Privacy News | Daily Dashboard

Breaking news. In-depth articles. Global coverage.

Save time searching the headlines for privacy news in the media. Get the latest breaking privacy and data protection news from around the globe all in one place—The Daily Dashboard. Our FREE daily e-newsletter summarizes the day’s top privacy stories with links to the full articles—sent directly to your desktop each weekday!

Subscribe now!

Top Privacy News

PRIVACY LAW—EU

Article 29 WP on Safe Harbor, Anonymisation, Data Controllers

April 18, 2014

“If the revision process currently undertaken by the European Commission does not lead to a positive outcome, then the Safe Harbor agreement should be suspended.” That was the message in a letter to Vice President and Commissioner for Justice Viviane Reding from Article 29 Working Party (WP) Chair Isabelle Falque-Pierrotin. The improvements made to modify Safe Harbor must be “valuable to the European Commission,” the letter states. Meanwhile, the WP has also issued an opinion on “making data processing legitimate.” The opinion states, “Beyond guidance on the practical interpretation and application of Article 7(f) under the current legal framework, it aims at formulating policy recommendations to assist policy makers as they consider changes to the current data protection legal framework.” A second WP opinion “analyses the effectiveness and limits of existing anonymisation techniques against the EU legal background of data protection and provides recommendations to handle these techniques by taking account of the residual risk of identification inherent in each of them.”
Full Story

PRIVACY

Cavoukian Warns Against Privacy Paternalism

April 18, 2014

In response to a Huffington Post column by Microsoft’s Scott Charney on “The Evolving Pursuit of Privacy,” Ontario Information and Privacy Commissioner Ann Cavoukian writes that Charney’s views “reflect a paternalistic approach to data protection that, if implemented, will weaken rather than strengthen privacy in the 21st century.” In this post for Privacy Perspectives, Cavoukian presents her case for avoiding a “zero-sum perspective” and, while agreeing “that greater accountability for the uses of personal data is critical,” she notes, “It is individuals, not regulators, who are best positioned to hold data processors accountable in a way that no law, regulation or oversight authority could ever do.” Editor’s Note: Members of industry and data protection authorities will debate some of these same topics at the IAPP Europe Data Protection Intensive, April 29-May 1, in London, UK.
Full Story

DATA LOSS—U.S.

Michaels, Medical Center Confirm Breaches

April 18, 2014

Michaels Stores has confirmed earlier reports of a security breach at certain payment card systems in its U.S. stores and its Aaron Brothers unit. In January, the company said it was working with federal law enforcement officials to investigate the potential incident. The Michaels breach, which occurred between May 8, 2013, and January 27 of this year, may have affected about 2.6 million cards, while the Aaron Brothers breach affected about 400,000 cards, Chicago Tribune reports. Meanwhile, the University of Pittsburgh Medical Center (UPMC) says the personal information of up to 27,000 of its employees may have been breached. At first, UPMC had estimated only a few dozen had been affected.
Full Story

PRIVACY—U.S.

General Mills Says Privacy Policy Changes Are Being Mischaracterized

April 18, 2014

On its blog, General Mills explains changes to its online privacy policy and legal terms, which it says are being “pretty broadly mischaracterized.” The changes are simply a policy update and an update of legal terms because the company wants people “to know and understand our approach.” The New York Times reported originally that the company implemented changes that “forfeit online followers’ rights to sue.”  But General Mills said, “No one is precluded from suing us by purchasing our products … that is just a mischaracterization.” The company also allows users to opt out, it notes.
Full Story

SOCIAL NETWORKING—U.S.

Facebook Unveils Location Feature, Goes on Offense in DC

April 18, 2014

Facebook has announced a new find-a-friend feature, Nearby Friends, which allows users to see which opted-in friends are in their area, as Politico reports on the company’s new strategy in Washington, DC. Before announcing the feature publicly, Facebook representatives went to Capitol Hill to speak with privacy hawks including Sen. Al Franken (D-MN) and Reps. Marsha Blackburn (R-TN) and Joe Barton (R-TX). A Facebook spokeswoman said, “We want people to understand how our service works and what we’re doing to protect the people who use Facebook, so we meet regularly—as we did in this case—with policy-makers, regulators and other interested parties to keep them updated.” The Center for Democracy & Technology’s Justin Brookman said, “They’ve done a pretty good job of saying, ‘Here are some things we’re thinking about,’ and actually taking feedback, too.”
Full Story

PRIVACY

The Role of Privacy Seals and Certifications

April 18, 2014

The IAPP will host a free web conference on “The Role of Privacy Seals and Certifications in Building Trust and Global Interoperability” that aims to examine the growing legal requirements for privacy seals and certifications around the world. Panelists Chris Babel, CEO of TRUSTe, and Bojana Bellamy, CIPP/E, president of the Centre for Information Policy & Leadership at Hunton & Williams, will discuss the benefits of using privacy seals and certifications, the costs and processes involved and the potential relationship between seals and certifications and global data transfers. Tune in Thursday, May 8, at 1 p.m. EDT.
Full Story

PRIVACY—U.S.

Georgetown, Carnegie Mellon To Hold Events on Big Data, Notice and Choice

April 18, 2014

On April 22, experts from the public- and private-sectors will join public policy experts from the Georgetown University McCourt School of Public Policy and privacy law experts from Georgetown Law to look at “Privacy Principles in the Era of Massive Data.” The event, to be held in Georgetown Law Center’s Hart Auditorium, will be keynoted by the Federal Trade Commission’s Maureen Ohlhausen. Meanwhile, Carnegie Mellon University will hold a workshop on the “Future of Privacy Notice and Choice” on June 27. The workshop, co-chaired by Lorrie Cranor and Norman Sadeh, will be open to the public. And the FTC is launching a summer fellowship program on technology and data governance.
Full Story

HEALTHCARE PRIVACY—U.S.

Greene: New HIPAA Audits Will Allow Less Room for Explanations

April 18, 2014

FierceHealthIT reports on Davis Wright Tremaine’s Adam Greene’s recent interview with HealthcareInfoSecurity and his advice for healthcare organizations facing Health Insurance Portability and Accountability Act (HIPAA) audits this fall that are expected to be “more narrow in focus.” Greene says the process is going to be a “bit tougher” coming forward for organizations that don’t employ meticulous documentation. “If you’re a well-organized organization, I think these desk audits will make things significantly easier,” Greene said, adding the Office for Civil Rights “has indicated they are not going to do follow-up questions … so you want your policies and procedures to tell a good story of your compliance.” Editor’s Note: The IAPP Resource Center’s Close-Up: HIPAA offers additional tools and research related to this topic.
Full Story

PRIVACY ENGINEERING—U.S.

NIST Seeks Answers To Engineering Privacy

April 17, 2014

Last week, the National Institute of Standards and Technology (NIST) held a two-day workshop with public- and private-sector experts to explore the concept of privacy engineering. Three trends that recurred throughout the workshop, according to Jenner & Block’s Mary Ellen Callahan, CIPP/US, and Esteban Morin, included the lack of privacy technical standards, the role engineers can play in protecting privacy and the role NIST should play moving forward. In this installment of Privacy Perspectives, Morin and Callahan, who was also a workshop panelist, discuss these trends and why they think the workshop was a success.
Full Story

CLOUD COMPUTING

Why Attempts To Physically Control Data Make No Sense

April 17, 2014

“With cloud computing, many fear losing control. True, supply chains may be complex … However, users can retain control in cloud computing—depending,” writes cloud computing expert Kuan Hon in this Privacy Tracker post. Using examples of the evolution of the EU Data Protection Directive and cases from the EU Court of Justice and the Danish Data Protection Agency, Hon outlines reasons the data export restriction and the “transfer to a third country” provisions are antiquated in today’s technological environment. “Nowadays, physically confining data to the EEA does not equate to or guarantee data protection. Yet vast amounts of time and resources are poured into compliance with the restriction, which could be better spent on improving information security,” Hon writes. (IAPP member login required.) Editor's Note: The IAPP and TRUSTe will present a free web conference, The Role of Privacy Seals and Certifications in Building Trust and Global Interoperability, on May 8.
Full Story

GEOLOCATION—U.S.

Marketers Thrilled with iPhone Update Allowing Persistent Tracking

April 17, 2014

Following Apple’s update to the iPhone operating system, marketing apps can now keep tabs on users’ of Bluetooth-based iBeacon app even if the app is closed, and marketers are thrilled with the change, NPR reports. “It was the announcement everybody was waiting for,” said industry insider Doug Thompson. But Seattle-based technologist and writer Garrett Cobarr said, “As a privacy researcher, I always get nervous when marketers are celebratory about something.” Cobarr said users would assume an app wasn’t tracking them if they had turned it off, and the fact their location is now still being tracked would “surprise most people and perhaps unnerve them.”
Full Story

ONLINE PRIVACY—U.S.

ECPA Reform Stalled; Courts Avoid Tech Questions

April 17, 2014

A federal appeals court has affirmed an earlier court ruling holding Lavabit founder Ladar Levison in contempt for refusing to turn over the master encryption keys to Lavabit’s 400,000 users, and at the same time, Ars Technica reports, reforms to the Electronic Communications Privacy Act (ECPA) have stalled in Congress. The Center for Democracy & Technology’s Jim Dempsey said, “It has become clear to us in the course of a year and a half, we’re not going to see comprehensive ECPA reform at this time.” Kashmir Hill reports on the Levison and Andrew “weev” Auernheimer court cases and how, in each case, the important technological questions of Internet security were not decided because of court technicalities. Meanwhile, German-based startup Lavaboom is unveiling a new e-mail encryption service inspired by Lavabit.
Full Story