Photo of Kurt Wimmer

Kurt Wimmer is a partner concentrating in privacy, data protection and technology law.  He advises national and multinational companies on privacy, data security and technology issues, particularly in connection with online and mobile media, targeted advertising, and monetization strategies.  Mr. Wimmer is rated in the first tier by Legal 500, designated as a national leader in Chambers USA, and is included in Best Lawyers in America in four categories.  He represents companies and associations on public policy matters before the FTC, FCC, Congress and state attorneys general, as well as in privacy assessments and policies, strategic content ventures, copyright protection and strategy, content liability advice, and international matters.

As noted in our post yesterday, the text of the EU-U.S. Privacy Shield, the upcoming trans-Atlantic data-transfer framework between the EU and U.S. to replace the invalidated U.S.-EU Safe Harbor, has been released by the U.S. Department of Commerce.  Commerce’s release coincided with the release of a draft adequacy decision by the European Commission.

A number of the Privacy Shield principles, notably in enforcement, onward transfer, and regular review, are significantly more stringent than the Safe Harbor.  In light of these new obligations, among others, privacy professionals should carefully consider whether this data-transfer framework is right for their companies.

  1. Tougher and Binding Remedies and Enforcement

In addition to FTC enforcement under Section 5, the Principles encourage individuals to bring their complaints directly to the organization at issue, to which the signatory must respond within 45 days.  If the complaint is not resolved, the consumer may bring his or her complaint before an independent dispute resolution body.  The Principles allow signatories to utilize U.S.- or EU-based dispute resolution bodies, or a panel of EU member state data protection authorities (DPAs).


Continue Reading Privacy Shield: Top Five Reasons It’s Tougher Than the Safe Harbor, Whether You Should Certify, and Next Steps

Needless to say, the document most of us are reading now is the 209-page General Data Protection Regulation, just agreed upon by the institutions of the European Union.  A few parts are quite a page-turner.  (Parental consent for under-16s to access the Internet? Srsly?)  But even with this scintillating read, we find ourselves reaching for something a bit less, well, dense.

This weekend we can do that without ever leaving the EU-US comparative mindset.  Professors Ken Bamberger and Deirdre Mulligan of the Berkeley Center for Law & Technology have just published a groundbreaking work called Privacy on the Ground: Driving Corporate Behavior in the United States and Europe (MIT Press).  The book, which expands on the authors’ groundbreaking 2011 article, is based on empirical research that focuses not on what the law says in the EU and the U.S., but how privacy is actually practiced under five countries’ laws – the U.S., U.K., Germany, France, and Spain.  In findings that will be surprising and counterintuitive to some of our European colleagues, Ken and Deirdre find that the strongest privacy management practices are found in the United States and Germany.  That’s right – stronger practices in the U.S. than in France, Spain and the U.K.  I’m looking forward to the European reviews!  And to digging into the details.
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now

On Friday, November 13, Federal Trade Commission (FTC) Chief Administrative Law Judge Chappell issued an Initial Decision dismissing the FTC’s complaint against LabMD, on the ground that the Commission’s staff had failed to carry its burden of demonstrating a “likely substantial injury” to consumers resulting from LabMD’s allegedly “unfair” data security practices. While Judge Chappell’s decision represents a victory for LabMD as the first company to successfully challenge an FTC Section 5 data security enforcement proceeding, the ruling may prove short-lived, as staff likely will appeal the case to the full Commission, which will review the decision de novo. Nevertheless, the Commission’s eventual handling of this proceeding could articulate a more precise standard for likely substantial injury that could guide future Section 5 “unfairness” jurisprudence.
Continue Reading Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers

As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week. This week, we’re up for some digital magazine reading. It’s refreshing when privacy issues burst into the mainstream consciousness, and we have two great examples of that this week — robotics in Foreign Affairs, and the Internet of Things in Politico.
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now

As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week.  Sure, you’re reading the FTC’s just‑released Internet of Things report (and hopefully Shel’s helpful analysis of it), but a little broader reading might be just right for our (somewhat) snowy weekend.

At the top of my list for this weekend is Neil Richards’ new book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age.  This book follows up on Neil’s great law review article of the same name, but develops and updates the arguments, examples and use cases.  The subject of the work is the conflict between privacy and free expression, one of the most important issues in our area of law and policy.  Topics such as the “right to be forgotten” place this issue squarely into today’s headlines.  Neil suggests that free speech should win out in the event of a true conflict between the two values, but concludes that true conflicts are exceedingly rare.  It is more likely that privacy should be seen as a precondition for the exercise of free speech — without some assurance that privacy rights will be honored, individuals will not speak freely.  It’s a great premise with which I agree, and one that I look forward to thinking more about.  And if you’re in New York on Monday and can stop by the book launch sponsored by Data & Society, you can ask Neil about it!
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now

State legislators have recently passed a number of bills that impose new data security and privacy requirements on companies nationwide. The laws include new data breach notification requirements, marketing restrictions, and data destruction rules. Below is an overview of the new laws and amendments that will go into effect on January 1, 2015.
Continue Reading New State Privacy Laws Go Into Effect on Jan. 1, 2015

As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week.  The past couple of weeks have been a challenging time for the Internet, though, and our thoughts have turned to the darker side of anonymity and privacy.  The scourge of the so-called #GamerGate movement has resulted in stunning threats of violence against women in the gaming community, causing Brianna Wu and Zoe Quinn to leave their homes after a barrage of threats, and media critic Anita Sarkeesian being forced to cancel a public presentation because of a death threat.  Civility online is under siege, and cyberthreats against women seem to be escalating.  Can anything be done?

Fortunately, Maryland law professor Danielle Citron’s new book, Hate Crimes in Cyberspace, has arrived at just the right moment.  Danielle’s work provides a thorough exposition of the problem and clear-minded thinking about potential solutions.  It’s the perfect weekend reading for those, like this writer, who feel a need to find solutions and restore hope in the potential of online discourse.  If you haven’t picked up Danielle’s book yet, there are excellent reviews of it here and here.  It is insightful and thoughtful, and a wonderful contribution to our thinking on these essential issues.
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now

After a particularly long work week, curling up with a law-review article can seem a little daunting for weekend reading.  So for this weekend, I’ve been saving up some really promising magazine articles — short, concise, entertaining, and full of terrific information about privacy.  Here are a few ideas that might make for bite-size reading on a nice autumn afternoon:
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now