Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

Commission Press Release and FTC Fact Sheet outlines the new EU-US “Privacy Shield”

Posted in European Court of Justice, European Union, Privacy Regulation, Privacy Shield, Safe Harbor

Update: The US Commerce Department has released a “fact sheet” on the new Privacy Shield agreement.   The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the “Privacy Shield.”  The new accord still needs to be reviewed by the Article 29 Working… Continue Reading

Running Aground in the Surveillance Safe Harbor – Podcast Available

Posted in EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Privacy Regulation, Safe Harbor

If you would like to learn more about the politics and law behind the current Safe Harbor 2.0 negotiations, download the podcast of Running Aground in the Surveillance Safe Harbor, a teleforum hosted by the Federalist Society.  The podcast features moderator Matthew R.A. Heiman, Vice President, Chief Compliance & Audit Officer, Tyco International; Stewart A. Baker, Partner, Steptoe &… Continue Reading

(So) What if there’s no Safe Harbor 2.0?

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Legislation, Privacy Regulation, Safe Harbor

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US.  But if it doesn’t happen, the US is actually not any worse… Continue Reading

Ringing Off The Hook: TCPA Issues Still At Forefront As Calendar Turns To 2016

Posted in Class Action Litigation, Federal Communications Commission, Privacy Regulation, US Supreme Court

We may only be three weeks into 2016, but the Telephone Consumer Protection Act (“TCPA”) has already received a considerable amount of attention this year. Yesterday, the U.S. Supreme Court determined in Campbell-Ewald Co. v. Gomez, that a defendant could not cut off a TCPA class action lawsuit by making an offer of settlement to the… Continue Reading

Cybersecurity Tops SEC Office of Compliance Inspections 2016 Examination Priorities

Posted in Cybersecurity, Data Breach, Privacy Regulation, Securities & Exchange Commission

The 2016 lists are starting to be released by regulatory agencies in the United States, giving a heads’ up to covered entities as to what compliance issues will take front and center this year.  Once again, the Office of Compliance Inspection (OCIE) of the US Securities & Exchange Commission (SEC) has put cybersecurity on the top… Continue Reading

Happy New Year – Cybersecurity Information Sharing Act

Posted in Cybersecurity, Legislation, Privacy Regulation, Security, Uncategorized

  Just at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas.  The legislation combines elements from the versions of CISA that passed the House in April of 2015 and the… Continue Reading

The General Data Protection Regulation in Bullet Points

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union, Privacy Regulation, Safe Harbor, Security, Social Media

Updated at 8:50 pm GMT on 16 December 2015. The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15.  One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to… Continue Reading

Industry Groups to DC Court: Hang Up on FCC Expanded TCPA Rules

Posted in Federal Communications Commission, Privacy Regulation

Written by Paul Abbott Industry groups representing a diverse range of companies in the retail, technology, financial, and utility industries filed eight amicus briefs last week in the D.C. Circuit supporting challenges to the Federal Communications Commission’s (“FCC”) recently adopted order that expanded the agency’s rules under the Telephone Consumer Protection Act (“TCPA”). The amicus… Continue Reading

EU Round-UP: Safe Harbor 2.0 and Upcoming National Challenges

Posted in EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Safe Harbor

EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a new Safe Harbor program. Jourova noted that the collection and use of European personal data for US national security purposes… Continue Reading

Safe Harbor Invalidated – What’s Next on the Chopping Block?

Posted in Data Compliance & Security, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Safe Harbor, Social Media

  As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid.  The full decision is now available online  in English here (other languages also available at curia.europa.eu by searching on C-362/14). There are two key elements of the ECJ’s decision.  The first is that national data protection… Continue Reading

EU Top Court Invalidates Safe Harbor and Sends Facebook Case Back to Irish Data Protection Authority

Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Privacy Regulation, Safe Harbor, Social Media

UPDATE: Here’s a link to the English-language version of the ECJ’s full decision: Schrems Safe Harbor Decision A press release issued by the Court of Justice of the EU (ECJ) regarding its decision in the Schrems Safe Harbor case (C-362/14) confirms that the ECJ has declared Safe Harbor invalid.  The ECJ has sent the case back… Continue Reading

Back to School – and the SEC Cybersecurity Exams (Register now for our September Privacy Webinar!)

Posted in Cybersecurity, Data Compliance & Security, Events and Webinars, Privacy Regulation

It’s back to school time – time to put away the flip flops and beach chairs and settle back into the routine.   To help motivate you, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has announced a new round of cybersecurity examinations!   This comes on the heels of the… Continue Reading

Thinking Big about Data – the new EDPS Ethics Board

Posted in EDPS, EU Data Protection Regulation, European Union, Privacy Regulation

  Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), recently announced the formation of a new external Ethics Board that will do a deep dive into the complex ethical issues that surround the use of  personal data in the “big data” economy.  (See press release and full opinion links here.)  The EDPS is particularly concerned… Continue Reading

FCC Ruling Addresses Robocalls by Health Care Providers

Posted in Privacy Regulation, Uncategorized

Written by Jordan Cohen As we discussed in last week’s Privacy Monday, the Federal Communications Commission (FCC) recently released its Declaratory Ruling and Order clarifying and expanding the reach of the Telephone Consumer Protection Act (TCPA).  While the ruling is broad in its subject matter, part of the ruling specifically addresses so-called “robocalls” made by health care providers…. Continue Reading

Recognizable Faces Disappear from Facial Recognition Meetings

Posted in Data Compliance & Security, Privacy Regulation

    Facing “industry stakeholders [that] were unable to agree on any concrete scenario” in which affirmative consent should be obtained from individuals before employing facial recognition technologies, nine consumer advocacy organizations made an about-face and withdrew from the multistakeholder process coordinated by the National Telecommunications and Information Administration (“NTIA”). These organizations, which include the… Continue Reading

New Hampshire Establishes Privacy Protections for Student Online Personal Information

Posted in Children, Data Compliance & Security, Privacy Regulation, Security

California again has provided a model of privacy legislation for other states to follow.  New Hampshire Governor Maggie Hassan recently signed into law House Bill 520 (the “Bill”), a bipartisan effort to establish guidelines for the protection of student online personal information. Who is covered by the Bill? Modeled after California’s Student Online Personal Information… Continue Reading

NAIC Adopts Cybersecurity Regulatory Principles – What’s Important to the Regulators

Posted in Cybersecurity, Privacy Regulation, Security

File this under: A View Into What the Regulators Deem Important.  The National Association of Insurance Commissioners (NAIC), the standard-setting organization in the U.S. insurance industry created and governed by the chief insurance regulators from the 50 states, the District of Columbia, and five U.S. territories, recently published its “Principles for Effective Cybersecurity: Insurance Regulatory… Continue Reading

Privacy Monday – April 27, 2015

Posted in Cybersecurity, Events and Webinars, Privacy Monday, Privacy Regulation

Some privacy & security bits and bytes to start your week: FCC to Hold Public Workshop on Broadband Consumer Privacy Tomorrow Over the last several months, the Federal Communications Commission has taken on a significantly expanded role on consumer privacy protection issues. Between the FCC’s expanded notion of the type of personal information subject to… Continue Reading

FCC Chairman Tom Wheeler Speaks about Cybersecurity at RSA Conference

Posted in Cybersecurity, Legislation, Privacy Regulation, Security

As cyber week continues in Washington, Federal Communications Commission Chairman Tom Wheeler traveled to the west coast to speak about cybersecurity at the RSA Conference in San Francisco.  Wheeler noted that the FCC has several charges to protect against cyber-attacks and similar threats, including the agency’s responsibility to protect the safety of communications networks generally,… Continue Reading

It’s Cyber Week in Washington, DC — and RSA Conference Week in San Francisco

Posted in Cybersecurity, Legislation, Privacy Regulation

Security is on the agenda from coast to coast this week. Cybersecurity information sharing legislation will hit the House floor this week.  H.R. 1731, the National Cybersecurity Protection Advancement Act was reported out of the House Committee on Homeland Security on April 17, and H.R. 1560, the Protecting Cyber Networks Act was moved by the… Continue Reading

WEBINAR: Compliance with EU Data Protection Laws for US Companies

Posted in EU Data Protection Regulation, Events and Webinars, Privacy Regulation

Register now for the fourth installment in our monthly 2015 Privacy Wednesday webinar series, coming up next Wednesday, April 29th at 1:00 pm ET.   Susan Foster, a CIPP/E in Mintz’s London office, will consider issues faced by US companies who do business in Europe or simply interact with European customers.  We will look at how to… Continue Reading

UPDATE: FTC Plans Review of YouTube Kids App

Posted in Children, Federal Trade Commission, Privacy Regulation

As we predicted in our post late last month, Google’s YouTube Kids app has attracted more than just the “curious little minds” Google was hoping for.  Yesterday, a group of privacy and children’s rights advocates (including the Center for Digital Democracy and the American Academy of Child and Adolescent Psychiatry) asked the Federal Trade Commission… Continue Reading

The FCC and the Uncertain Future of Privacy Oversight for Internet Service Providers

Posted in Federal Trade Commission, Privacy Regulation

The Federal Communications Commission’s (“FCC”) net neutrality proceeding culminated this month with the release of an Order reclassifying broadband Internet access service as a common carrier Telecommunications Service subject to regulation under Title II of the Communications Act. Previously, the FCC classified broadband service as a lightly regulated Title I Information Service, while Title II… Continue Reading