of the National People’s Congress of the People's Republic of China held a second reading of the draft Cybersecurity Law. The law is aimed at strengthening the protection and security of key information infrastructure and important data in China.… Continue Reading
On June 25, 2016, the Cyberspace Administration of China published its new Administrative Provisions on Internet Information Search Services. These provisions will come into effect on August 1, 2016.… Continue Reading
On June 17, 2016, the National Privacy Commission of the Philippines released draft guidelines entitled, Implementing Rules and Regulations of the Data Privacy Act of 2012, for public consultation. This blog entry provides a summary of the draft guidelines.… Continue Reading
On June 22, 2016, the Federal Trade Commission announced that it reached a settlement with a mobile advertising company, InMobi, to resolve charges that the company deceptively tracked hundreds of millions of consumers’ locations without their knowledge or consent. Among other requirements, the settlement orders the company to pay 950,000 dollars in civil penalties. … Continue Reading
On June 8, 2016, the Federal Trade Commission announced that Practice Fusion, an electronic health records company, agreed to settle FTC charges that the company misled consumers about the privacy of doctor reviews submitted to the company. … Continue Reading
On May 19, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that its multistakeholder process to develop best practices to address privacy, transparency and accountability issues related to private and commercial use of unmanned aircraft systems (“UAS”) had concluded with the group reaching a consensus on a best practices document. … Continue Reading
On April 26, 2016, Korean law firm Bae, Kim & Lee LLC released a Privacy News Alert outlining amendments to Korea’s Personal Information Protection Act and the Act on the Promotion of IT Network Use and Information Protection.… Continue Reading
On April 13, 2016, Nebraska Governor Pete Ricketts signed into law LB 835, which among other things, adds a regulator notification requirement and broadens the definition of “personal information” in the state’s data breach notification statute. The amendments take effect on July 20, 2016. … Continue Reading
Recently, U.S. District Judge R. Gary Klausner approved a settlement in Corona v. Sony Pictures Entertainment, Inc. The litigation centered on a data breach involving the stolen personal information of at least 15,000 former and current employees.… Continue Reading
On April 6, 2016, the Federal Trade Commission endorsed the Organization for Economic Cooperation and Development’s updated guidelines on consumer protection in e-commerce. This blog entry provides highlights on the OECD’s new recommendations. … Continue Reading
On March 22, 2016, the Ministry of Commerce of the People’s Republic of China published drafts of its proposed (1) Specifications for Business Services in Mobile E-commerce and (2) Specifications for Business Services in Cross-border E-commerce. Public comments on the drafts will be accepted until May 31, 2016.… Continue Reading
On March 14, 2016, the UK’s Information Commissioner’s Office published a guide, “Preparing for the General Data Protection Regulation (GDPR) – 12 Steps to Take Now.” The guide sets out a number of points that should inform organizations’ data privacy and governance programs ahead of the anticipated mid-2018 entry into force of the GDPR. … Continue Reading
On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading
On February 25, 2016, the Court of Justice of the European Union heard arguments on whether or not IP addresses constitute personal data and therefore cannot be stored beyond what is necessary to provide an Internet service.… Continue Reading
