PL&B International Issue
Total Page:16
File Type:pdf, Size:1020Kb
Issue 132 December 2014 Ten ways the US election may NEWS 2 - Comment affect privacy law in 2015 Watch this space for US and EU privacy When Republicans take over the US Senate in January, the legislation priorities of committees overseeing privacy and data security 4 - HP dual BCR and CBPR certification issues will change significantly. By Jeff Kosseff . 5 - EU DP draft Regulation: The final n January, Republicans will con - in committee and on the Senate floor. round in 2015? trol both houses of Congress. Below are ten of the key privacy 7-EU contractual clauses to become But we shouldn’t expect an and data security trends to watch in easier to use • Central/East European Iimmediate sea-change in privacy the next Congress. guide on employee data laws. Although Republicans will 17 - CNIL reorganises and issues insurance industry compliance pack have a majority of votes in the Senate `e^kdb fk qlkb lc pbk^qb next year, they will be short of the 60 `ljjbo`b `ljjfqqbb \= 22 - China scrutinises Apple devices for votes necessary to bring a bill to the Retiring Senate Commerce Commit - security flaws floor. Privacy issues generally tend tee Chairman, Jay Rockefeller, 27 - ECJ to rule if IP addresses are not to break neatly along party lines Democrat-West Virginia, has been personal data • DPAs demand transparency from app developers and there will remain bipartisan sup - among the most active senators on port – and bipartisan opposition – to privacy and data security issues. ANALYSIS most initiatives. With a Democrat in Rockefeller has called for regulation 1 - Ten ways the US election may affect the White House, bipartisan support of data brokers, and he is a vocal privacy law in 2015 will be essential for any privacy legis - critic of companies’ privacy and data 13 - Privacy self-regulation in crisis? lation to pass. That said, the Republi - security practices. He is expected to TRUSTe’s ‘deceptive’ practices cans will control the agenda and 19 - African regional privacy instruments: whether legislation can receive a vote Continued on p.3 Harmonising effects LEGISLATION & REGULATION 10 - Book Review: Asian Data Privacy Search and access back issues by Laws: Trade and Human Rights key words on PL&B's website Perspectives Subscribers can now conduct detailed research on data protection and privacy 18 - New telecoms law has a serious issues on the Privacy Laws & Business website and access: impact on privacy in Mexico • Back Issues since 1987 23 - The ECJ invalidates the EU Data • Special Reports Retention Directive: Now what? • Materials from PL&B events • Videos and audio recordings MANAGEMENT • Search functionality giving you the most relevant content when you need it. 8 - How do global businesses know when EU DP Law applies? Further information at www.privacylaws.com/subscription_info To check your type of subscription, contact [email protected] or 11 - Boeing fits privacy into a telephone +44 (0)20 8868 9200. governance and ethics framework 22 - Apple integrates privacy functions COMMENT ISSUE NO 132 DECEMBER 2014 PUBLISHER Stewart H Dresner Watch this space for US and [email protected] EDITOR EU privacy legislation Laura Linkomies In the US, there are several privacy Bills in the Congress (p.1) . The [email protected] Do Not Track initiative may not be successful. But the Federal ASIA-PACIFIC EDITOR Communications Commission’s (FCC) ability to regulate privacy Professor Graham Greenleaf and data security may be an issue as Congress debates new legisla - [email protected] tion for the agency. This is one to watch, as in October the FCC imposed a $10 million fine against two telecoms companies, SUB EDITOR extending its reach into data security regulation for the first time. Tom Cooper REPORT SUBSCRIPTIONS On the EU front, additional steps have been taken towards adop - Glenn Daif-Burns tion of the draft Data Protection Regulation. One of the unre - [email protected] solved questions is the One Stop Shop. The UK opposed the cur - CONTRIBUTORS rent Council proposals, which would allow each DPA concerned to defend its views, as it says the system would not work without a Jeff Kosseff Covington & Burling LLP, US Lead Authority. Germany is concerned that this would indeed lead to ‘forum shopping’ in relation to where companies choose to base Charles D. Raab their main operations in the EU ( p.5 ). University of Edinburgh, Scotland Victoria Hordern It is important to get this right as we have seen some disasters in Hogan Lovells, UK the past – the Cookie Directive is not exactly an easy-to-under - Chris Connolly stand piece of legislation, and the annulment of the Data Retention Galexia, Australia Directive shows that the legislator does not always understand pri - Nigel Waters vacy, or that too many compromises are being made to satisfy all Pacific Privacy Consulting, Australia players. Read a detailed analysis on the aftermath of the Data Mauricio Hernández Retention Directive on p.23 . Bufete Soni, Mexico Marie Georges Africa has seen many new DP laws adopted in the last ten years and Planète informatique et libertés, France several Bills are being considered. Africa is likely to have more har - Xavier Tracol monised DP practices in different sectors in the coming years ( p.19 ). Eurojust, Netherlands Merrill Dresner Privacy by Design should nowadays be more than just a theoreti - PL&B Correspondent cal concept. However, while steps have been taken in some PUBLISHED BY respects ( p.22 ), DPAs have found that app providers are still not Privacy Laws & Business, 2nd Floor, transparent enough. They recently wrote to operators of app mar - Monument House, 215 Marsh Road, Pinner, ketplaces, including Google Play and the Apple App Store, to urge Middlesex HA5 5NE, United Kingdom that they make it mandatory for mobile app developers to post Tel: +44 (0)20 8868 9200 Fax: +44 (0)20 8868 5215 links to privacy policies prior to download if they are going to col - Email: [email protected] lect personal information ( p.27 ). Website: www.privacylaws.com Subscriptions: The Privacy Laws & Business International All back issues of PL&B International and PL&B UK are now on Report is produced six times a year and is available on an annual subscription basis only. Subscription details are at the our website. To access the back copies, either carry out a keyword back of this report. search or browse through the archives – International : Whilst every care is taken to provide accurate information, the www.privacylaws.com/int#4 UK : www.privacylaws.com/uk#4 publishers cannot accept liability for errors or omissions or for any advice given. Laura Linkomies, Editor Design by ProCreative +44 (0)845 3003753 Printed by Rapidity Communications Ltd +44 (0)20 7689 8686 PRIVACy LAWS & BUSINESS ISSN 2046-844X Copyright: No part of this publication in whole or in part may be reproduced or transmitted in any form without the prior Contribute to PL&B reports written permission of the publisher. Do you have a case study or opinion you wish us to publish? Contri butions to this publication and books for review are always welcome. If you wish to offer reports or news items, © 2014 Privacy Laws & Business please contact Laura Linkomies on Tel: +44 (0)20 8868 9200 or email [email protected] . O=========ab`bj_bo=OMNQ PRIVACY LAWS & BUSINESS INTERNATIONAL REPORT © 2014 PRIVACY LAWS & BUSINESS ANALYSIS US changes... from p.1 did not properly secure their data. And Republican Senator, Dean Heller, of in October, the FCC joined the Global Nebraska, has noted that online adver - Privacy Enforcement Network, an tising “provides many jobs and gener - be replaced by South Dakota’s John international association of privacy ates multiple billions of dollars in eco - Thune, a moderate Republican whose regulators that collaborates on cross- nomic activity.” track record on privacy issues is not as border enforcement actions. Before Minimization of a key privacy extensive as that of Rockefeller. Simi - October, the FTC was the only US watchdog? Because Senate Judiciary larly, the likely new top Democrat on member of the network. Travis Committee member, Al Franken, the committee, Bill Nelson of Florida, LeBlanc, chief of the FCC’s Enforce - Democrat – Minnesota, quickly has not been as vocal about privacy ment Bureau, said that if the FCC is to emerged as a leading advocate on con - issues as Rockefeller. Among the Sen - “detect, disrupts, and dismantle these sumer privacy issues after his election ate Commerce Committee members global privacy assaults, it is critical that in 2008, Judiciary Committee Chair - who have expressed the most interest we work closely with our international man, Patrick Leahy, created the Sub - in privacy issues are Richard Blumen - partners abroad, as well as our federal, committee on Privacy, Technology, and thal of Connecticut and Ed Markey of state, and local partners here at home.” the Law for Franken to chair. Franken Massachusetts, neither of whom has The Commerce Committee may ques - used the subcommittee to hold hear - the Senate seniority that Rockefeller tion why two agencies are regulating ings on a wide range of privacy issues, had. privacy issues, and whether it is neces - including facial recognition and geo- sary to have two cops on the beat. The location. Most recently, Franken asked obdri^qfkd qeb cq` Republican takeover of the Congress detailed questions of ride-sharing app The Federal Trade Commission in increases the chances of revisions to the Uber after one of its executives dis - recent years has increased its oversight Communications Act, which sets the cussed tracking journalists who have of companies’ data security practices. framework for the FCC’s ability to used its service. “The journalist’s per - The FTC does not have explicit statu - regulate communications companies.