LATEST NEWS

Metadata Debate Ongoing in Australia, Canada, U.S.
While the Canadian Supreme Court has ruled IP address information may have privacy interests for individuals, in the U.S., courts continue to grapple with issues around tracking, and the Supreme Court decision on GPS tracking from two years ago has left behind questions. Australia currently allows warrantless collection of telecommunications metadata, but Commonwealth Ombudsman Colin Neave, responsible for inspecting certain police records, in a parliamentary hearing offered up his office to look into the practice, reports ITNews.

AG Introduces Bill To Update Gov’t Privacy in Victoria, AU
Victorian Attorney-General Robert Clark has introduced the Victorian Privacy Data and Protection Bill 2014, which would replace the state’s privacy and law enforcement data security acts, reports ITNews. If passed, the bill would create a commissioner for privacy and data protection to be appointed by the government, which would replace the current Victorian privacy commissioner and Victorian commissioner for law enforcement data security. The new commissioner would “promote the state’s privacy principles, guide agencies, investigate privacy complaints and audit agency compliance with statewide data protection standards,” the report states.

EFF Wins Drone Records Request, Now Seeks Attorney’s Fees
The Electronic Frontier Foundation (EFF) has gained access to 700 pages of documents related to Customs and Border Patrol (CBP) use of drones. Courthouse News Service reports, the documents reveal the “department had arranged more than 500 flights for dozens of law-enforcement organizations and that more than a fifth of these flights helped Immigration and Customs Enforcement,” EFF stated. Because the EFF won access to these never-before-seen and frequently reported-on documents, it is asking for upwards of $83,000 in attorney fees, stating that it furthered “public understanding of CBP's Predator drone program and Predator drone surveillance capabilities and has alerted the public to how CBP has been allocating tax dollars on drone flights.”

Cybersecurity Would Get Big Money in Senate Appropriations Bill
The 2015 Senate appropriations bill has underscored cybersecurity as a focus for the Commerce Department, Justice Department and science agencies, reports FCW. The FBI maintains a 24-hour cyber-incident response taskforce and an agent training program; the Justice Department is set to add nine lawyers to prosecute cybercrime cases, and the National Science Foundation would receive $159 million to hand out in cybersecurity research grants. The bill also includes $45 million in scholarships to train cybersecurity professionals who agree to work in the federal government, and the Commerce Department stands to get $15 million to create a NIST National Cybersecurity Center of Excellence. The Senate also approved $16.5 million to fund a NIST identity management research project. Meanwhile, the Direct Marketing Association is voicing its disappointment with the reduction of money allocated to the census in the House appropriations bill, while noting the Senate bill left the amount untouched.

Court Decision Helps Define Medical Information in California
The California Court of Appeal has ruled that a healthcare provider did not breach the state’s Confidentiality of Medical Information Act when it revealed patients’ personally identifying information, reports Workplace Privacy Data Management & Security Report. The decision added clarity to the definition of medical information under the act, as the provider lost a computer containing names, medical record numbers, ages, dates of birth and last four digits of patients’ Social Security numbers but nothing related to “medical history, mental or physical condition or treatment.”

Florida Bill Would Require Guidelines for License-Plate Scanner Data
A bill in front of Florida’s governor includes a provision to create guidelines on the retention of license-plate scanner data. “Specifically, the bill calls for a statewide policy to set the length of time that the records of innocent people could be kept,” Landline Magazine reports.

Indiana Privacy Laws Go Into Effect July 1
House Bills 1009 and 1384 will go into effect on July 1, meaning police will have new restrictions on collecting information. The Statehouse File reports that under HB 1384, police must get a search warrant to use drones or place a tracking device or camera in an individual’s car or on their property, and under HB 1009, police must have probable cause or consent to search a phone. Rep. Mike Speedy (R-Indianapolis) said, “As technology advances … there is a shift of power into law enforcement or into government away from our own privacy and our own ability to own and control our private information,” adding these bill help to modernize the laws. (Registration may be required to access this story.)

ICMI

Going for Brokers: Potential Pitfalls in Proposed Data Broker Legislation
The Federal Trade Commission (FTC), in its recent report, recommended Congress consider legislation to improve transparency in the data brokers industry, a push made by Sens. John Rockefeller (D-WV) and Ed Markey (D-MA) when introducing their Data Broker Accountability and Transparency Act of 2014 (DATA Act). The Hogan Lovells privacy team writes for Privacy Tracker about the proposal, noting, “Through its rulemaking authority under the DATA Act, the FTC could clarify the scope of the law. However, the current version of the legislation offers little guidance to the commission about how to interpret the ambiguous provisions.”
Full Story

NSA Court Win Couched in a Plea for Reform?
The U.S. District Court of Idaho has granted a motion to dismiss a case claiming Fourth Amendment violations related to the National Security Agency’s (NSA’s) mass surveillance of telephone data. In the decision, Judge B. Lynn Winmill outlines his reasons for siding with the NSA but also indicates a reluctance to do so. Emily Leach, CIPP/US, sums up the decision for Privacy Tracker, noting Winmill recommends the U.S. Supreme Court look to Judge Richard Leon’s decision against the NSA as a template for its opinion. He also questions the veracity of the NSA’s claims that it doesn’t collect location data. Leach writes, “After five pages of explanation as to why he’s dismissing the case, Winmill acknowledges there’s ‘a subject lurking in the shadows here: The possibility that the NSA is tracking the location of calls using the trunk identifier data discussed above.’”
Full Story

U.S.

Odds Are Against Hacking Legislation Passing
The Hill reports that while retailers have reported multiple major hacks in recent months, legislators have not moved forward on anti-hacking legislation. “Despite an initial flurry of activity on Capitol Hill,” the report states, “none of the multiple bills … have moved out of committee,” suggesting, “the odds are increasing that Congress will fail to pass a bill this year.” Senate Commerce Committee Chairman Jay Rockefeller (D-WV) explained that having numerous committees—including Senate Judiciary, Senate Banking, Homeland Security and Judiciary—with jurisdiction complicates matters, the report states. Alison Hawkins of the Financial Services Roundtable said, “We are just hoping to get this done before there is another attack.”
Full Story

Court Rules Warrant Required for Phone Location Data
The 11^th Circuit Court of Appeals has ruled police need a warrant prior to accessing user location data from service providers, Associated Press reports, noting it is the first ruling of its kind in the U.S. The judges wrote, "While committing a crime is certainly not within a legitimate expectation of privacy, if the cell site location data could place him near those scenes, it could place him near any other scene … There is a reasonable privacy interest in being near the home of a lover, or a dispensary of medication, or a place of worship or a house of ill repute." ACLU Attorney Nathan Freed Wessler said, “The court soundly repudiates the government’s argument that merely by using a cellphone, people somehow surrender their privacy rights.”
Full Story

Microsoft Fights U.S. Order To Disclose E-mail Stored Overseas
In a continuing legal battle, Microsoft is challenging a U.S. federal court order to turn over a customer’s information stored in a data center in Ireland—possibly the first time a corporation has challenged such a warrant, The New York Times reports. Additionally, Verizon filed an amicus brief on Tuesday that parallels Microsoft’s arguments, and, according to the report, more companies are expected to join. In a court filing made public on Monday, Microsoft contends that if the order were upheld, it “would violate international law and treaties and reduce the privacy protection of everyone on the planet.” Peter Swire, CIPP/US, said, “This is a policy decision as well as a legal one.” (Registration may be required to access this story.)
Full Story

Poll: 80 Percent In Favor of ECPA Reform
According to a recent poll of residents in five U.S. states, more than 80 percent are in favor of changing the Electronic Communications Privacy Act (ECPA) of 1986. The poll indicated 64 percent think the issue of digital privacy is “increasingly important” following the NSA revelations, and 72 percent said they would be more willing to vote for a candidate who supports reforming the ECPA, Tech Crunch reports. The poll was conducted by Digital 4^th and surveyed residents of Georgia, New Hampshire and Colorado, among others.
Full Story

Sens. Pledge To Examine Facebook's Tracking Plans
Facebook’s announcement that it will begin targeting advertisements to users based on the sites they visit and apps they use has lawmakers promising they’ll be watching closely, The Hill reports. “Facebook’s announcement today to track users as young as 13 outside its website in order to gather information for targeted advertising raises a major privacy red flag,” Sen. Ed Markey (D-MA) said Thursday. Sen. Jay Rockefeller (D-WV) said there’s a “need to closely review” the plans. Meanwhile, author Julia Angwin writes for ProPublica on why online tracking is “getting creepier.”
Full Story

CANADA

Therrien Testifies on Bill C-13
Testifying before the House of Commons Justice Committee on Tuesday, Privacy Commissioner Daniel Therrien urged the government to split Bill C-13 “to allow for thorough examination of several measures that would expand online monitoring,” Ottawa Citizen reports. Bill C-13 would make it illegal to share “intimate images” without consent and would “remove barriers to getting such pictures scrubbed from the Internet—changes Therrien supports,” the report states. However, the report states, Therrien’s office has warned that provisions giving authorities tools to track telecommunications “would dangerously lower the proposed threshold” for access to personal information. Meanwhile, MP Charlie Angus has written to Treasury Board President Tony Clement “to convene an independent expert panel to make recommendations on securing Canadians’ privacy in the digital era.”
Full Story

Experts Examine Facebook Class-Action
Mondaq reports on the BC Supreme Court’s recent certification of a class-action suit against Facebook over its “Sponsored Stories.” Reed Smith’s Mark S. Melodia and Frederick Lah write, “In the Canadian case, one of the main issues was whether Facebook users have the protection of BC's Privacy Act, or instead, whether Facebook's online Terms of Use overrode these protections.” The court pointed to a section of BC’s Privacy Act that states actions under the Privacy Act “must be heard and determined by the Supreme Court,” the report states, and defined the class as “all BC residents who are or have been Facebook members at any time between January 2011 and May 2014 and whose name or picture was used as part of the Sponsored Stories.”
Full Story

Supreme Court Rules In Favor of Online Anonymity
Canada's Supreme Court ruled unanimously today that ISPs may not provide police with customers’ names, addresses and phone numbers without a search warrant, The Globe and Mail reports. The case involved Matthew David Spencer, who was charged with possessing child pornography “and making it available to others” in a file-sharing network after a detective “found his publicly available child pornography” and “asked Shaw Communications for the IP address,” the report states. The government argued, “There is no objective reason to think that an Internet service provider must keep such basic information as an address and a name private, let alone shield it from a child pornography investigator.” Writing for the court, Justice Thomas Cromwell said, “Anonymity is an important safeguard for privacy interests online.”
Full Story

EU

Ministers Agree EU Privacy Law Applies to Non-EU Business
PC World reports EU justice ministers reached a partial agreement on the proposed overhaul of EU data protection law. The ministers agreed to rules governing international data transfers and the territorial scope of the proposed regulation, the report states. EU Justice Commissioner Viviane Reding said, “It’s in the interest of companies to have legal certainty rather than having to spend money on costly lawsuits only to arrive at the same result at the end.” The main sticking point is the so-called “one-stop-shop” mechanism. A European Data Protection Supervisor representative said, “Everyone agrees that a one-stop-shop is necessary, but there are about 20 different ideas of what that should mean in practice.” The lack of full agreement means a final round of negotiations cannot resume until October.
Full Story

ASIA PACIFIC

Study Suggests Australian Law Reform Will Mirror UK, Germany
ZDNet reports on a study by EU-based firm Fieldfisher “suggesting that the legal regime around data protection in Australia would soon mirror those in the UK and Germany,” which it states “are quite severe with respect to companies and other organisations holding private data, and such changes would impact the way Australian businesses handle their data.” The report quotes Fieldfisher’s Phil Lee, CIPP/E, CIPM, as saying, “We are witnessing a unique legal phenomenon; there is a global convergence of data security law and regulation around the issue of encryption so that it does not matter where in the world your organisation operates—regulators everywhere increasingly expect encryption of sensitive data, computers, databases and applications.”
Full Story

Vincent Examines New Zealand Breach Reporting Law Questions
In a blog post for IT News, Mark Vincent considers the government’s “intention to introduce a mandatory data breach reporting law as part of a raft of proposed changes to its privacy legislation.” If the Privacy Act reforms pass, businesses in New Zealand will have to report all data beaches and will face audits and fines, he notes. “There are some very important questions that they'll want answered in the exposure draft legislation,” Vincent writes, including what the definition of a breach is and what the threshold of risk of harm should be before the privacy commissioner and those affected by a breach are notified.
Full Story

Hong Kong Data Privacy Laws Not Enough To Stop Stalking
After 14 years of debate on an anti-stalking law, South China Morning Post reports that the Constitutional and Mainland Affairs Bureau wrote to lawmakers this week indicating, “The administration is of the view that there are no favourable conditions for us to pursue the matter further.” Privacy Commissioner Allan Chiang Yam-wang said data privacy laws are not enough to protect stalking victims, the report states. “It is disappointing,” he said, adding stalking “is a problem in society that will only get more serious as technology advances … legislation is the best way to solve this.” He added, "It's like putting out a fire … Should we try to solve the problem now or wait for it to get so serious in the future that we reach a point of no return?"
Full Story