It’s shaping up to be a big data weekend, for those of us who try to find some interesting weekend reading away from the crush of the day-to-day schedule. If you’re thinking about Monday’s FTC workshop on the impact of big-data analytics on vulnerable communities, a bit of weekend reading about the intersection between technology
Kurt Wimmer is a partner concentrating in privacy, data protection and technology law. He advises national and multinational companies on privacy, data security and technology issues, particularly in connection with online and mobile media, targeted advertising, and monetization strategies. Mr. Wimmer is rated in the first tier by Legal 500, designated as a national leader in Chambers USA, and is included in Best Lawyers in America in four categories. He represents companies and associations on public policy matters before the FTC, FCC, Congress and state attorneys general, as well as in privacy assessments and policies, strategic content ventures, copyright protection and strategy, content liability advice, and international matters.
In the day-to-day rush of work, it can be tough to find time during the week for interesting reading that invigorates our thinking about privacy. If you’re like us and enjoy lining up a little bit of provocative reading for the weekend, you might think about taking a look here:
- Star Berkeley privacy professor Chris
On 10 June 2013, the UK Information Commissioner’s Office authorized GlaxoSmithKline’s ‘Binding Corporate Rules‘ (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. Covington & Burling’s data privacy and security team, led by London partner Dan Cooper and senior associate Mark Young and including Brussels…
By Chris Higby & Kurt Wimmer
Yesterday, the Federal Trade Commission held a forum on Mobile Security: Potential Threats and Solutions. The forum brought together academics, industry leaders, and security experts to discuss the security problems arising from the rapid adoption of mobile devices.
The first panel, consisting of security experts and researchers, gave a brief overview of mobile malware. They agreed that mobile malware infection rates are generally very low and that most malware accesses private information by using social engineering, rather than by exploiting technical flaws. Looking forward, Dan Guido, CEO of Trail of Bits, viewed the replacement of legitimate applications in app stores with malware versions as the most serious threat.
The second panel, consisting of security representatives from the major mobile operating systems (Microsoft’s Windows Phone, Google’s Android, Mozilla’s Firefox OS, Research In Motion’s BlackBerry, and Apple’s iOS), addressed how mobile platforms are designed with security in mind. Adrian Ludwig of Google advocated the use of install-time permissions, such as those found in Android, as a way to increase transparency to the user. However, both Adrian Stone of Blackberry and Geir Olsen of Microsoft expressed skepticism as to the effectiveness of permissions for the average user. Ludwig also criticized Apple’s approach of restricting users to “curated” app stores as a restriction on user choice.
Yesterday marked the inaugural Privacy Multistakeholder Meeting at the Department of Commerce, hosted by the National Telecommunication & Information Administration (“NTIA”). The meeting brought together representatives of technology companies, advertisers, consumer groups, and other stakeholders for a discussion of mobile application transparency and the process for future discussions and meetings. While the meeting did not bring consensus on either process or goals, it did engender considerable discussion between a large number of participants, both in-person and through the online meeting tool.
Representatives from NTIA worked with an outside facilitator to solicit stakeholder views on 1) potential key elements of a mobile transparency policy and 2) methods that the group might employ to move the conversation forward in the future. The use of the facilitation process itself generated a considerable amount of debate and substantive discussions were often interrupted by questions about or objections to the process.
By the end of the day, the participants had generated a substantial list of items to consider during future meetings and had informally “voted” to express whether they felt the item needed to be addressed early in the process. John Verdi, Director of Privacy Initiatives, stated that the list of ideas and the results of the informal poll would be released next week. Verdi also announced that NTIA would schedule an additional meeting in August, though no specific date was announced.
Law360, the highly respected legal news source covering developments and trends in some two dozen legal practice areas, has named the Covington team as privacy group of the year, one of only five groups so honored among more than 500 surveyed practices. We’re thrilled to be recognized, and thank our clients for bringing us the…
As the Electronic Communications Privacy Act (ECPA) turns 25 years old this week, calls are increasing for an update to bring this aging law into the age of cloud computing. Senators Ron Wyden (D-Ore.) and Mark Kirk (R-Ill.) this week joined with the Digital Due Process Coalition to call for significant revisions of the law…
By Lindsey Tonsager
This morning the FTC released its long anticipated proposed revisions to its rule implementing the Children’s Online Privacy Protection Act (“COPPA”). COPPA governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that a user is under 13. Below is a summary of the highlights. Comments on the proposed revisions are due by November 28, 2011.
The recent decision of the Swiss Federal Tribunal (EDÖB v Google, Trib. Admin. Fed.) against Google Street View has raised new and important questions for many industries, not least for other enterprises that use photography of individuals in countries subject to data protection laws based on the EU model.
In the Google case, the Swiss Court reaffirmed the EU Working Party 29 position that images of people constituted “personal data” because they made individuals distinct and identifiable, and that consequently data protection laws applied. Given the provisions of these laws, the court chided Google for improperly collecting Street View data originally and then subsequently failing to fully anonymize this data before publication. Although the court acknowledged that Google had blurred “up to 95% of faces and license plates” photographed, this remained insufficient. Even when blurred, photos of individuals near “sensitive places” (such as women’s shelters) remained a serious concern for the court.
European views on privacy have, in the past, run headlong into journalistic efforts. Those watching the development of European privacy law under Article 8 of the European Convention will recall the result in a case brought by Princess Caroline of Monaco, who won a landmark ruling in 2004 preventing the German press from publishing photographs of her and her children while in public places — photographs that would be entirely permissible under the laws of the United States and many other countries. But the Swiss case does not appear to add new burdens for journalists.