Joint statement of the European Data Protection Authorities Assembled in the Article29 working party
The European Data Governance Forum, Tuesday, December 09, 2014
Because of its common history and culture,Europe must make its voice heard in terms of ensuring that fundamental rights,including the rights to privacy and data protection, are respected without obstructing innovation or the need to ensure security in our society. In this context, the independent Data Protection Authorities assembled in the EUArticle 29 Working Party (WP29) want to deliver several key messages on how to address this global challenge. Therefore, the Article 29 Working Party, on its plenary meeting of 25 November 2014, has adopted the following declaration...
Natasha Lomas, Tech Crunch, Tuesday, December 09, 2014
A spokesman for the ICO told TechCrunch it is interested in the case because it raises issues about the jurisdiction for serving civil claims on foreign companies. He said the specific question of interest here is: when Google is processing personal information in the U.K. at what point is it covered by U.K. law and when might that data processing be considered to be outside U.K. law. The ICO has submitted written evidence to the High Court to provide clarification about what is classed as personal data, under the U.K.’s Data Protection Act, and on when personal data processing is taking place.
Allison Grande, Law 360, Tuesday, December 09, 2014
Google Inc. confirmed last week that it is developing versions of YouTube and other popular sites that will be directed specifically to children under 13, a move that attorneys say will be laden with privacy pitfalls, including increased scrutiny by the Federal Trade Commission and state regulators.
Sam Schechner, WSJ Digits, Monday, December 08, 2014
Speaking Monday at a conference in Paris organized by France’s data-protection agency, Mr. Valls said that France supports a tough new data-protection regulation currently being debated at a European level. The new regulation, which has been under consideration for years, is making progress toward a possible adoption next year. “We cannot let personal data-harvesting and exploitation develop in the absence of all rules,” Mr. Valls said. “Democratic values must prevail in the digital world. The law must apply.”
Mark Scott, New York Times, Monday, December 08, 2014
European Union policy makers are demanding greater controls over how companies like Google and Facebook use personal information. At the same time, others would like to use those same laws to help European companies compete against their American rivals as a way to jump-start a sluggish economy.
John Simpson, Consumer Watchdog, Friday, December 05, 2014
Recent action by the 28 privacy regulators in Europe is focusing new attention on the so-called “right to be forgotten.” The right is the topic this week at U.S. News and World Report’s Debate Club where I make the case that the right simply brings into the Digital Age the protections of privacy by obscurity.
Samuel Gibbs, The Guardian, Friday, November 28, 2014
The pan-European data regulator group Article 29 has issued new opinion on how websites and advertisers can track users and the permissions they require. The new opinion dictates that “device fingerprinting” – a process of silently collecting information about a user – requires the same level of consent as cookies that are used to track users across the internet. “Parties who wish to process device fingerprints which are generated through the gaining of access to, or the storing of, information on the user’s terminal device must first obtain the valid consent of the user (unless an exemption applies),” the Article 29 Working Party wrote.
Jonathan Brandon, Business Cloud News, Thursday, November 20, 2014
The USA Freedom Act, which was proposed in a bid to end mass surveillance and give more transparency and oversight to how digital communications are monitored by the US intelligence community, died on the floor of the US Senate this week, falling just two votes shy of the 60 votes it needed to pass. Some analysts believe the result will stoke further debate around Safe Harbour and other data sharing agreements with the US.
Monday, November 17, 2014
At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies. But wait! Stop the presses! A recent decision by the Connecticut Supreme Court has concluded that people really can sue for HIPAA violations. As I will explain later, this is not a radical conclusion ... though the implications of this conclusion could be quite radical and extend far beyond HIPAA.
Ajay Patel, SmartData Collective, Monday, November 17, 2014
Sovereignty isn’t usually the first word that comes to mind when thinking about data. With all the recent data fiascos, privacy is what’s at the forefront of most consumers’ minds. But data sovereignty relates to data privacy, and businesses need to understand this concept when choosing where they store their digital information. Unfortunately, the laws and regulations protecting digital information can be extremely complex. They are dependent on different governments and jurisdictions, and data stored in certain countries may or may not be subject to subpoena by another country’s government (or even the host country’s government).