White House, industry reveal more details on US privacy framework

(Sep 25, 2018) Movement toward a U.S. privacy framework is gaining steam this week as lobbying efforts in Washington intensify ahead of the release of White House document outlining an initial approach to consumer privacy and a highly anticipated Congressional hearing Wednesday in which privacy professionals from several major tech companies will testify.  An "unpublished Notice by the National Telecommunications and Information Administration," an arm of the Department of Commerce, has appeared on the Federa... Read More

Privacy's role in the Article 7 proceedings against Hungary

(Sep 25, 2018) In the lengthy list of the Hungarian government's sins that led the European Parliament to launch disciplinary proceedings earlier this month — an unprecedented step — lurked multiple offenses on the privacy and data protection fronts. On Sept. 12, the European Parliament for the first time invoked Article 7 of the Treaty on European Union, by approving a report into Hungarian failings by Judith Sargentini, a Dutch MEP. Article 7 is intended to deal with member states that seriously and persist... Read More

Can we assess the enforcement of data protection and cybersecurity in Mainland China?

(Sep 25, 2018) How is the enforcement of data protection and cybersecurity provisions in mainland China faring? A year after the Cybersecurity Law (网络安全法, the CSL) became effective, June 1, 2017, it is a question that can legitimately be asked. And a question that has become more pressing a few weeks after the public announcement of one of the most important data leaks in mainland China from a major hotel group that could impact over 130 million data subjects. In this article, beyond just providing a state of... Read More

North Carolina AG talks ID theft, breach notification, federal pre-emption

(Sep 25, 2018) Josh Stein was sworn in as North Carolina’s Attorney General in 2017. Before serving as attorney general, Stein served as a state senator (2009-2016) and as a senior deputy attorney general (2001-2008) in the North Carolina Department of Justice. Throughout his tenure as attorney general, Stein has made consumer fraud protection a top priority. Specifically, Stein has shown a clear commitment to data privacy and security through his advocacy for strong protection of individuals’ personal informa... Read More

US privacy framework gains momentum ahead of Senate hearing

(Sep 25, 2018) Movement toward a U.S. privacy framework is gaining steam this week as lobbying efforts in Washington ramp up ahead of a White House document on its approach to consumer privacy and a highly anticipated Congressional hearing Wednesday in which privacy professionals from several major tech companies will testify. An "unpublished Notice" by the National Telecommunications and Information Administration, an arm of the Department of Commerce, has appeared on the Federal Register and includes a PDF r... Read More

FCA preparing to fine Tesco Bank record amount over 2016 cyberattack

(Sep 25, 2018) The U.K. Financial Conduct Authority is planning to fine Tesco Bank as much as 30 million GBP over the cyberattack it suffered in 2016, the Financial Times reports. Tesco was forced to repay 2.5 million GBP in losses to 9,000 customers following the incident. The FCA investigated whether the bank left customers exposed to fraud due to its use of sequential debit card numbers. Tesco and the FCA are currently negotiating the penalty, which could be the largest fine the agency has ever administered... Read More

CNIL looks at GDPR four months later

(Sep 25, 2018) France’s data protection authority, the CNIL, looks at the effect of the EU General Data Protection Regulation four months after its implementation date. The CNIL states 24,500 organizations have appointed a data protection officer since May 25, up from 13,000 prior to the deadline. The DPA has received more than 600 data breach notifications since the beginning of the GDPR and 3,767 complaints since the start of the year, up 64 percent from the same period in 2017. The CNIL also outlines some o... Read More

Unpacking Big Brother Watch v UK

(Sep 24, 2018) In a landmark judgment published last week, the European Court of Human Rights ruled that several aspects of U.K. secret surveillance programs violated Article 8 (right to respect for private life) and Article 10 (freedom of the press) of the European Convention on Human Rights. Filed in the wake of Edward Snowden’s national security revelations, complaints in Big Brother Watch and Others v. the United Kingdom concerned three surveillance tactics used by the U.K. government: bulk interception o... Read More

A look at the ECHR's Big Brother Watch ruling

(Sep 24, 2018) In a landmark judgment published last week, the European Court of Human Rights ruled that several aspects of U.K. secret surveillance programs violated Article 8 (right to respect for private life) and Article 10 (freedom of the press) of the European Convention on Human Rights. IAPP Externs Katelyn Burgess and Towhidul Islam write for Privacy Tracker about the way the court arrived at its decision, noting that "It’s most significant impact may be ... the acknowledgment that metadata should not ... Read More

Roundup: Kenya, South Africa, Canada, US and more

(Sep 24, 2018) In this week’s Privacy Tracker legislative roundup, read about Italy's new law implementing the EU General Data Protection Regulation. In Kenya, officials note a data protection bill is expected to be introduced to Parliament, and, in South Africa, the constitutional court relied on the right to privacy in a case involving the decriminalization of marijuana for private use. Canada's privacy commissioner published guidelines for mandatory data breach reporting under the country's Personal Informa... Read More