While much happened this week in privacy news; the NSA’s surveillance was deemed likely unconstitutional, consent was declared dead, the data broker industry was put on notice by a U.S. senator and the EDPS released its 2014 inventory, the news that hit home for us was that Peter Fleischer and two other Google executives were acquitted in Italy’s Supreme Court after an eight-year battle over whether they were legally responsible for content that users uploaded to Italy’s version of YouTube. Back in the day, the implications of this case were a little scary for privacy pros around the globe, and it seems now it’s finally over. Take a look at this and all the week’s developments in privacy law in this Privacy Tracker weekly roundup.
On December 16, the District Court in the District of Columbia issued an opinion finding that the NSA program that has gotten significant attention due to the revelations of Edward Snowden was likely unconstitutional. In Klayman v. Obama, five plaintiffs sued a variety of government officials as well as private companies and sought preliminary injunctive relief based upon the assertion that the NSA program was unconstitutional and violated other statutes. In what ended up making big news, the court concluded there was a substantial likelihood the plaintiffs would prevail on their Fourth Amendment claims and issued an injunction. In this article, Andrew Serwin unpacks the court’s decision.
Last year, U.S. Senate Commerce Committee Chairman Jay Rockefeller asked the Government Accountability Office (GAO) to investigate privacy issues pertaining to companies that collect, aggregate and sell personal information about consumers. In late November, the GAO publicly released the resulting report, “Information Resellers: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace.” What did the GAO examine, and, in the short term, how might Congress respond to the GAO’s findings and, when they are published, Senator Rockefeller’s own scheduled report?
France is receiving criticism for a new law expanding government agencies’ access to Internet data; a European Court of Justice advocate has deemed the data retention directive in violation of citizens’ fundamental privacy rights, and in the U.S., a petition to update the Electronic Communications Privacy Act has received more than 100,000 signatures. This week, Privacy Tracker reports on these developments as well as new administrative measures for Chinese credit reference agencies, U.S. states’ challenges to NSA surveillance and new fining powers for the Dutch data protection authority.
The Genetic Information Non-Discrimination Act of 2008 (GINA) regulates employers’ collection, use, safeguarding and disclosure of “genetic information,” making it a privacy statute—and one with which it is becoming increasingly difficult to comply, writes Philip Gordon. Social media posts celebrating a family member’s cancer remission or a son’s trip to the ER for asthma contain “genetic information” in the eyes of GINA, Gordon writes, adding, “Recent (Equal Employment Opportunity Commission) enforcement actions and private class-action filings as well as the increasing prevalence of personal social media in the workplace highlight the need for organizations to address, or revisit, their compliance with GINA.” Find out more about the EEOC’s implementing regulations and how to mitigate risk in your organization.
This week’s Privacy Tracker legislative roundup includes the IAPP’s coverage of the European Commission’s report critiquing the EU-U.S. Safe Harbor agreement and offering the U.S. 13 ways to save it, and insight from Eduardo Ustaran, CIPP/E, on the report. You’ll also find information on the United Nation’s approval of an unlawful surveillance resolution, why India may have to wait a little longer for a privacy law and South Africa’s new law. In the U.S., more regions are considering social media laws and DNA databases, and courts have decided cases relating to COPPA and consumer privacy.