DBR ON DATA

Security, Privacy and Information Governance

Month: October 2017 (page 2 of 2)

FTC and Department of Education to Co-Host Workshop and Webcast on Privacy Issues in Education Technology

Share

The Federal Trade Commission (FTC) and the U.S. Department of Education (ED) will co-host a live workshop on December 1, 2017 highlighting two intersecting regulatory regimes: the FTC’s rules implementing the Children’s Online Privacy Protection Act (COPPA), which applies to K-12 schools and to children under the age of 13, and the simultaneous application of the Family Education Rights and Privacy Act (FERPA), which also applies to schools and is administered by ED.

Continue reading

Legislative Spotlight: Self-Driving Cars Part 1

Share

The House of Representatives passed H.R. 3388, the “Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act” or the “SELF DRIVE Act” last month. The bill would remove regulatory barriers to develop self-driving or autonomous cars by giving the National Highway Traffic Safety Administration (NHSTA) authority to establish federal safety, design, and performance standards for automated cars, excluding commercial vehicles, such as trucks and buses. States would still be responsible for the vehicle registration, driver’s licensing, insurance, and safety and emissions inspections. The bill would also allow states to impose stricter performance requirements than those set by NHTSA.

We have outlined the privacy and cybersecurity provisions of this bill, as well as the NHTSA’s voluntary security standards for self-driving cars.

Continue reading

Connected Car Resolution adopted by the International Conference of Data Protection and Privacy Commissioners

Share

Connected car data protection generated significant discussion amongst people at the International Conference of Data Protection and Privacy Commissioners. The 39th annual conference brought together privacy and data protection authorities (DPAs) from around the world in Hong Kong in September.  Consistent with prior tradition, the “closed sessions” produced three separate nonbinding resolutions.

Continue reading

A Top-5 Panel Round-up of the Mobile World Congress Americas

Share

The Mobile World Congress Americas (MWCA) brought more than 30,000 attendees together from around the world to discuss the latest technologies, telecommunications developments, and policies last month.  The conference, which was held in San Francisco, included a massive exhibition floor, numerous panel events, and countless ancillary networking events.  What follows is a top-five round-up of key takeways from MWCA panels, in no particular order.

Continue reading

Irish High Court Refers Future of EU Model Clauses to CJEU

Share

On October 3, 2017, the Irish High Court referred Data Protection Commissioner v. Facebook Ireland Limited & Maximilian Schrems to the Court of Justice of the European Union (CJEU), where the future of standard contractual clauses (SCCs) will be decided (here).

In December 2015—following the CJEU’s landmark decision in Maximillian Schrems v. Data Protection Commissioner invalidating the U.S.-EU Safe Harbor framework—Schrems amended his original complaint to the Irish Data Protection Commissioner (DPC), challenging the validity of data transfers to the U.S. based on the European Commission approved SCCs (available here).  Based on the CJEU’s Schrems decision, the Irish DPC petitioned the Irish High Court asking to refer the matter to the CJEU for ruling on the question of whether the European Commission’s SCC decisions are valid under European law.  Specifically, the Data Protection Commissioner questioned whether there is an effective remedy under U.S. law compatible with the requirements of Article 47 of the EU Charter of Fundamental Rights for an EU citizen whose data is transferred to the U.S., where such data is subject to electronic surveillance by U.S. agencies for national security purposes. EU  citizens  have  a  right  guaranteed  by  Article  47  of  the  Charter  to  an  effective remedy before an independent tribunal if their rights or freedoms are violated. These include the rights under Articles 7 and 8 to respect for private and family life and protection of personal data.

Continue reading

Mark your calendars! FTC Workshop on Information Injury set for December

Share

The Federal Trade Commission’s (FTC) Bureaus of Consumer Protection and Economics will host a workshop to examine consumer injury in the context of privacy and data security on Dec. 12, 2017.   Consumer injury is often difficult to quantify generally and especially challenging when there are allegations of a privacy or data security breach or other types of unauthorized access to personal information.  The FTC’s workshop will explore how to measure accurately such injuries; what frameworks might be used to assess different injuries as well as how consumers and businesses evaluate the benefits and costs associated with providing, collecting and using personal information.

Continue reading

Newer posts

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy