A proposed ballot measure that would require businesses to provide annual disclosures to consumers on the collection or sale of personal information has been filed with the California Attorney General. If 365,880 signatures are obtained, it may appear on the November 2018 ballot.
The initiative is based on California’s “Shine the Light Law” which sets forth the procedures companies must follow in disclosing, upon request of a consumer, what information has been shared with third parties. The law also contains specific language to be included in online privacy policies.
Continue reading “Application for Proposed Ballot Measure: California Consumer Privacy Act of 2018”
Earlier this month, the Department of Homeland Security (DHS) issued a binding order restricting the government’s use of cybersecurity software developed by Moscow-based Kaspersky Labs.
Government departments and agencies have 90 days to remove or discontinue use of any Kaspersky Labs software products—but the buck doesn’t stop there. Kaspersky boasts more than 400 million users and 270,000 corporate clients, meaning organizations that provide any services involving federal information systems would be wise to investigate whether they, either directly or indirectly, use Kaspersky products and services. Continue reading “U.S. Government Restricts the Use of Kaspersky Cybersecurity Software”
Providing data subjects with meaningful information regarding the processing of their personal data and their rights with respect to such processing is an axiom of privacy law—and a key requirement under the General Data Protection Regulation (GDPR).
The significance of this principle of transparency was recently highlighted by the European Court of Human Rights (ECHR) in Bărbulescu v. Romania where the court affirmed an employee’s right to privacy when using communications tools in the workplace due, in part, to the employer’s failure to provide adequate notice regarding its internet monitoring activities. This post briefly discusses the principle of transparency under GDPR and its application to the Bărbulescu case.
Continue reading “GDPR and ECHR Make One Thing Abundantly Transparent: The Significance of Transparency”
The Equifax breach affecting as many as 143 million U.S. consumers highlights the segmented legal landscape surrounding data security as well as the challenges of regulating it. News reports indicate that federal agencies, including the FTC, and a number of state Attorneys General either are or have been called to investigate Equifax and a number of class actions have already been filed.
Some commentators have suggested that the Equifax breach requires a regulatory response, but it is not clear that regulation would have prevented the breach.
Continue reading “Equifax Breach: Good Data Security Practices Matter”
It’s not news that various branches of the federal government have been studying a range of privacy and consumer safety issues that arise with ever more connected vehicles. What is new is the Government Accounting Office (GAO)’s report to the House Subcommittee on Research and Technology, Committee on Science, Space and Technology about how current passenger vehicle manufacturers address the many privacy issues that arise with connected vehicle use.
GAO interviewed industry associations and organizations that work on privacy issues and also interviewed 16 automakers that were selected based on their U.S. passenger vehicle sales. GAO reviewed the written privacy policies of the automakers against a set of leading privacy practices and issued a report, Vehicle Data Privacy: Industry and Federal Efforts Under Way but NHTSA Needs to Define its Role, on August 28, 2017.
Continue reading “GAO Report on Connected Vehicles Calls for NHTSA to Define and Document its Role in Vehicle Data Privacy”
Three U.S. companies have entered into consent agreements with the Federal Trade Commission (FTC) for allegedly misrepresenting their participation in the European Union-United States Privacy Shield framework. These are the FTC’s first actions to enforce the EU-US Privacy Shield framework that was put in place in 2016 to replace the US-EU Safe Harbor framework.
Continue reading “The FTC’s First Privacy Shield Enforcement Actions”