Author: Yodi Hailemariam (page 2 of 3)

European Commission Issues GDPR Guidance

Share

The European Commission (EC) recently issued online guidance on the General Data Protection Regulation (GDPR), a sweeping European Union (EU) data protection legislation that will take effect on May 25, 2018.  The guidance is intended to be used as a tool to help businesses as well as the EC, national data protection authorities, EU Member States, and other national administrations prepare for the GDPR.  To date, only 2 EU Member States – Germany and Austria – have adopted the relevant national legislation to be in compliance with GDPR.

Continue reading

China Releases New Personal Information Privacy Standards

Share

On January 25, 2018, China released the final version of the Personal Information Security Specification, new voluntary standards on the protection of personal information.  The standards anticipate and address the “issues faced in personal information security during the rapid development of IT technology; with the protection of personal information as their core” and is meant to “regulate all phases of big data operations and related conduct, such as the collection, storage, processing, use and disclosure of personal information.”  The standards will go into effect on May 1, 2018.

The standards will apply to organizations using information systems to process personal information; specific departments that involve network security, third party assessment organizations; and other organizations that deal with the oversight, management, and assessment of personal information security.  Generally, they lay out the following 8 basic principles of personal information security.

Continue reading

Strava’s Heatmap & IoT Devices

Share

Online fitness tracking app Strava recently published a “heatmap” of data showing the physical movement paths of Strava users around the globe.  The Strava app uses mobile phones’ GPS in conjunction with wearable fitness trackers, such as Fitbit, Garmin, and Xiaomi Mi, to track users’ physical activities, capture performance metrics like speed, pace, and distance, analyze users’ performance, and compare performance metrics with other users.  As useful as this information is to Strava users, it became widely known in late January 2018 that Strava’s heatmap, easily available to the public, shows the movement of soldiers and military personnel in different global locations.  This information can be used to identify, with explicit detail, the location and layout of foreign physical military installations in countries such as Syria and Afghanistan.

Strava’s heatmap, which was updated in November 2017, is a visualization of the company’s global network of athletes.  According to Strava, the heatmap is the “largest, richest, and most beautiful dataset of its kind,” and consists of the following data points:

  • 1 billion activities
  • 3 trillion latitude/longitude points
  • 13 trillion pixels rasterized
  • 10 terabytes of raw input data
  • A total distance of 27 billion km (17 billion miles)
  • A total recorded activity duration of 200 thousand years
  • 5% of all land on Earth covered by tiles

Strava notes that the platform has numerous privacy rules in place, including an enhanced privacy mode, the exclusion of some or all private activities, the cropping of activities to respect user defined privacy zones, and the option to opt-out of contributing data to the heatmap.

Strava’s heatmap highlights a variety of issues associated with the deployment of  Internet of Things (IoT) devices.  The IoT, a broad category of technology that is generally understood to include physical devices that can collect and share data and connect to the Internet, is quickly changing every aspect of our lives, from the way we work and how we purchase goods and services to how we exercise and how well we sleep.  How these devices connect with other devices as well as consumer expectations continue to evolve is this largely unregulated space.

The FTC’s 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change,” provides further insight.

United States Is First Country to Join APEC Privacy Recognition for Processors Program

Share

The United States recently became the first country to participate in the new Asia-Pacific Economic Cooperation (“APEC”) Privacy Recognition for Processors (“PRP”) program.  Finalized in 2016 and designed to certify privacy compliance for personal information processors within the Asia-Pacific region, the PRP program offers a trustmark certification to processors that demonstrate their capacity to assist data controllers in complying with relevant privacy obligations.  According to APEC, the PRP program was created so that (1) data controllers are able to identify qualified data processors to implement data controllers’ data processing obligations, (2) data processors are able to demonstrate their ability to provide effective implementation of a controller’s privacy requirements, and (3) small and medium-sized institutions are able to gain exposure and visibility into a global data processing network.  Continue reading

Singapore Addresses Confidentiality of Electronic Patient Records in New Healthcare Services Bill

Share

Singapore’s Ministry of Health (MOH) recently drafted a new Healthcare Services (HCS) Bill aimed to bridge the gap between the country’s changing healthcare needs and technological advances.  According to the MOH, the healthcare landscape in Singapore is undergoing significant changes, including an ageing population, increased chronic disease prevalence, and advancements in medicine and health technologies.  The HCS Bill will “better safeguard the safety and well-being of patients, while enabling new and innovative services that benefit patients to be developed, in the changing healthcare environment.”

Currently, healthcare providers in Singapore are licensed and regulated under the Private Hospitals and Medical Clinics Act (PHMCA), which was designed to protect patient safety through the licensing of physical healthcare premises.  But, brick and mortar locations are quickly becoming a thing of the past as more and more healthcare services are delivered through mobile and online channels.  MOH intends to respond to this shift by repealing the PHMCA and replacing it with this new HCS Bill.

Continue reading

VTech Settlement Resolves COPPA Allegations in FTC’s First Connected Toy Case

Share

The Federal Trade Commission announced a settlement with VTech Electronics Limited and its U.S. subsidiary in the FTC’s first case involving Internet-connected toys.

VTech had been charged with violating the FTC Act and the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children without providing direct notice and obtaining their parent’s consent, as well as failing to properly secure the data it collected.  The settlement includes a payment of $650,000 in civil penalties, injunctive relief, and the establishment of a comprehensive security program.

Background

VTech, a Hong Kong corporation, and VTech Electronics North America, advertise, market and distribute electronic learning products (ELPs).  The companies offer online games available through the ELPs and operate the Learning Lodge Navigator online service, a platform similar to an app store that allows customers to download child-directed apps, games, e-books and other online content.  As of November 2015, approximately 2.25 million parents had created accounts with Learning Lodge for nearly 3 million children, according to the FTC.

Continue reading

Older posts Newer posts

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy