Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

German Supervisory Authority (re-)issues guidance on data processing in the employment context

The Supervisory Authority of Baden-Württemberg (“SA”), Germany, has published a new version of its guidance document on data protection issues in the employment context on March 12, 2019 (available here in German). The guidance document specifically addresses issues such as the use of e-mail and IT systems by employees, urine drug tests, personal data collected … Continue Reading

Dutch Supervisory Authority Prohibits “Cookie Walls” under GDPR

On March 7, 2019, the Dutch Supervisory Authority for data protection issued guidance prohibiting the use of “cookie walls” on websites.  Cookie walls require website users to consent to the placing of tracking cookies or similar technologies before allowing them access to the website.  According to the regulator, it received many complaints about this practice. … Continue Reading

Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing

At a February 27, 2019 hearing on “Privacy Principles for a Federal Data Privacy Framework in the United States,” Republican and Democratic members of the Senate Commerce, Science, & Transportation Committee offered different perspectives on whether new federal privacy legislation should preempt state privacy laws.… Continue Reading

House Subcommittee Holds Initial Hearing On Potential New Privacy Bill

On February 26, 2019, a key House subcommittee held a hearing to explore the possible contours of new federal privacy legislation.  At the hearing, Rep. Jan Schakowsky (D-IL)—who chairs the Energy & Commerce Committee’s Subcommittee on Consumer Protection and Commerce—said the hearing on “Protecting Consumer Privacy in the Era of Big Data” was only the … Continue Reading

GAO Report Calls for Federal Privacy Law

This month, the Government Accountability Office (“GAO”) released a report recommending that Congress consider enacting a federal internet privacy law in the United States.  The 56-page independent report was requested by the House Energy and Commerce Committee, which has scheduled a hearing on data privacy on February 26, during which it plans to discuss the GAO’s … Continue Reading

All-Time Record Year for HIPAA Enforcement

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that 2018 was an all-time record year for Health Insurance Portability and Accountability Act (“HIPAA”) enforcement activity.   Enforcement actions in 2018 resulted in the assessment of  $28.7 million in civil money penalties.  Enforcement activity focused primarily on breaches of electronic protected … Continue Reading

Covington to Host Webinar on Connected and Automated Vehicles

One week from today, Covington will host its first webinar in a series on connected and automated vehicles (“CAVs”). The webinar will take place on February 27 from 12 to 1 p.m. Eastern Time. During the webinar, Covington’s regulatory and legislative experts will cover developments in U.S. law and regulations relating to CAVs. Those topics … Continue Reading

The Court of Justice of the European Union reiterates broad application of the EU Data Protection Law’s journalism exception to online platforms

On January 14, 2019, the Court of Justice of the European Union (“CJEU”) decided that video recordings of police officers in the exercise of their duties and the uploading of such videos on YouTube may constitute “journalistic activities” in the meaning of the journalism exception of the EU Data Protection Directive (“Directive”) (available here). The … Continue Reading

EDPB releases information note in the event of a “No-deal Brexit”

On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory authority” for … Continue Reading

FTC Decides Not to Modify CAN-SPAM Rule

On February 12, the Federal Trade Commission (“FTC”) announced that, after a review of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”) Rule as part of its periodic review of its regulations, it has determined that the Rule does not need to be modified at this time.… Continue Reading

President Trump Signs Executive Order on Artificial Intelligence

Today, President Trump signed an Executive Order (“EO”), “Maintaining American Leadership in Artificial Intelligence,” that launches a coordinated federal government strategy for Artificial Intelligence (the “AI Initiative”).  Among other things, the AI Initiative aims to solidify American leadership in AI by empowering federal agencies to drive breakthroughs in AI research and development (“R&D”) (including by … Continue Reading

Illinois Supreme Court Decides Actual Harm Not Required to Bring Claim Under BIPA

On January 25, 2019, the Illinois Supreme Court published its widely anticipated decision in Rosenbach v. Six Flags Entertainment Corporation et al., addressing the question of what it means to be an “aggrieved” person under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”). Under BIPA, aggrieved persons are entitled to seek … Continue Reading

Federal Magistrate Judge in California Holds that the Fifth Amendment Prohibits Law Enforcement from Forcing People to Unlock Phones with Fingerprints

Last week, a California magistrate judge denied federal prosecutors’ application for a search warrant on the grounds that law enforcement cannot force people to unlock their phones using biometric features, such as fingerprints and facial recognition.… Continue Reading

EU Advocate General: right to be forgotten is limited to EU

On January 10, 2019, Advocate General Szpunar of the Court of Justice of the European Union (CJEU) released his opinion regarding a 2016 enforcement action carried out by the French Supervisory Authority (CNIL) against Google.  In that case, the CNIL ordered Google to de-reference links to webpages containing personal data.  According to the CNIL, the … Continue Reading

Federal Court Dismisses Illinois BIPA Suit for Lack of Standing

On December 29, 2018, the Northern District of Illinois dismissed a case brought against Google under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) on standing grounds. Plaintiffs, Lindabeth Rivera and Joseph Weiss, alleged that Google violated BIPA by failing to obtain informed consent from users prior to collecting, storing, and … Continue Reading

California To Hold Public Forums on CCPA Implementation

Starting next week, the California Department of Justice will hold six public forums on how the state should implement its landmark privacy law, the California Consumer Privacy Act (“CCPA”).  Although California enacted the CCPA in June 2018, the state is still in the process of implementing the new legislation, and the public forums “will provide … Continue Reading

Austrian Data Protection Authority Validates Paid Subscription Model as a Viable Alternative to Ad Tracking

On 30 November 2018, the Austrian Data Protection Authority (“DPA”) decided that the website of an online media publisher – which offers users the option to either consent to advertising cookies or pay for a subscription – gives users a free choice that is compatible with the requirements of consent under the GDPR. (The decision … Continue Reading

Democratic Senators Introduce Privacy Bill Seeking to Impose “Fiduciary” Duties on Online Providers

On December 12, 2018, Senator Brian Schatz (D-HI) led a group of fifteen Democratic senators in introducing the “Data Care Act of 2018,” which would impose duties of care, loyalty, and confidentiality on online service providers with respect to processing and securing user data.  The bill would also provide the FTC with rulemaking authority and … Continue Reading

FTC Solicits Public Comment on Identity Theft Detection Rules

On December 4, 2018, the Federal Trade Commission (“FTC”) announced that it is accepting public comments regarding its Identity Theft Detection Rules, 16 C.F.R. Part 681 (the “Rules”), as part of a systematic review of the Commission’s regulations and guidelines. The review of the Rules is particularly noteworthy because identity theft is among the top … Continue Reading

German Courts Decide Whether an Infringement of the GDPR also Qualifies as Unfair-Competitive Behavior

Under the Data Protection Directive (now superseded by the General Data Protection Regulation, “GDPR”), it was disputed whether a violation of the German Data Protection Law transposing the Directive could serve as a basis for anti-competition claims under the German Act Against Unfair Competition (“Gesetz gegen den unlauteren Wettbewerb”, “UWG”).  Since the entry into force … Continue Reading

European Data Protection Board Issues Draft Guidelines on Extra-Territorial Application of the GDPR

On November 23, 2018, the European Data Protection Board (“EDPB”) issued draft Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (“Guidelines”). As per standard procedure, the EDPB has published this first version of the Guidelines to allow for public consultation about its contents over the next several months. At the conclusion of … Continue Reading
LexBlog