A European Parliament policy department has released a report, entitled Big Data and Smart Devices and Their Impact on Privacy, that criticizes the lack of focus on privacy and data protection in the European Commission’s “Digital Single Market” policy agenda, noting a “conflicting” intersection between the Commission’s Digital Single Market objectives and the EU’s efforts, now in their hopefully final stages, to reform the EU’s general legislation around the protection of personal information.
Continue Reading EU Parliament Policy Report Takes Dim View of EU Commission’s “Pro-Market” Policies on Big Data and Smart Devices

As part of its ongoing outreach efforts to educate businesses about the importance of data security practices, the FTC has released a list of “10 practical lessons” drawn from its previous data security enforcement actions.  The list, entitled “Start with Security: A Guide for Business,” acknowledged that the FTC’s 50-plus data security enforcement actions are only binding on the individual companies subject to each action, but states that “learning about alleged lapses that led to law enforcement can help your company improve its practices.”  In addition to ten “lessons,” the list included several subcategories of advice for each lesson drawn from prior FTC enforcement actions.  As with all FTC “best practice” guides, this document does not state binding rules of law, but is a view into the FTC’s thinking on data security enforcement.

Here’s a brief overview of the matters included in the FTC’s list.
Continue Reading FTC Releases “Start with Security” Guide to “Practical Lessons” From Data Security Enforcement Actions

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced a possible crackdown on mHealth app non-compliance with European data protection legislation.  This post briefly summarizes these developments.
Continue Reading May 2015 EU mHealth Round-Up

As we previously reported, Covington was selected from thousands of applicants to host a Privacy by Design bootcamp and workshop during last week’s South by Southwest (“SXSW”) Interactive festival, which featured five days of compelling presentations and panels from industry leaders in emerging technology.  SXSW designs workshops in particular to provide in-depth, hands-on education taught by innovative leaders.  To close out our coverage of SXSW, below is a workshop recap for those who couldn’t make it to Austin this year.

OVERVIEW

With the premise that businesses are eager to build privacy considerations into all phases of their activities in this new era of “big data,” our Privacy By Design Bootcamp provided a step-by-step guide to develop and integrate Privacy by Design (“PbD”) into any organization.  The workshop was well-attended, with audience members representing a diversity of sectors, including tech, financial, health, data, security, and academia, allowing for informative discussion spanning several industries.  The workshop started with the history of PbD and then presented examples of real-world PbD, including basic elements of an effective program.  We also walked through specific steps to initiate a successful PbD program, including implementing policies and procedures and examining the data lifecycle.  The outline below addresses some key topics from our Privacy by Design workshop.  If you’re interested in learning more, please contact PbD Bootcamp leaders Libbie Canter and Meena Harris.
Continue Reading Recap of Covington’s Privacy By Design Workshop

By Caleb Skeath

As we reported yesterday, the Congressional Privacy Bill has been released, following the release of the White House’s proposal for a privacy bill in late February.  The bill contains the Commercial Privacy Rights Act of 2015, the Congressional counterpart to the White House’s proposal, along with data breach notification provisions and the “Do Not Track Kids Act of 2015,” which proposes substantial revisions to the Children’s Online Privacy Protection Act (COPPA).  As with the White House proposal, the Privacy Rights Act would implement a comprehensive regime of substantive privacy requirements.  Our analysis of the Commercial Privacy Rights Act is below, and we will separately post further analysis of the data breach provisions as well as the Do Not Track Kids Act.
Continue Reading Congressional Privacy Bill: Commercial Privacy Rights Act of 2015

The Article 29 Data Protection Working Party (“Working Party”), the independent European advisory body on data protection and privacy, comprised of representatives of the data protection authorities of each of the EU member states, the European Data Protection Supervisor (the “EDPS”) and the European Commission, has identified a number of significant data protection challenges related to the Internet of Things. Its recent Opinion 08/2014 on the Recent Developments on the Internet of Things (the “Opinion”), adopted on September 16, 2014 provides guidance on how the EU legal framework should be applied in this context. The Opinion complements earlier guidance on apps on smart devices (see InsidePrivacy, EU Data Protection Working Party Sets Out App Privacy Recommendations, March 15, 2013).
Continue Reading Internet of Things Poses a Number of Significant Data Protection Challenges, Say EU Watchdogs

Data is everywhere. The amount of data on the global level is growing by 50 percent annually. 90 [percent] of the world’s data has been generated within the past two years alone,” explains the International Working Group on Data Protection in Telecommunications in their Opinion of May 6, 2014, titled, “Working Paper on Big Data and Privacy: Privacy principles under pressure in the age of Big Data analytics“. The Working Group, founded in 1983, has adopted numerous recommendations and since the beginning of the 90s focused on the protection on privacy on the Internet. Its members include representatives from data protection authorities and other bodies of national public administrations, international organizations and scientists from all over the world.


Continue Reading Big Data Analysis is Possible Without Infringing Key Privacy Principles, Says International Working Group

With the ongoing public dialogue concerning the intersection of technological innovation, national security, and privacy that followed Edward Snowden’s revelations of classified information last year, it is no surprise that privacy and security were top themes at SXSW Interactive this year.  The following summarizes key points made about privacy throughout the Interactive conference, which ended