Last weekend at South by Southwest (“SXSW”) Interactive, a panel promoted the notion that it is in fact possible to harmonize innovation with kids’ privacy in the app space, but that doing so involves “a lot of work.”  In particular, the panel suggested that it takes a conscious desire on the part of app developers to create brands and interfaces that build in transparency, with the specific purpose of inspiring parent trust.  The panel featured Lorraine Akemann, Co-Founder of Moms with Apps; Elana Zeide, Privacy Research Fellow at New York University’s Information Law Institute; and moderator Sara Kloek, Director of Outreach at the Association for Competitive Technology.  It was one of the few privacy events at SXSW Interactive focused on children.Continue Reading Covington at #SXSW: Can Innovation and Kids’ Privacy Coexist?

It has been an eventful week in the European Parliament in relation to data privacy and security matters.  Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive.  In line with previous committee reports, the Parliament vote ensures that the Proposed Network and Information Security Directive focuses on protecting critical infrastructure in the energy, transport, financial services and health sectors. 

The EU legislative bodies will now enter into negotiations to agree a final text.  Commissioner Kroes called earlier this week for this work to be completed this year, but this timeframe seems ambitious.Continue Reading European Parliament Votes to Ensure that the Proposed Network and Information Security Directive Focuses on Protecting Critical Infrastructure

By Lindsay Burke and Brian Fitzpatrick

On March 10, 2014, the EEOC and the FTC issued joint guidance on how the anti-discrimination laws and the Fair Credit Reporting Act (“FCRA”) apply to background checks performed by employers for employment application purposes. This guidance is published in two documents, one directed at employers and the other directed at employees and applicants, and aims to provide high-level practical assistance and answers to commonly asked questions that arise during the application process.  The pamphlet directed to employers builds off of the EEOC’s April 25, 2012 guidance regarding employer use of criminal history information, which we summarized here, and addresses the request for, appropriate use of, and disposal of such information.

Employers are reminded of their obligation to treat all applicants and employees equally and to refrain from performing background checks in a selective manner, where that decision is or could be perceived to be based on protected characteristics, including medical history (which implicates genetic information). When using background information to make employment decisions, employers must apply the same standards to all individuals and be cautious of basing employment decisions on background problems that may be more common among people of certain protected categories. If a certain type of background check disproportionately impacts members of a protected group, it must be job-related and consistent with business necessity. The guidance does not explain, however, how employers are to discern whether these warnings apply, nor does it mandate that employers conduct any research to investigate these possibilities. Continue Reading EEOC and FTC Issue Joint Guidance on Background Checks Performed by Employers

On March 12, 2014, the European Parliament voted 544 to 78, with 60 abstentions, to endorse a report prepared by MEP Claude Moraes (S&P, UK) (the Report), and to pass a resolution summarising Mr. Moraes’ findings (the Resolution).  The Report and Resolution conclude a six-month investigation by the influential Committee
Continue Reading European Parliament Adopts Report Threatening Disruption to U.S.-EU Data Flows and Upcoming Trade Agreements; However, Legal Impact is Muted

Today, the European Parliament (EP) voted in favor of the two reports of rapporteurs Jan-Philipp Albrecht and Dimitrios Droutsas concerning the proposed General Data Protection Regulation and the proposed Directive for the law enforcement sector. The support for the report on the proposed Regulation (see here), which the LIBE Committee of the EP had adopted in October last year (see InsidePrivacy, What Companies Should Know About the LIBE Committee’s Amendments to the EU’s Proposed Data Protection Regulation, October 24, 2013), was particularly strong (621 votes in favor out of 653 votes), whereas a considerable minority (276 votes out of 677 with 371 votes in favor) voted against the report on the proposed Directive (see here).

The votes followed a debate on the reform package that took place in the plenary yesterday.  The debate was characterized by strong support for the proposed Regulation.  A few Members of the EP (MEPs) raised concerns in particular in relation to the rules applicable to small and medium-sized companies (SMEs) and the potential impact on freedom of press and health research. However, although several MEPs recognized that the proposed Regulation would not be perfect, the majority considered it to be a step into the right direction and several stressed that it would establish parity of European with non-European companies.Continue Reading European Parliament Votes in Favor of Proposed General Data Protection Regulation

South by Southwest (“SXSW”) Interactive kicked off last week, and Covington was there to cover privacy and big data’s big buzz, a topic which dominated much of the conference.  Among the events that took place last Friday were “Big Data Inverted: The Best Candy from Strangers?” and “Privacy Under the Covers: The Naked Truth.”  The big-data panel included Chris Colborn, R/GA Global Chief Experience Officer; Dinkar Jain, Google Product Manager; and Maria Bezaitis, Principal Engineer at Intel.  The privacy event was a “Core Conversation” that featured MeMe Jacobs Rasmussen, Adobe’s Chief Privacy Officer, VP, and Associate General Counsel; and Shaina Boone, SVP of Marketing Science at Critical Mass.

Big Data Inverted started with the premise that, as big data transforms relationships and information sharing, “people are beginning to unintentionally ‘barricade’ themselves from new experiences.”  While much of the discussion focused on how businesses can structure their models to leverage big data so that it is useful and relevant, better connected, and more available, privacy and consumer trust necessarily came up throughout the discussion.  In particular, many focused on the two sides of the big data coin:  potential and privacy.  Businesses stand to benefit if they can tame and harness big data, but not if they ignore privacy concerns inherent in amassing huge quantities of sensitive information.  Many are suggesting, however, that businesses can profit from privacy too  that is, because privacy has become so important to consumers, it can be used competitively.Continue Reading Covington at #SXSW: If “Big Data Is the New Oil” Then “Privacy Is the New Green”

As part of the White House’s ongoing review of “big data” and its implications for privacy, the economy, and public policy, the Office of Science and Technology Policy (“OSTP”) has announced that it is requesting comments from the public on several key issues.

OSTP’s Request for Information asks commenters to consider the following questions:

  1. What are the public policy implications of the collection, storage, analysis, and use of big data?  For example, do the current U.S. policy framework and privacy proposals for protecting consumer privacy and government use of data adequately address issues raised by big data analytics?
  2. What types of uses of big data could measurably improve outcomes or productivity with further government action, funding, or research?  What types of uses of big data raise the most public policy concerns?  Are there specific sectors or types of uses that should receive more government and/or public attention?
  3. What technological trends or key technologies will affect the collection, storage, analysis and use of big data?  Are there particularly promising technologies or new practices for safeguarding privacy while enabling effective uses of big data?
  4. How should the policy frameworks or regulations for handling big data differ between the government and the private sector?  Please be specific as to the type of entity and type of use (e.g., law enforcement, government services, commercial, academic research, etc.).
  5. What issues are raised by the use of big data across jurisdictions, such as the adequacy of current international laws, regulations, or norms?

The deadline for responses is March 31.  The full Request for Information, including details on submitting responses, is available here.

Continue Reading White House Seeks Public Comment on Implications of Big Data

Meena Harris, a member of Covington’s Global Privacy and Data Security Practice Group, spoke today with LXBN TV about various data-breach bills currently pending in the Senate.  You can view the interview here.
Continue Reading Video: A Conversation with Covington about Pending Data-Breach Legislation

On Monday, the International Association of Privacy Professionals (IAPP) hosted a discussion that featured state and federal privacy regulators.  The panel included Maneesha Mithal, Associate Director for the Division of Privacy and Identity Theft at the Federal Trade Commission; Marty Jackley, Attorney General of South Dakota; and Bill Sorrell, Attorney General of Vermont.  The panel was intended to discuss privacy generally, however, the conversation quickly focused on the latest hot topic:  data breach. 

It was acknowledged at the outset of the conversation that the important role state attorneys general play in regulating privacy, both individually and in tandem, is often overlooked.  Ms. Mithal suggested that, for example, while the EU is familiar with the FTC’s enforcement authority and the existence of some federal law, the “story often not told” is that there are “cops on the beat,” and specifically, that the United States has robust state enforcement of privacy protections.Continue Reading A Conversation with State and Federal Privacy Regulators Turns to State Data Breach Enforcement

Kurt Wimmer, co-chair of Covington’s Global Privacy and Data Security Practice Group, sat down yesterday with NPR’s Robert Siegel to talk about the privacy implications of photography in the age of wearable technology.  You can listen to the interview here.Continue Reading Privacy Issues with Wearable Tech: All Things Considered