Department of Commerce

Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows.  The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union decision in the Schrems case declaring the Safe Harbor invalid, see our earlier post here).  The EU’s College of Commissioners has also mandated Vice-President Ansip and Commissioner Jourová to prepare the necessary steps to put in place the new arrangement.
Continue Reading Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

The National Telecommunications & Information Administration (“NTIA”) announced today that it will convene a series of meetings about the commercial uses of facial recognition technology.  The goal of the meetings will be to develop a voluntary, enforceable code of conduct specifying how the Obama Administration’s “Consumer Privacy Bill of Rights” applies to facial

Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directs the National Institute of Standards and Technology (“NIST”) to develop a Cybersecurity Framework  of standards, methodologies, and processes for addressing cybersecurity risk.  It also charges the Department of Homeland Security with developing a Critical Infrastructure Cybersecurity Program to promote adoption of the Cybersecurity Framework by critical

In his State of the Union message on Tuesday, President Obama announced that he had signed an Executive Order addressing the cybersecurity of  critical infrastructure.  President Obama emphasized that in the face of threats to corporate secrets, the power grid, and financial institutions, among others, “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

The Executive Order follows legislative efforts in the last Congress to pass comprehensive cybersecurity bills.  After the Cybersecurity Act of 2012 (S. 3414) failed to pass in August 2012, Deputy National Security Adviser John Brennan mentioned in an appearance at the Council on Foreign Relations that the President was considering issuing an Executive Order to implement portions of the cybersecurity legislation.  In the subsequent months, the White House sought industry input on the Order.

The Order has two main components: increasing information sharing from the government to the private sector and establishing a Cybersecurity Framework to buttress the security of critical infrastructure. Continue Reading President Obama Issues Cybersecurity Executive Order

Recently, the National Institute of Standards and Technology (NIST) announced over $9 million in grants to five U.S. entities to develop technologies to “pilot identity solutions that increase confidence in online transactions, prevent identity theft, and provide individuals with more control over how they share their personal information.”  Funded projects will address issues including commerce,

As noted in our coverage of the inaugural Privacy Multistakeholder Meeting, NTIA promised to release meeting notes and the results of informal polls taken during the meeting.  This information is now available on NTIA’s website, and includes notes in document format and images of the flipcharts used during the meeting.

Additionally, NTIA has

Yesterday marked the inaugural Privacy Multistakeholder Meeting at the Department of Commerce, hosted by the National Telecommunication & Information Administration (“NTIA”).  The meeting brought together representatives of technology companies, advertisers, consumer groups, and  other stakeholders for a discussion of mobile application transparency and the process for future discussions and meetings.  While the meeting did not bring consensus on either process or goals, it did engender considerable discussion between a large number of participants, both in-person and through the online meeting tool.

Representatives from NTIA worked with an outside facilitator to solicit stakeholder views on 1) potential key elements of a mobile transparency policy and 2) methods that the group might employ to move the conversation forward in the future. The use of the facilitation process itself generated a considerable amount of debate and substantive discussions were often interrupted by questions about or objections to the process.

By the end of the day, the participants had generated a substantial list of items to consider during future meetings and had informally “voted” to express whether they felt the item needed to be addressed early in the process.  John Verdi, Director of Privacy Initiatives, stated that the list of ideas and the results of the informal poll would be released next week.  Verdi also announced that NTIA would schedule an additional meeting in August, though no specific date was announced.Continue Reading Recapping the NTIA Multistakeholder Meeting

The Department of Commerce’s National Telecommunications and Information Administration (NTIA) sought public comment Wednesday on how to begin the process of developing voluntary codes of conduct governing consumer privacy, as called for in the privacy framework released by the White House last month.

That report argues that companies should follow seven basic principles — a Consumer Privacy Bill of Rights — when collecting, using, or disclosing consumers’ personal data. These principles are: individual control; transparency; respect for context; security; access and accuracy; focused collection; and accountability.

The framework calls on Congress to codify the general principles through legislation while stakeholders develop voluntary codes of conduct to implement the principles in particular sectors. The framework tasks the NTIA with setting up an open process in which all interested stakeholders — including companies, consumer advocates, and government officials — would develop conduct codes by consensus.Continue Reading NTIA Seeks Comment on Beginning Conduct-Code Discussions

The White House released a report today containing its “Consumer Privacy Bill of Rights,” referring to the new privacy framework as a “comprehensive blueprint to protect individual privacy rights and give users more control over how their information is handled.”  The report is entitled “Consumer Data Privacy in a Networked World: A Framework for Protecting