IAPP-GDPR Web Banners-300x250-FINAL

While industry leaders at the World Economic Forum in Davos, Switzerland, called for new rules surrounding data protection, the U.S. Supreme Court announced it will hear two cases involving warrantless searches by law enforcement of suspects’ cellphones. And, the U.S. Federal Trade Commission announced settlements with 12 companies over false claims of alignment with Safe Harbor rules. In this Privacy Tracker roundup, learn about these as well as bills being considered by U.S. state legislatures, how Obama’s NSA plans may affect EU law and more. 


Judge: Plaintiffs Sufficiently Allege Legal Duty in Sony Case
While U.S. District Judge Anthony Battaglia shot down parts of the class-action suit against Sony over its 2011 hacking incident, he did allow certain claims through, including one related to Sony’s legal duty to provide reasonable security, reports databreaches.net. Battaglia wrote that “because plaintiffs allege that they provided their personal information to Sony as part of a commercial transaction, and that Sony failed to employ reasonable security measures to protect their personal information, including the utilization of industry-standard encryption, the court finds plaintiffs have sufficiently alleged a legal duty and a corresponding breach.”

Sens. Introduce Anti-Fraud Legislation
Sens. Tom Carper (D-DE) and Roy Blunt (R-MO) have reintroduced legislation that would require certain entities to “better safeguard sensitive information, investigate security breaches, and notify consumers when there is a substantial risk of identity theft or account fraud,” now called the Data Security Act of 2014, Government Security News reports. The requirements would supersede current state breach laws and apply to “businesses that take credit or debit card information; data brokers that compile private information, and government agencies holding nonpublic personal information.”

NJ Governor “Pocket Vetoes” Drone Privacy Bill
Among the 44 bills Gov. Chris Christie (R-NJ) allowed to expire was a drone privacy bill that would’ve required police to get a warrant before using drones for surveillance, reports Philly.com. The bill passed the New Jersey Assembly with a vote of 74-1.

Wisconsin Assembly Passes Social Media Bill; Senate Passes Mental Health Bill
Senate Bill 223, making it illegal for employers, universities and landlords to require social media login information from workers, students, tenants or applicants, has passed the Wisconsin Assembly, reports WEAU. If the bill passes into law, violators could see fines of up to $1,000. One employment law expert says that if misconduct on social media is suspected, employers can ask for access to the site but not for login credentials. The bill now heads to the Senate for approval.

The Wisconsin Senate, meanwhile, has passed the Mental Health Care Coordination Bill, updating Wisconsin law to be more consistent with HIPAA, reports the National Law Review. Currently, state law requires a level of confidentiality for behavioral health treatment beyond that required in HIPAA. The current requirements have been criticized for hampering appropriate treatment by restricting the sharing of patient data with other treatment providers.


How Obama's NSA Plans May Affect EU Law
President Barack Obama’s plans for surveillance reform, as revealed in his speech last week, “have had a lukewarm reception by European politicians,” writes Field Fisher Waterhouse Partner Eduardo Ustaran, CIPP/E. “Such reforms are a work in progress that will extend over months and years, but Obama’s stance is bound to have a very direct effect on existing and forthcoming EU data protection requirements,” he adds. In this installment of Privacy Perspectives, Ustaran lays out his predictions “about the practical impact of the proposed plans in Europe.”
Full Story 

At World Economic Forum, Industry Leaders Call for New Privacy Rules
In a blog post, Microsoft General Counsel Brad Smith has called for “an international legal framework—an international convention—to create surveillance and data access rules across borders” and has said the current legal structures are out-of-date, prompting “some governments, as we’ve learned over the past year … to take unilateral actions outside the system,” CNET News reports. Smith is expected to take part in a World Economic Forum (WEF) panel discussion about the public perceptions of surveillance, data security and privacy in light of the NSA disclosures. BT Group Chief Executive Gavin Patterson, also speaking at the WEF, said customers cannot be guaranteed 100-percent privacy online and called for updates to “murky” data collection laws, The Guardian reports. Meanwhile, DW reports on Human Rights Watch's call this week for "a clear regulatory framework to keep intelligence services in check."
Full Story


FTC Settles Safe Harbor Charges Against 12 Companies
The Federal Trade Commission (FTC) has settled with 12 U.S. companies over charges the companies falsely claimed they were abiding by Safe Harbor rules. The companies involved spanned various industries, including mobile apps, DNA testing and professional sports. The complaints filed by the FTC state the companies allowed their EU-U.S. Safe Harbor certifications to lapse, despite claims in their privacy policies or Safe Harbor certification marks indicating otherwise. Three of the companies were also charged with falsely claiming to abide by the U.S.-Swiss Safe Harbor framework. The settlements, which follow criticism from the European Commission that the Safe Harbor framework has not been effectively enforced, are now open for public comment. FTC Chairwoman Edith Ramirez said Safe Harbor enforcement is a priority and the cases “send a signal to companies” that they can’t falsely claim certification. In a blog post on the FTC’s site, Lesley Fair, senior attorney with the Federal Trade Commission's Bureau of Consumer Protection, says this is fair warning that, “If you feature the Safe Harbor mark on your site or refer to your participation, remember that you must ‘re-up’ every year.”
Full Story

SCOTUS To Hear Cellphone Privacy Cases
Politico reports that the Supreme Court has agreed to hear two cases involving warrantless searches by law enforcement of suspects’ cellphones. The two cases—Wurie v. U.S. and Riley v. California—were granted cert by the court last Friday. In Riley, police searched a suspect’s text messages, photos and videos, finding evidence of gang-related activity and images implicating him in a separate crime. In Wurie, law enforcement went through the call logs of the suspect. The Electronic Frontier Foundation’s Hanni Fakhoury said, “These cases give the court the chance to determine to what extent the Fourth Amendment applies to newer technologies and whether the breadth and scope of information stored on a smartphone matters under the Constitution. We think it does and hope the Court agrees with us.” Editor’s Note: Privacy Perspectives recently opined on an Associated Press report on the wariness expressed by Supreme Court justices about ruling on technology-related cases.
Full Story

Is a Constitutional Amendment the Answer to Restricting Data Collection?
Last Sunday, privacy scholar and National Constitution Center President and Chief Executive Jeffrey Rosen opined that a constitutional amendment may be needed to “prohibit unreasonable searches and seizures of our persons and electronic effects, whether by the government or by private corporations like Google and AT&T.” But Adam Thierer, a senior research fellow at George Mason University’s Mercatus Center, disagrees. In this Privacy Perspectives post, Thierer explains why there “are several problems with Rosen’s proposal—legal, economic and practical” and writes “that better alternatives exist to deal with the privacy concerns he identifies.”
Full Story


Making a Privacy Law for the 21st Century
With the EU’s proposed General Data Protection Regulation (GDPR) hanging in the balance, some think it a good time to go back to the drawing board. “Better, I think, to start again and design a good law than to adopt legislation for the sake of it—no matter how ill-suited it is to modern-day data processing standards,” writes Field Fisher Waterhouse Partner Phil Lee, CIPM, CIPP/E. In this post for Privacy Perspectives, Lee reflects on what a “21st-century data protection law ought to achieve, keeping in mind the ultimate aims of protecting citizens’ rights, promoting technological innovation and fostering economic growth.”
Full Story

Regulation Won't Be Adopted Before May Elections
With several member states aiming to water it down, the revised data protection law will not be adopted before European Parliament elections in May, EUObserver reports. On Wednesday, EU Justice Commissioner Viviane Reding and the lead negotiators on the package agreed to set the deadline for before the end of the year. German Green MEP Jan Philipp Albrecht said the timetable established seeks a mandate for negotiations in June, adding, “If it will be possible to stick to this timetable, this would be good news and important.” The member states aiming to soften the regulation—UK, Denmark, Hungary and Slovenia—would prefer to see it turned into a directive instead.
Full Story

Reding Calls for Billion-Dollar Fines
European Commission Vice President Viviane Reding is calling for larger fines against companies that breach the EU’s privacy laws, BBC News reports. Reding “dismissed recent fines for Google as ‘pocket money’ and said the firm would have had to pay $1 billion under her plans for privacy failings,” the report states, noting she believes increased punishments are needed to encourage firms to take personal data use more seriously. Out-Law.com, meanwhile, reports the EU’s Court of Justice “is set to rule in a case involving Google and the judgment could offer some clarity about which local data protection rules will apply to multinational Internet service providers that process personal data abroad but have a business presence in a local jurisdiction.”
Full Story


Australian Breach of Privacy Case Dismissed
A police officer’s privacy complaint against the Queensland Police Service (QPS) has been dismissed, Brisbane Times reports. The officer “launched legal action against the Queensland Police Service claiming his privacy had been breached when details of a raid on his home appeared in the media,” the report states. The Queensland Civil and Administrative Tribunal dismissed the complaint after finding the officer “had not substantiated his claims against the QPS,” the report states.
Full Story

Data Privacy Complaints at Record High in Hong Kong
South China Morning Post reports complaints and enquiries to the Office of the Privacy Commissioner for Personal Data (PCPD) peaked in 2013, “driven partly by new restrictions on companies’ use of their customers’ personal data for direct marketing.” The PCPD reported Thursday that more than 75 percent of the “complaints targeted private organisations, while more than half of the enquiries asked about the marketing restrictions,” the Office of the Privacy Commissioner for Personal Data said on Thursday. The number of complaints received in 2013 was up 48 percent over 2012, the report states. (Editor’s Note: The IAPP Asia Privacy Forum comes to Hong Kong on 31 March.)
Full Story

Written By

Emily Leach, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»