Inside Privacy

Subscribe to all posts by Inside Privacy

NIST Begins Developing a Voluntary Online Privacy Framework

The Department of Commerce’s National Institute of Standards and Technology (“NIST”) announced in early September intention to create a Privacy Framework.  This Privacy Framework would provide voluntary guidelines that assist organizations in managing privacy risks.  The NIST announcement recognized that the Privacy Framework is timely because disruptive technologies, such as artificial intelligence and the internet … Continue Reading

IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security

By Grace Kim and Siobhan Kahmann Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on October 14, 2018. This was developed by … Continue Reading

Senate Discusses a Federal Privacy Law with Privacy Experts: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act

On October 10, the Senate Committee on Commerce, Science, and Transportation held second hearing on data privacy that invited advocates and experts to discuss a federal privacy law. The panelists included Andrea Jelinek, director of the European Data Protection Board; Alastair Mactaggart, chair of Californians for Consumer Privacy; Laura Moy, executive director of the Georgetown … Continue Reading

UK “No-Deal Brexit” Technical Notice Sets Out Plans on EU – UK Data Flows

By Grace Kim and Ezra Steinhardt On September 13, 2018, the UK government published a series of technical notices on how to prepare for a scenario in which the UK leaves the EU without agreement on March 29, 2019 (“no-deal Brexit”).  The government stressed that a no-deal Brexit “remains unlikely given the mutual interests of … Continue Reading

French Supervisory Authority Issues 2 GDPR Warnings

By Kristof Van Quathem and Anna Sophia Oberschelp de Meneses  Exactly one month after the GDPR started applying, the French Supervisory Authority (“CNIL”) issued a formal warning to two companies in relation to their processing of localization data for targeted advertising (see here).  The CNIL found that the consent on which both companies relied did … Continue Reading

FCC Seeking Comment on Key TCPA Reform Issues in Wake of DC Circuit Ruling

By Melanie Ramey Yesterday, the Federal Communications Commission (“FCC”) released a Public Notice seeking comment on a range of issues relevant to its interpretation of the Telephone Consumer Protection Act (“TCPA”), including how the FCC should interpret what constitutes an “automatic telephone dialing system” in the wake of a recent decision by the U.S. Court … Continue Reading

Virginia Supreme Court Holds that Police License Plate Readers Collect Personal Information

The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data. Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour.  Officers check these numbers … Continue Reading

Mobile Phone Manufacturer Settles with FTC Over Allegations that Its Vendor Collected Personal Data without Consent

By Melanie Ramey Mobile phone manufacturer BLU Products, Inc. entered into a settlement agreement with the FTC last week to resolve allegations that one of BLU’s China-based vendors collected personal information about its consumers without proper consent. The settlement agreement, which took the form of a consent order, applies not only to BLU but also … Continue Reading

Senate Democrats Propose CONSENT Act

By Alyson Sandler On April 10, Senators Richard Blumenthal (D-CT) and Ed Markey (D-MA) introduced new privacy legislation titled the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act.  In a statement published on his website, Senator Markey referred to the legislation as a “privacy bill of rights” and explained that “[t]he avalanche of … Continue Reading

Covington’s Jetty Tielemans Receives IAPP’s Highest Honor

Henriette Tielemans, co-chair of Covington’s global Data Privacy and Cybersecurity practice, has today received the IAPP Privacy Vanguard Award, the industry’s top honor, for her lifelong services to the data privacy community. The International Association of Privacy Professionals (IAPP) is the world’s largest and most comprehensive global information privacy community. Each year, the IAPP names … Continue Reading

D.C. Circuit Rejects Portions of FCC Decision Interpreting Key TCPA Terms

The U.S. Court of Appeals for the D.C. Circuit on Friday issued a long-awaited ruling in a lawsuit challenging the Federal Communications Commission’s interpretations of key terms under the Telephone Consumer Protection Act of 1991 (“TCPA”), holding that the FCC in 2015 had adopted an unreasonably broad definition of the type of calling equipment subject … Continue Reading

Overlap Between the GDPR and PSD2

By Bruce Bennett, Carlo Kostka, Charlotte Hill, Craig Pollack, Dan Cooper, Gemma Nash, Kristof Van Quathem, Mark Young, and Sophie Bertin The EU Payment Services Directive (PSD2), which took effect on January 13, 2018, puts an obligation on banks to give Third Party Providers (TPPs) access to a customer’s payment account data, provided the customer expressly … Continue Reading

SEC Adopts New Guidance on Public Company Cybersecurity Disclosures and Insider Trading

Earlier today, our colleagues David Engvall, Keir Gumbs, Reid Hooper, and Matthew Wood in the Securities and Capital Markets practice group posted the below article on the SEC’s new statement and interpretive guidance on public company cybersecurity disclosures and insider trading on the Cov Financial Services blog.  The original article can be read here. On … Continue Reading

California Bill Would Mandate Expedient Software Updates for Credit Bureaus

Following the Equifax data breach in 2017, there has been heightened awareness surrounding how credit reporting agencies handle consumers’ personal information. At the same time, recent high-profile attacks, such as the “WannaCry” ransomware attacks, have focused media and regulatory attention on vulnerabilities associated with unpatched systems. In response to these two concerns, on January 10, … Continue Reading

House Passes Cyber Vulnerability Disclosure Reporting Act

On January 9, the House of Representatives passed the Cyber Vulnerability Disclosure Reporting Act by voice vote.  The Act directs the Secretary of the U.S. Department of Homeland Security (“DHS”) to prepare a report describing the policies and procedures that DHS developed to coordinate the cyber vulnerability disclosures.  Under the Homeland Security Act of 2002 … Continue Reading

Digital Health Checkup: Key Questions to Consider in the Digital Health Sector

Covington’s global cross-practice Digital Health team has posted an illuminating three-part series on the Covington Digital Health blog that covers key questions entities should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. In the first part of the series, the Digital Health team answers key regulatory questions … Continue Reading

NIST Releases Updated Draft of Cybersecurity Framework

On December 5, 2017, the National Institute of Standards and Technology (“NIST”) announced the publication of a second draft of a proposed update to the Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework”), Version 1.1, Draft 2. NIST has also published an updated draft Roadmap to the Cybersecurity Framework, which “details public and private sector … Continue Reading

The Supreme Court Arguments in Carpenter Show that It May Be Time to Redefine the “Third-Party Doctrine”

On Wednesday, the Supreme Court heard oral arguments in Carpenter v.  U. S., a case that involved the collection of 127 days of Petitioner Thomas Carpenter’s cell site location information as part of an investigation into several armed robberies.  We attended the argument to gain any insights into how the Supreme Court may resolve this … Continue Reading

Information Technology Industry Council Releases Artificial Intelligence Principles Calling for Industry Responsibility, Flexible and Supportive Government Policies, and Cross-Sector Collaboration

On October 24, the Information Technology Industry Council (ITI) released a set of policy principles to guide the technology industry and governments in their approach to artificial intelligence (AI). The organization—which includes Amazon, Apple, Facebook, Google, Intel, and Microsoft—intends for its guidelines to help AI meet its potential to solve important problems while minimizing any … Continue Reading

Deputy Attorney General Rod Rosenstein Warns Against Warrant-Proof Encryption

In a speech delivered at the United States Naval Academy on October 10, Deputy Attorney General Rod Rosenstein waded into the public debate between data privacy and law enforcement interests.  As part of a discussion moderated by former Covington cybersecurity attorney Jeff Kosseff, Rosenstein’s remarks discussed cyber issues facing law enforcement with a particular focus … Continue Reading

Validity of EU Standard Contractual Clauses Referred to CJEU

By Joseph Jones and Ruth Scoles Mitchell On October 3, 2017, the Irish High Court referred Data Protection Commissioner v Facebook Ireland Limited [2016 No. 4809 P.] to the Court of Justice of the European Union (“CJEU”).  The case, commonly referred to as Schrems II, is based on a complaint by Max Schrems concerning the transfer … Continue Reading

Kicking Off Cybersecurity Awareness Month

As Covington kicks off Cybersecurity Awareness Month with a series of weekly articles, preventative tips, and Q&As developed by our cybersecurity practice professionals, it’s worth recollecting how much our cybersecurity landscape has changed over the last twenty-plus years, and how the law has responded to these evolving challenges. Although the late 1990s saw the first … Continue Reading
LexBlog