privacy by default

As we previously reported, Covington was selected from thousands of applicants to host a Privacy by Design bootcamp and workshop during last week’s South by Southwest (“SXSW”) Interactive festival, which featured five days of compelling presentations and panels from industry leaders in emerging technology.  SXSW designs workshops in particular to provide in-depth, hands-on education taught by innovative leaders.  To close out our coverage of SXSW, below is a workshop recap for those who couldn’t make it to Austin this year.

OVERVIEW

With the premise that businesses are eager to build privacy considerations into all phases of their activities in this new era of “big data,” our Privacy By Design Bootcamp provided a step-by-step guide to develop and integrate Privacy by Design (“PbD”) into any organization.  The workshop was well-attended, with audience members representing a diversity of sectors, including tech, financial, health, data, security, and academia, allowing for informative discussion spanning several industries.  The workshop started with the history of PbD and then presented examples of real-world PbD, including basic elements of an effective program.  We also walked through specific steps to initiate a successful PbD program, including implementing policies and procedures and examining the data lifecycle.  The outline below addresses some key topics from our Privacy by Design workshop.  If you’re interested in learning more, please contact PbD Bootcamp leaders Libbie Canter and Meena Harris.
Continue Reading Recap of Covington’s Privacy By Design Workshop

The Article 29 Data Protection Working Party (“Working Party”), the independent European advisory body on data protection and privacy, comprised of representatives of the data protection authorities of each of the EU member states, the European Data Protection Supervisor (the “EDPS”) and the European Commission, has identified a number of significant data protection challenges related to the Internet of Things. Its recent Opinion 08/2014 on the Recent Developments on the Internet of Things (the “Opinion”), adopted on September 16, 2014 provides guidance on how the EU legal framework should be applied in this context. The Opinion complements earlier guidance on apps on smart devices (see InsidePrivacy, EU Data Protection Working Party Sets Out App Privacy Recommendations, March 15, 2013).
Continue Reading Internet of Things Poses a Number of Significant Data Protection Challenges, Say EU Watchdogs

With the ongoing public dialogue concerning the intersection of technological innovation, national security, and privacy that followed Edward Snowden’s revelations of classified information last year, it is no surprise that privacy and security were top themes at SXSW Interactive this year.  The following summarizes key points made about privacy throughout the Interactive conference, which ended

As we reported last week, MEP Jan Philipp Albrecht, the rapporteur for the lead European Parliament Committee (LIBE) for the proposed EU Data Protection Regulation, has released a controversial report on the Commission’s proposal

There have been several news articles and commentaries in recent days about numerous aspects of the report — including the threat to the U.S.-EU Safe Harbor, the dilution of the “one-stop shop” concept regarding regulators, the re-emphasis on consent and limiting the “legitimate interests” ground for processing data, further restrictions on profiling, etc. — but one troubling aspect of the report has generally not received the attention that it arguably deserves amidst this hubbub: namely, that the report proposes to expand general compliance obligations and “privacy-by-design”/“privacy-by-default” requirements, in particular, to software and hardware manufacturers — regardless of whether they process personal data.Continue Reading EU Data Privacy Rules to Extend to All Software and Hardware Manufacturers — Regardless of Whether They Process Personal Data?