As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs
Nearly 2,000 organizations are now listed as self-certified to the EU-U.S. Privacy Shield on the Department of Commerce’s (“Commerce”) Privacy Shield website. Given current developments on both sides of the Atlantic, there are likely to be significant Privacy Shield developments in the coming months.
EU Justice Commissioner Věra Jourová recently concluded her visit to the U.S. to meet with Trump Administration officials and others regarding the status of the Privacy Shield. During her visit, Commissioner Jourová spoke about the importance of the Privacy Shield as a framework with “enormous potential to strengthen the transatlantic economy and reaffirm our shared values.” She also met with Commerce Secretary Wilbur Ross to discuss the Privacy Shield, and announced that the first annual joint review will occur in September, which she indicated would be “an important milestone where we need to check that everything is in place and working well.”…
Continue Reading Privacy Shield Approaches 2,000 Participants; Review Scheduled for September
The International Association of Privacy Professionals hosted its annual Privacy Academy, at which one panel, “Data Brokers Demystified,” specifically focused on regulation of the data-broker industry. The panelists included Janis Kestenbaum from the Federal Trade Commission, Jennifer Glasgow from Acxiom, and Pam Dixon from the World Privacy Forum. Emilio Cividanes from Venable also participated.
Major Conclusions of the FTC Report (Janis Kestenbaum)
- Data brokers operate with a fundamental lack of transparency. They engage in extensive collection of information about nearly every US consumer, profiles of which are composed of billions of data elements.
- Much data collection occurs without consumer awareness and uses a wide variety of online and offline sources, such as social networks, blogs, individual purchases and transactions with retailers, state and federal governments, events requiring registration, and magazine subscriptions.
- The practice of “onboarding”–where offline data is onboarded onto an online cookie and is used to market to consumers online–is increasingly common.
- Some data collected is sensitive, but even non-sensitive data is sometimes used to make “sensitive inferences” about (for example) health status, income, education, ethnicity, religion, and political ideology. Consumers are often segmented into “clusters” based on these inferred characteristics.
- For regulators, some of these clusters are concerning. For example, one cluster is entitled “Urban Scramble” and contains high concentrations of low-income ethnic minorities.
- Congress should create a centralized portal where consumers can go online and access individual data brokers’ websites to opt out and access and correct their information. For consumer-facing entities, like retailers, consumers must be given some kind of choice before data is sold to a data broker, and when that data is sensitive, the choice should be in the form of an opt in.
Continue Reading IAPP Privacy Academy: “Data Brokers Demystified”
Last week, I spoke on a panel at the IAPP Privacy Academy about upcoming changes to FCC regulations governing the “prior express consent” requirement for, among other things, autodialed promotional text message and prerecorded call programs under the Telephone Consumer Protection Act (TCPA). These changes will take effect next week, on October 16, 2013. Some…
We are very pleased to announce that Jetty Tielemans, co-chair of Covington’s Global Privacy and Data Security practice group, has been appointed to the Executive Committee of the International Association of Privacy Professionals (the “IAPP”). Other members of the six-person committee include IAPP president and CEO, Trevor Hughes, and the chief privacy officers of Microsoft…
Next week, IAPP hosts its annual Global Privacy Summit in Washington, D.C. Inside Privacy will be attending the event, which has attracted a number of significant stakeholders in years past and will provide a good opportunity to take the temperature of stakeholders on key privacy and data security issues.
Those who are interested in health privacy may…
The International Association of Privacy Professionals hosts its Global Privacy Summit in Washington, DC on March 9-11. Those who are interested in health privacy may be especially interested in the following session on March 11 from 11:45 am to 12:45 pm:
Notions of Health Privacy as a Function of Technology, Law and Policy