IAPP Westin Research Center

(Dec 10, 2018) On Tuesday, the New York Attorney General’s office announced a $4.95 million settlement with Oath (formerly AOL) to settle violations of the Children’s Online Privacy Protection Act. The settlement represents the largest ever enforcement penalty for a COPPA violation from any enforcement agency. The company’s violations rise beyond the conduct underlying previous COPPA violations — which often involve a company utilizing third-party tracking software and inadvertently tracking children on a webs... Read More

(Jun 19, 2018) The data protection officer role is a new feature for many organizations now subject to the EU General Data Protection Regulation, which specifies the criteria for designating a DPO, describes the position, and enumerates its responsibilities. Critically, for many companies, designating a DPO is not optional. In any case, the Article 29 Working Party’s guidance makes it clear that, once chosen, both mandatorily and voluntarily designated DPOs have the same responsibilities. The Working Party (no... Read More

(Jun 11, 2018) In this report, we update our September 2014 study, “What FTC Enforcement Actions Teach Us About the Features of Reasonable Privacy and Data Security Practices,” originally written by IAPP Westin Fellow Patricia Bailin, CIPP/US, CIPM, CIPT, now head of privacy at Datavant. The initial study analyzed organizational failures on issues of privacy, security, software/product review, service providers, risk assessments, unauthorized access/disclosure, and employee training. Moreover, the study descri... Read More

(Apr 18, 2018) The Article 29 Data Protection Working Party has published its “last revised” guidelines on transparency under the General Data Protection Regulation. When the WP29 released its proposed guidelines last December offering “practical guidance and interpretive assistance” regarding transparency obligations, IAPP analyzed the key issues. In addition to a brief summary of the transparency requirements, IAPP’s analysis of the proposed guidelines focused on the meaning of phrases such as “concise, tran... Read More

(Mar 15, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. This final installment in the 10-part series addresses why and h... Read More

(Mar 14, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion 10-part series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. Although the GDPR accommodates modern business practices... Read More

(Mar 12, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation.  This eighth installment in the 10-part series explores how the ... Read More

(Mar 8, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. This seventh installment in the 10-part series addresses data su... Read More

(Feb 28, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. This sixth installment in the 10-part series explores the transp... Read More

(Feb 27, 2018) Today, the United States Supreme Court hears arguments in a case with major implications for the privacy profession. The dispute between Microsoft and the United States government has spanned several years and will determine whether the U.S. can compel Microsoft to turn over data stored on a server located outside of the United States via a warrant issued by a U.S. court under the Stored Communications Act. The case has attracted considerable international attention, eliciting the submission of... Read More