Privacy professionals begin to look back at year one of the GDPR

(Mar 26, 2019) Privacy professionals will probably never be able to forget the lead up to the EU General Data Protection Regulation, no matter how hard they try. Plenty of studies showed companies were not ready for the May 25, 2018, implementation date, which led to speculation about what would happen when the European rules finally arrived. One of those studies was conducted by McDermott Will & Emery and the Ponemon Institute. In their survey, released in April 2018, 40 percent of respondents said they ... Read More

Global regulators seek answers for stronger collaboration

(Mar 26, 2019) At a March 25 hearing at the U.S. Federal Trade Commission, global regulators looked for ways to more seamlessly integrate enforcement cooperation. The hearing was the 11th in the FTC's ongoing series on competition and consumer protection in the 21st century.  Regulators largely agreed there is room for increased global cooperation on consumer protection and data privacy, while citing the success of several trans-border frameworks that seem to be bearing fruit, including the EU's "Consumer Pro... Read More

Supreme Court rejects Zappos appeal in data breach class-action

(Mar 26, 2019) The U.S. Supreme Court rejected an appeal by shoe retailer Zappos, a development that will allow a class-action lawsuit over a 2012 data breach to move forward, The Hill reports. A San Francisco–based appeals court first permitted the lawsuit on the ground the incident, which exposed the personal data of 24 million customers, opened victims to identity theft and fraud. Business groups argued the lawsuit should have been dismissed due to the victims’ failure to prove any form of substantial harm.... Read More

Vienna court allows Schrems to move forward with Facebook civil action

(Mar 26, 2019) The Vienna Higher Regional Court ruled Max Schrems can move forward and take civil action against Facebook, NS Tech reports. The court’s ruling opens the door for complaints made under Article 79 of the EU General Data Protection Regulation to be reviewed not only by data protection authorities, but also by civil court judges. Schrems tried on two previous occasions to have Austrian court judges hear the case in court before Vienna made its decision. “After a good four-and-a-half years, we have ... Read More

ICO delves into its AI auditing framework

(Mar 26, 2019) The U.K. Information Commissioner’s Office offered an overview of the two key components of its auditing framework for artificial intelligence. The first component covers the governance and accountability measures an organization needs to comply with data protection requirements. The agency identifies risk appetite, training and awareness, and data protection by design and default as examples of those measures. The ICO cited eight AI risk areas for its second component, including accuracy, fairn... Read More

FTC announces agenda for 12th hearing session

(Mar 26, 2019) The U.S. Federal Trade Commission has announced the agenda for the 12th session of its Hearings Initiative. The hearing will take place at Constitution Center April 9 and 10 and was rescheduled from its original date of Feb. 12 and 13. The hearings will include a panel discussion on the goals of privacy protection, data sensitivity, consumer demand and expectations for privacy, and current approaches to privacy. It will also include a daylong discussion on notice and choice; access, deletion and... Read More

Roundup: Australia, Egypt, US and more

(Mar 25, 2019) In this week's Privacy Tracker global legislative roundup, read about Australia’s proposed changes to the Privacy Act that would increase penalties and funding. Egypt approves a draft law proposed by the government to protect personal data that aims to implement articles of the country’s constitution regarding the protection of privacy. In Utah, legislators pass legislation in support of new privacy laws that would protect electronic data stored with third parties from government access. (IAPP m... Read More

CJEU advocate general: Pre-checked cookie boxes do not qualify as valid consent

(Mar 25, 2019) Court of Justice of the European Union Advocate General Maciej Szpunar wrote in a non-binding opinion a website has not gathered valid consent when it requires a user to deselect a pre-checked box, The Register reports. Szpunar’s opinion was in response to a case where an online lottery hosted by Planet49 asked individuals to consent to cookies. The box was filled in, but patrons did not need to agree to cookies in order to participate in the lottery. Szpunar determined it "virtually impossible ... Read More

Utah passes first bill in the US to protect data kept with third parties

(Mar 25, 2019) Wired reports the Utah Legislature passed the first bill in the U.S. to protect electronic data individuals keep with third parties. The privacy law would require government entities to obtain a warrant in order to access “certain electronic information or data” from third parties, such as Google or Facebook. The warrant requirement can be waived in emergency situations or when data can be used in felony and misdemeanor investigations. Republican Gov. Gary Herbert still must sign the bill before... Read More

UK ride-hailing drivers file lawsuit over alleged GDPR violations

(Mar 25, 2019) CNBC reports four U.K.-based Uber drivers have filed a lawsuit against the ride-hailing company for alleged violations of the EU General Data Protection Regulation. The drivers claim they asked Uber for information such as their trip ratings, their individual GPS data and the amount of time they spent logged into Uber’s platform; however, the four state the company never fulfilled any of their data requests. “Our privacy team works hard to provide as much information as we can, including explana... Read More