Select Page

Author: Hogan Lovells International LLP

Article 29 Working Party Sets Deadline to Address Privacy Shield Concerns

Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party (Working Party) of EU data protection regulators has issued its own report on the matter. The summary of findings by the Working Party, which draws from both written submissions and oral contributions, begins by commending U.S. authorities for their efforts in establishing a procedural framework to support the operation of Privacy Shield but quickly shifts to the Working Party’s concerns. Should the concerns not be addressed by the time of the second joint review, the...

Read More

Russia Partially Releases 2018 Data Privacy Inspection Plans

Two weeks ago, certain territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2018 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including with Russia’s data localization requirement. The inspection plans contain a number of prominent multi-national and Russian companies. Within such inspections, Roskomnadzor assesses the compliance of the entity with Russian regulations on personal data (consents, policies, decrees, cross-border data transfers, data localization requirement, technical measures, etc.). Companies operating in Russia can check the inspection plans in their respective regions (Central, North-West, Uralian, Siberian) to determine whether they or their affiliates...

Read More

FCC Privacy Rules Break New Ground

The Federal Communication Commission’s (FCC) long-awaited – and much debated – privacy rules for Internet Service Providers (ISPs) have now been adopted.  The agency approved the rules by a 3-2 vote along political party lines last Thursday. Several of the FCC requirements are particularly notable for being more restrictive than the Federal Trade Commission’s (FTC) standards for consumer online privacy.  In this post we provide an overview of some of the new FCC rules and highlight key areas where the FCC’s requirements diverge from the FTC’s framework. Requirements for ISPs Although the full text of the FCC’s decision has not yet been released, an agency fact sheet provides details on some of the key requirements: Transparency.  The rules require that ISPs, whether they offer mobile broadband or fixed broadband services, to: (1) notify customers about what types of information the ISP collects about customers; (2) specify how and for what purposes the ISP uses and shares this information; and (3) identify the types of entities with which the ISP shares this information. Consumer Choice.  ISPs must obtain opt-in consent to use and share “sensitive information” such as precise geolocation information, web browsing history, app usage history, the content of communications, and health information.  ISPs must also provide consumers an ability to opt out of the use and sharing of non-sensitive information.  Certain exceptions to these consent standards are provided,...

Read More

Congress Looking at Potential Energy-Sector Cybersecurity and Privacy Reform

Energy-sector cybersecurity and privacy is generating significant attention of late. Last month, the Federal Energy Regulatory Commission issued a final rule creating new standards for the cybersecurity of the electric grid. FERC followed this issuance with a report on electrical grid recovery and restoration planning that makes a number of recommendations for improved cyber-incident response and recovery plans. In parallel, the U.S. Congress is working on a variety of measures to combat perceived cybersecurity and privacy threats related to the powergrid. The failure of the powergrid in Ukraine due to security breaches; reports of ISIS and other foreign threats...

Read More

European Multi-Stakeholder Group Releases Connected Vehicles Report

Connected cars can generate large volumes of data, including data on engine performance, location, and driver behaviour. The European Commission has convened multi-stakeholder groups to figure out how to organize access to that data in a safe, competitively neutral, and privacy-friendly way. Two recent reports shed light on the principles under consideration for data sharing infrastructures in the EU. And legislative and regulatory developments in the EU will likely have a substantial impact on connected car deployments. In the EU, policy conversations about connected cars take place in five different contexts: in the data protection context (the forthcoming General Data...

Read More

International Data Transfers – The Uncertainty Continues

Following the announcement by the European Commission of the newly agreed EU-US Privacy Shield, the missing piece of the jigsaw was the Article 29 Working Party’s stance on the adequacy of the existing mechanisms in place—in particular, standard contractual clauses and binding corporate rules (BCR).  So after two days of intense discussions, the Working Party has issued a statement with its latest position, which is the follow up to their original reaction to the invalidation of Safe Harbor last October.  The bottom line: the Working Party still does not view US government surveillance laws as sufficiently protective of privacy—a...

Read More

The European Court of Human Rights Decides that Accessing an Employee’s Work IM Account Did Not Breach His Privacy Rights

To what extent are the personal communications sent by an employee from their employer’s computer private? In Europe it has been accepted for some years that employees do not lose their right to privacy in the workplace. However a recent decision from the European Court of Human Rights (ECHR) confirms the rights of the employer to restrict employees from any personal use of the employer’s computer equipment and, consequently, rely on a contravention of the restriction (which is revealed through monitoring) as grounds for dismissal. What were the facts? The claimant in Barbulescu v Romania worked for a private...

Read More
  • 1
  • 2