Spoiler Alert: Illinois May No Longer Require Two-Party Consent, but California Still Does

By Tanya Forsheit, CIPP/US

It’s a good thing producers of The Good Wife aired their episode “A Few Words” when they did, or one of the best lines—for privacy litigators, at least—would’ve been moot. In this Privacy Tracker post, InfoLawGroup’s Tanya Forsheit , CIPP/US, breaks down the People v. Clark decision deeming Illinois’ two-party consent law unconstitutional and why most other two-party state laws won’t be affected—most notably California’s. “California’s two-party consent law does not suffer from the defect that doomed Illinois’s two-party consent law in Clark,” writes Forsheit, noting, however, “it remains to be seen, in California and elsewhere, what happens in close cases where it is far less clear whether all the parties have a reasonable expectation of privacy in the conversation.”

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Global News Roundup

While the retail and drone industries are wary of some state laws getting traction in the U.S., a software industry executive in Africa is touting the need for a continent-wide privacy law to drive cloud adoption. In this Privacy Tracker weekly legislative roundup, read about concerns surrounding the Pakistani proposed cybercrime law, EU member states’ reactions to the EU Court of Justice’s decision on the Data Protection Directive and which sections of South Africa’s POPI are now in effect.

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Cloud Computing: The Case for Logical Control over Physical Control

By Kuan Hon

“With cloud computing, many fear losing control. True, supply chains may be complex … However, users can retain control in cloud computing—depending,” writes cloud computing expert Kuan Hon in this Privacy Tracker post. Using examples of the evolution of the EU Data Protection Directive and cases from the EU Court of Justice and the Danish Data Protection Agency, Hon outlines reasons the data export restriction and the “transfer to a third country” provisions are antiquated in today’s technological environment. “Nowadays, physically confining data to the EEA does not equate to or guarantee data protection. Yet vast amounts of time and resources are poured into compliance with the restriction, which could be better spent on improving information security,” Hon writes.

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Canadian Cyberbullying and Lawful Access Legislation Revived

By Timothy M. Banks

In this Privacy Tracker post, Timothy Banks of Dentons Canada looks at the government’s proposed Bill C-13, which attempts to grant law enforcement enhanced surveillance powers. “The proposed legislation has been promoted by the government as ‘anti-cyberbullying’ legislation; however, the new offence of unlawful distribution of intimate images is a small component of a suite of provisions intended to expand law enforcement tools to investigate online crime.” Noting that previous attempts at increasing surveillance powers have met criticism from federal and provincial privacy commissioners, Banks writes that this bill “is much more respectful of privacy rights than previous attempts by Canada’s Harper government. However, the recent attempt to stifle debate in the House of Commons certainly could be interpreted as the government remaining uncomfortable with scrutiny of these provisions.”

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Global News Roundup

In the U.S., Kentucky has become the 47th state to pass a breach notification bill and Wisconsin has passed a social media law and expanded the collection of DNA from arrested individuals. The U.S. House passed bipartisan legislation aiming to protect information held in vehicle event data recorders; the Canadian Senate is considering the Digital Privacy Act, offering new protection for consumers and increased powers for the federal privacy commissioner, and the Court of Justice of the EU invalidated the EU Data Retention Directive. In this week’s Privacy Tracker legislative roundup, read more about all these developments and also what the FTC v. Wyndham decision may, or may not, mean for the future of U.S. privacy regulation.

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Global News Roundup

The Dutch Parliament has approved the use of drones for video surveillance, giving mayors the right to determine when the use is appropriate; meanwhile, in the U.S., Washington state’s governor vetoed a drone bill there, saying it doesn’t go far enough to protect privacy. This week’s Privacy Tracker legislative roundup offers information on Idaho’s new DNA privacy law, Utah’s new mobile device privacy law and clarification on TCPA issued by the Federal Communications Commission. Also learn about the one-million Euro fine Google will pay to Italian regulators and a suit in Canada seeking class-action status that claims the Communications Security Establishment Canada “has been violating the constitutional rights of millions of Canadians.”

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.
IAPP Westin Research Center

The Australian Privacy Principles: What They Mean for the Rest of the World

By Dennis Holmes, IAPP Westin Research Fellow

While many organizations within Australia work to implement the newly enacted Australian Privacy Principles (APPs), organizations outside the country may wonder in what way the new law affects their business practices. In this Privacy Tracker post, IAPP Westin Fellow Dennis Holmes outlines aspects of the APPs that non-Australian businesses, particularly service providers, may want to pay attention to, including the privacy commissioner’s interpretation of “carrying on business” that “departs from the traditional notion of that standard in Australian law.” Holmes notes that the newness of the APPs makes it unclear how they will be applied, but “companies must understand whether they are subject to liability under the new rules and take meaningful steps toward full compliance if so.”

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Is Drone Privacy Ready for Take Off?

By The Hogan Lovells Privacy Team

The expected uptick in public and private use of unmanned aerial systems (UAS) in the U.S. has brought on a requisite increase in legislation in this area—both passed and proposed. “In 2013, 13 states passed laws governing UAS operations, and three states—Idaho, Oregon and Texas—enacted laws that specifically address UAS use by private entities,” write Hogan Lovells’ Partner Harriet Pearson, CIPP/US, and Associate Jared Bomberg in this Privacy Tracker post, leaving UAS operators with “a patchwork of state laws impacting their operations.” The authors outline scenarios for the future of drone regulation in the U.S., taking into account current applicable privacy laws, Sen. Ed Markey’s (D-MA) proposal and the possibility for self-regulation.

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Global News Roundup

Privacy laws are being considered in nations across the globe, and this week’s Privacy Tracker legislative roundup has updates on many of them. Brazil’s Chamber of Deputies has passed the Internet bill of rights—without its controversial local data storage provision; India has exempted government intelligence agencies from its draft law; Australia’s Senate is looking at a mandatory breach notification bill, and in Ireland, a bill intending to give adopted children identity rights is raising questions over parental privacy rights. In the U.S., Sen. Al Franken (D-MN) has proposed an updated version of his location privacy bill, and states continue to discuss issues surrounding student privacy and breach notification, among others.

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.

Gmail Wiretapping Litigation, Class-Action Denied

By Mark Melodia and Paul Bond and Frederick Lah, CIPP/US

The Northern District of California denied a motion for class certification in a suit over Google’s alleged practice of scanning Gmail messages in order to serve content-based advertising. This Privacy Tracker exclusive discusses how Gmail’s Terms of Service and Privacy Policy, which the court previously called “vague at best and misleading at worst,” and “a ‘panoply of sources’ where users could have impliedly consented to Google’s practices” helped the court make its decision. “Putting aside the question of whether Google’s Terms were in fact vague or misleading, a key takeaway for businesses from this case should be the importance of educating customers about their data practices,” the authors write. (IAPP member login required.)

You may need to be an IAPP member and be logged in to read the full article.
Log in now or click here to learn more about IAPP membership.