Personal Information

The European Data Protection Supervisor (EDPS), Peter Hustinx, recently published a response to a European Commission consultation on reform of the “notice-and-action” (“N&A”) procedure rules — i.e., the legal regime that requires Internet intermediaries to remove hosted content when they are notified that such content is illegal.  As set out in more detail below, the EDPS response draws attention to the impact of N&A procedures on data protection and privacy rights, and voices support for a variety of measures, including harmonising the definition of “illegal content”, clarifying the definition of “hosting” and the extent to which hosting providers should take proactive steps to remove illegal content.

The EDPS’s views will be added to those of other stakeholders including rightholders, many of whom have called for a transparent and user-friendly procedure that includes an accessible appeals process and sanctions against abusive notices.  Rightholders also see value in intermediaries providing APIs that enable rightholders to remove infringing content directly, as some online platforms already do today.Continue Reading European Data Protection Supervisor Calls For Clearer and More Privacy-Friendly Rules On Internet Intermediary Liability

Yesterday, the Federal Trade Commission (“FTC”) approved an agreement with MySpace to settle charges that the company misrepresented the extent to which it shared personal information with third-party advertisers.  MySpace’s privacy policy suggested that it would not share personally identifiable information (“PII”) with third parties without the user’s permission, but

Continue Reading FTC Approves MySpace Settlement

Last week, the Office of the Privacy Commissioner in Canada (OPC) issued important guidance under Canada’s national privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).  The guidance highlights various scenarios in which PIPEDA applies based on judicial opinions and previous OPC interpretations.  In general, PIPEDA applies to

Continue Reading Canadian Privacy Commissioner Issues Guidance under PIPEDA

Yesterday, the FTC announced that MySpace has agreed to settle charges that it engaged in deceptive practices by disclosing personal information to third parties despite statements in its privacy policy suggesting it would not engage in such sharing.  The proposed settlement with MySpace reflects the FTC’s continuing concern with the

Continue Reading MySpace Settles FTC Charges

Last week, Judge Ware of the Northern District of California denied a motion to amend his November 2011 dismissal, with prejudice, in In re Facebook Privacy Litigation, a case in which plaintiffs had argued that Facebook improperly transmitted users’ personal information, including User ID numbers or usernames, to third party advertisers.

In his most recent Order, Judge Ware reaffirmed his prior holding that plaintiffs had not stated a claim under the Stored Communications Act (“SCA”) based on an exception to the statute that allows a service provider to divulge the contents of a communication to, or with the lawful consent of, “an addressee or intended recipient” of the communication.Continue Reading Court Won’t Undo Dismissal of in re Facebook Privacy Litigation

As China’s central regulators finalize several national laws with data privacy components, provincial and municipal authorities are filling in the current legislative gap by passing local regulations governing the collection of personal information.

Currently at the national level, sector-specific laws target various aspects of personal information collection but no single comprehensive law exists to govern data privacy. Although efforts from the central government are expected to pick up in 2012, as we previously reported, pertinent national legislation remains in draft form. As these laws creep through China’s legislative process, the Chinese public is growing increasingly concerned about the security of their personal information following several high-profile scandals involving online disclosure.

In the absence of national legislation, China’s local governments have stepped in to fill the void.  The municipal government of Shenzhen, a city of ten million across the border from Hong Kong, commissioned the Shenzhen Lawyers Association in late 2010 to research and draft the “Shenzhen City Regulation on Personal Information Protection.” While exact details of the regulation have yet to be released to the public, the Shenzhen Municipal People’s Congress Standing Committee is currently deliberating the first research draft report with approval expected to follow in early 2012.Continue Reading China’s Local Data Privacy Regulations Foreshadow National Efforts in 2012

By David Fagan and Libbie Canter

Yesterday, the House Subcommittee on Commerce, Manufacturing, and Trade voted to report the Secure and Fortify Electronic Data Act (H.R. 2577) — the SAFE Data Act — to the full House Energy & Commerce Committee, moving the legislation one step closer to passage. The legislation creates a national breach notification standard that would preempt the 46 state laws (plus District of Columbia and Puerto Rico laws) that presently require entities to notify consumers of breaches of their personal information.

The legislation was introduced formally on July 19 by Rep. Mary Bono Mack (R-CA) and was approved by the Subcommittee by a voice vote that appeared to track party lines. Rep. Bono Mack had circulated a discussion draft of the SAFE Data Act last month that we discussed here.

Prior to voting the bill out of the Subcommittee, members considered several amendments to the legislation, focusing in particular on issues relating to the rulemaking authority of the Federal Trade Commission and the scope of the definition of personal information. The Subcommittee took the following actions on proposed amendments:

  • It approved an amendment offered by Rep. Bobby Rush (D-IL) that is intended to clarify that the Act’s information security obligations apply to paper records in addition to electronic records. 
  • It approved an amendment offered by Reps. Marsha Blackburn (R-TN) and Pete Olson (R-TX) that appears designed to make it more difficult for the Federal Trade Commission to expand the definition of personal information. Prior to the amendment, the bill expressly authorized the FTC to modify the definition of personal information through an Administrative Procedures Act rulemaking process.

Continue Reading House Subcommittee Approves Bono Mack Breach Notification Legislation