Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Stakeholders Aim To Craft Smart Grid Privacy Code of Conduct (February 27, 2013)
The Federal Smart Grid Task Force, led by the U.S. Department of Energy, recently held its first stakeholder meeting on a voluntary code of conduct (VCC) for energy utilities and third parties. The voluntary code would indicate to consumers a company’s commitment to data protection and privacy when it comes to the smart grid.
The 2013 Privacy Forecast (February 1, 2013)
2013 promises to be a landmark year as it relates to the privacy and security of consumer information. Specifically, we will see increased complexity of breaches and elevated enforcement action but no meaningful federal privacy legislation. New technologies and business models will alter the risk posture for consumers as businesses seek to maximize big data revenue potential.
“Right To Be Forgotten” Versus Freedom of Speech: Search Engines in Turmoil (February 1, 2013)
What is the legal status of search engines, which are indispensable tools for searching for information on the Internet? This is one of the complex questions that the Court of Justice of the European Union (CJEU) will have to answer in 2013.
Kick-Starting a Privacy Program (February 1, 2013)
It is not enough for a business to create a privacy policy and place it on its website; a business must define policies and practices, verify that their employees are following the practices and complying with policies, and confirm that third-party service providers are adequately protecting any shared information as well. As customer demands and regulatory requirements change, the business’ privacy practices and policies must be reviewed and revised to meet this changing business environment.
TV-Monitoring Patent Prompts Privacy Worries (February 1, 2013)
Could a television soon monitor your every move and conversation? FierceCable recently reported on one patent application for using infrared cameras and microphones to analyze the conversations and body language of anyone located near a television. The patent application, "Methods and Systems for Presenting an Advertisement Associated with an Ambient Action of a User," which was subsequently denied, came to light after being automatically published—as all applications are, 18 months after being filed—by the U.S. Patent & Trademark Office.
Researchers Publish Study of Indian Privacy Perceptions (February 1, 2013)
In an effort to better understand privacy perceptions in India, two researchers have conducted the largest-ever survey on the topic. Prof. Ponnurangam PK (PK) and Niharika Sachdeva have published “Privacy in India: Attitudes and Awareness V 2.0,” which follows a smaller version of the study, published in 2005. The survey found that 76.63 percent of Indians surveyed felt that “consumers have lost control over how personal information about them is circulated and used by companies.” In 2004, only seven percent of consumers mistrusted businesses. India is “on a path” toward becoming privacy-aware and concerned, the authors state.
The SEC’s Cybersecurity Guidelines: A Potential Game-Changer for How Companies Disclose Risks of Cybersecurity Breaches (February 1, 2013)
A cybersecurity breach can create huge costs for a corporation by damaging the company’s reputation and consumer loyalty while also creating the risk of class-action litigation. The Securities and Exchange Commission (SEC) has recognized the risks that publicly traded companies face in dealing with cybersecurity incidents. In October 2011, the SEC promulgated guidelines that publicly traded companies should evaluate when determining what information should be disclosed concerning a cybersecurity incident or potential incident. These advisory guidelines provide a new paradigm for evaluating how cybersecurity risks should be disclosed by publicly traded companies.
The Assets and Drawbacks of the Proposal for an EU Regulation on the Protection of Personal Data (February 1, 2013)
On 25 January 2012, the European Commission publicised its proposal for an EU regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This proposal for a regulation sets out a new regulatory framework with regard to data protection within the European Union.
CANADA—Revised Proposed Electronic Commerce Protection Regulations Issued by the Department of Industry (February 1, 2013)
On January 5, the federal Department of Industry published a second set of proposed regulations in the Canada Gazette. Readers may recall that after Canada’s Anti-Spam legislation (CASL) received Royal Assent on December 15, 2010, the department issued its proposed regulations on July 9, 2011. Stakeholders were invited to provide feedback on the proposed regulations by September 7, 2011.
FRANCE—A Tax on Personal Data? (February 1, 2013)
The French government has launched this summer a reflexion on taxation of the digital economy. The report of the Colin & Collin mission is soon due. Personal data is likely to be considered as a triggering taxation factor because of their economic value, and rumours are growing.
ITALY—Garante Seeks International Cooperation on Recent Initiatives (February 1, 2013)
The Italian data protection authority (Garante) has established three resolutions in the field of international data processing and transfer.
POLAND—Functions of Polish Data Protection Officer To Be Reformed (February 1, 2013)
In order to become more entrepreneur-friendly, the Polish government has initiated changes to reduce the administrative burdens in conducting business which also intend to amend Polish Data Protection Act of August 29, 1997. Alongside, the Association of Information Security Administrators together with the participation of the Polish Data Protection Authority holds a number of seminars relating to the planned transition of functions of the data protection officer, known in Poland as the information security administrator (DPO).
HHS Issues Final HIPAA Omnibus Rule (February 1, 2013)
The U.S. Department of Health and Human Services (HHS) has prepublished its highly anticipated modifications to the HIPAA Privacy and Security rules. HHS Secretary Kathleen Sebelius said, “The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.”
Albrecht Report Released; Industry, EDPS Respond (February 1, 2013)
MEP Jan Philipp Albrecht has released a draft report on the European Commission’s proposed update to the 1995 Data Protection Directive supporting a robust framework and recommending more stringent measures, inciting mixed reactions from government and industry.
Online Social Media Conference Calls for Papers (February 1, 2013)
The Second International Workshop on Privacy and Security in Online Social Media is calling for papers. The workshop, to be held in Rio, Brazil, on May 14 and chaired by Prof. Ponnurangam Kumaraguru and Prof. Virgilo Almeida, aims to create a platform to “discuss latest and upcoming issues, trends and cutting-edge research approaching in security and privacy in online social media and complex networked systems,” as well as to bring together researchers working on such topics to find overlaps.
Hunton & Williams Maintains Top-Tier Band 1 Ranking (February 1, 2013)
Hunton & Williams has announced it has maintained its top-tier “Band 1” ranking in Data Protection in Chambers UK’s 2013 edition.