CIPL white paper details USMCA's effects on potential federal privacy law

(Jan 21, 2020) According to Hunton Andrews Kurth's Privacy & Information Security Law Blog, the Centre for Information Policy Leadership has published a white paper discussing how the United States-Mexico-Canada Agreement might impact potential U.S. privacy legislation. The white paper discusses the agreement's provisions on digital trade, which call for a legal framework for personal data protection and the formal recognition of the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules. CIPL argues... Read More

FBI nabs website for selling breached records

(Jan 17, 2020) Silicon Republic reports the U.S. Federal Bureau of Investigation has shut down WeLeakInfo.com for selling personal records from data breaches over the last three years. According to the FBI, the website collected personal information from more than 10,000 data breaches and then sold access to the records for as little as $2. Types of records collected and sold included names, email addresses, usernames, phone numbers and unencrypted passwords. Meanwhile, the Federal Trade Commission announced f... Read More

EU Council to make ePrivacy pitch to Parliament

(Jan 16, 2020) The European Parliament Committee on Civil Liberties, Justice and Home Affairs has announced the Croatian Presidency of the Council of the European Union is slated to give an hourlong ePrivacy presentation during the committee's Jan. 21 meeting. Croatian State Secretary Josip Bilaver will lead the discussion on "respect for private life and the protection of personal data in electronic communications." The meeting will also feature a discussion on cross-border access to e-evidence between the EU... Read More

Report: UK, US to potentially increase personal data sharing

(Jan 15, 2020) Infosecurity Magazine reports leaked trade documents indicate the U.S. and U.K. may explore different mechanisms for increasing their cross-border data transfers. The "Data: UK’s overarching data protection regime, and Free Flow of Data" document reveals the U.K. may seek to avoid adequacy mechanisms, like the current EU-U.S. Privacy Shield, under the notion that adequacy is "a flawed system." The U.K. also indicates in the document it may turn to the APEC Cross-Border Privacy Rules certificatio... Read More

FTC finalizes Privacy Shield falsification case

(Jan 10, 2020) The U.S. Federal Trade Commission announced it finalized its settlement with California-based Medable over false claims of EU-U.S. Privacy Shield participation. The FTC voted 5-0 on the settlement's approval. As part of its deal with the FTC, the technology company cannot misrepresent its participation in the Privacy Shield framework or other privacy or data protection programs put forth by the government, self-regulatory groups or standard-setting organizations.Full Story... Read More

European parliament considers whether California could be 'adequate'

(Jan 9, 2020) Could California have its own Privacy Shield arrangement separate from the rest of the U.S.? That was the most exciting question that emerged from a discussion about the data-transfer agreement’s third annual review at the European Parliament Thursday. Members of the Parliament’s Committee on Civil Liberties, Justice and Home Affairs discussed in depth the European Commission’s report, issued Oct. 21, with representatives of the European Commission and European Data Protection Board. The respons... Read More

EU Parliament debates: Could California be considered 'adequate' on its own?

(Jan 9, 2020) Could California have its own Privacy Shield arrangement separate from the rest of the U.S.? That was the most exciting question that emerged from a discussion about the data-transfer agreement’s third annual review at the European Parliament Thursday. Members of the Parliament’s Committee on Civil Liberties, Justice and Home Affairs discussed in depth the European Commission’s report, issued Oct. 21, with representatives of the European Commission and European Data Protection Board. Referring... Read More

'Schrems 2.0': 5 business impacts from the advocate general’s opinion

(Jan 9, 2020) On Dec. 19, the Court of Justice of the European Union's advocate general issued his 97-page opinion in the so-called "Schrems 2.0" case concerning the validity of two key data transfer mechanisms: standard contractual clauses and the EU-U.S. Privacy Shield framework — mechanisms widely used by businesses within the European Economic Area to legitimize the transfer of personal data to countries outside the EEA. It is now up to the judges of the CJEU to assess his opinion and come to a decision, ... Read More

Interactive 'GDPR Genius' tool available in IAPP Resource Center

(Jan 3, 2020) Organizations are still grappling with the EU General Data Protection Regulation and all its corresponding guidance and documentation. Keeping track of it all is no small task. That's why the IAPP has compiled the "GDPR Genius," an interactive tool that provides IAPP members with access to critical GDPR-related resources, including relevant recitals, European Data Protection Board guidance, member state guidance and derogations, relevant court cases, regulatory enforcement, and other resources a... Read More

Norway's DPA finds Danish data-processing agreement can be used in country

(Jan 3, 2020) The Norwegian data protection authority, Datatilsynet, announced the standard data-processing agreement adopted by Denmark's DPA can also be used within Norway. The Danish DPA submitted the agreement to the European Data Protection Board. Since it was approved by the EDPB, the Norwegian DPA declared organizations within the country can adopt it, as well. Norway's DPA states it is not optional to adopt the Danish agreement; however, it must have an agreement in place that complies with the countr... Read More