Businesses sued for collection of employee biometric data

(Jul 21, 2017) The Chicago Tribune reports on a host of employee biometric privacy lawsuits that are seeking class-action status in the Cook County Circuit Court this year. Grocery store Roundy's, Intercontinental Hotels' Kimpton chain and data center operator Zayo Group have all been accused of violating the Illinois Biometric Information Privacy Act. The suits alleged all three businesses did not obtain required written consent and provide disclosures about the collection, use and storage of employees' finge... Read More

CJEU advocate general opinion says exam script is personal data

(Jul 21, 2017) A new opinion from the advocate general of the Court of Justice of the European Union states that a student's exam script should be considered personal data, The Irish Times reports. In 2009, Ireland's Data Protection Commissioner refused to investigate a complaint from a student seeking his exam script from Chartered Accountants of Ireland. The case has made its way to the CJEU. German Advocate General Juliane Kokott said, "The script is a documentary record that the individual has taken part i... Read More

Privacy issues raised over fight on opioid drug epidemic

(Jul 21, 2017) Utah state law currently mandates a warrant for the Drug Enforcement Administration to view the state prescription-drug database, but that is being weighed by U.S. District Judge David Nuffer in what he calls a “fascinating case,” ABC News reports. In a case that pits health care privacy against a need to combat the country’s opioid drug epidemic, concerns are raised once again as the DEA fights to be exempt from the state law. Previous rulings have sided with the DEA, and in a draft ruling, Nuf... Read More

Federal judge sides with search and seizure of cellphone records

(Jul 21, 2017) A New York federal judge denied a motion to suppress data stemming from law enforcement access to cellphone records in a 2015 case, finding that “it is almost as if cellphone users must relinquish some privacy interests — at least related to their location — as a prerequisite to using a device so embedded in everyday life,” Courthouse News reports. U.S. District Judge William Pauley III wrote in his ruling that “current Fourth Amendment jurisprudence affords no privacy interest in records create... Read More

Your first look at LIBE's 800 ePrivacy amendments

(Jul 21, 2017) As the clock ticks on the ePrivacy Regulation — and the ambitious aim of having it ready for May 2018 — members of the European Parliament’s civil liberties committee have submitted more than 800 amendments. The big — though not surprising — news is the proposal to introduce “legitimate interest” as a justification for further processing of data. Polish MEP Michal Boni’s amendments in Recital 17 on metadata and Recital 21 on access to information stored on terminal equipment both propose “an exe... Read More

Beamish sees privacy issues in new child welfare laws

(Jul 21, 2017) Ontario Information and Privacy Commissioner Brian Beamish is calling for stronger privacy protections in a new set of child welfare laws, The Toronto Star reports. The new laws will give the Ministry of Children and Youth Services new and broad authority to collect, use and disclose personal information, though the privacy component of the Bill 89, the Child, Youth and Family Services Act, will be the first time children's aid societies are bound by privacy law. Under the forthcoming mandate, c... Read More

Eoin O'Dell on compensation damages for breach of the GDPR

(Jul 21, 2017) One of the provisions in the EU General Data Protection Regulation that has received very little attention is how national legislatures will handle Article 82(1), which provides that, "Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered." Trinity College Dublin School of Law's Eoin O'Dell recently researched breach compensation in the GDP... Read More

Singapore's monetary authority decision raises questions about treatment of personal data

(Jul 21, 2017) On 27 June, the Monetary Authority of Singapore announced that banks will soon be allowed to invest in and operate digital platforms that offer complementary services to the banks’ financial businesses, including e-commerce and online shopping. With the relatively recent enactment of Singapore’s Personal Data Protection Act 2012, data protection is fast emerging as a key consideration in commercial transactions, particularly ones involving the acquisition of data. The act prescribes nine main da... Read More

Canadians not eligible for proposed US Ashley Madison settlement

(Jul 21, 2017) Victims of the massive Ashley Madison data breach who reside in Canada will not be eligible for a proposed settlement in the U.S., the Ottawa Citizen reports. Earlier this week, a $11.2 million settlement was proposed in the U.S., which must be approved by the U.S. District Court in Missouri. Glenn Brandys, an attorney working on the Canadian settlement, said the U.S. deal will not mean a similar outcome will be reached in Canada. "There are different laws for liability in both jurisdictions so ... Read More

Exploring damages for breach of the GDPR

(Jul 20, 2017) One of the objectives the EU General Data Protection Regulation is to afford individuals back control over their personal data. And one of the means by which this objective is achieved is the provision of a private right of action for damages. As a consequence, Article 82(1) of the GDPR provides that, "Any person who has suffered material or nonmaterial damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the d... Read More