NHTSA Issues Voluntary Driverless Car Guidelines; European Privacy Supervisor proposes Digital Clearing House for coherent handling of Big Data cases; Facebook and Power Ventures Battle Over the Scope of the CFAA; Arizona Supreme Court: Police Cannot Search Unlocked, Unattended Phone; German consumer group urges Whatsapp to stop sharing data with Facebook; German DPA issues guidelines

ICO investigating into Facebook and WhatsApp Data Sharing Plans; Germany and France publish joint action plan against encryption; PrivacyShield now covering 200 U.S. companies.

UK DPA investigating into Facebook and WhatsApp Data Sharing Plans

The United Kingdom’s Information Commissioner (‘ICO’) is taking a closer look into WhatsApp’s plan to share more user data with parent company Facebook for the purposes of targeted advertising.

According to a recent WhatsApp blog post, WhatsApp has changed its Privacy Policy on August 25. This move will allow the company to share further personal information, in particular the mobile phone numbers of its users, with parent company Facebook. According to information published earlier this week, users should have 30 days to decide whether they want to receive targeted advertising, but they should not be allowed to object the data sharing as such.

Actually, the new approach of WhatsApp is not such a big surprise, as similar concerns had already been raised in the debate around the acquisition of WhatsApp by Facebook. However, the European Commission had explicitly made clear that the assessment of privacy issues does not fall within its competence as a Competition authority, and approved the merger.


Continue Reading Privacy & Cybersecurity Weekly News Update – Week of August 21

The European Commission (EC) and U.S. Department of Commerce (DOC) announced today that they have replaced the invalidated U.S.-EU Safe Harbor framework with an updated transatlantic framework which adds several new layers of transparency and oversight.

Though the text of the agreement will not be available for a few weeks, both parties announced a number

U.S.-EU Safe Harbor renegotiation misses deadline; FDA provides medical device design guidance; FTC settles false advertising claim with health care software vendor over encryption.

U.S.-EU Safe Harbor Renegotiation Misses Deadline

The deadline for the U.S.-EU Safe Harbor renegotiation, set by the EU Data Protection Authorities (DPAs) after the October 2015 invalidation of Safe Harbor was January 31. The EU DPAs have a meeting scheduled for February 2 to discuss the results of the renegotiation. Final terms of the new EU-U.S. data flows framework are reportedly on the table.

On February 1, the European Commission announced to the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the deadline had not been met, but once again stated that the parties are very close to an agreement. EU Commissioner Věra Jourová told the Parliament committee, “I believe the close relationship between the United States and European Union deserves these special efforts. We are close but an additional effort is needed.”

The DPAs have already begun discussing collaborative enforcement actions against companies that continue to rely solely on the invalidated Safe Harbor. The DPAs are expected to clarify their plans at their February 2 meeting, and at that meeting certain DPAs are expected to call for the collective halt to all data flows to the U.S. if a new U.S.-EU framework is not available.


Continue Reading Privacy & Cybersecurity Weekly News Update

Crowell & Moring LLP is pleased to release its “2016 Litigation & Regulatory Forecasts: What Corporate Counsel Need to Know for the Coming Year.” The reports examine the trends and developments that will impact corporations in the coming year—from the last year of the Obama administration to how corporate litigation strategy is transforming from the inside out. This year will bring remarkable change for companies, as market disruptions and the speed of innovation transform industries like never before, and the litigation and regulatory environments in which they operate are keeping pace.

Continue Reading Crowell & Moring’s 2016 Litigation & Regulatory Forecasts: What Corporate Counsel Need to Know for the Coming Year

The EU’s Article 29 Working Party (Art. 29 WP) has now provided guidance on alternative mechanisms for transferring data from the EU to the U.S. after the popular U.S.-EU Safe Harbor mechanism was invalidated by the European Court of Justice (ECJ). The Art. 29 WP guidance, like the ECJ decision, focuses on “massive and

On October 6, 2015, the European Court of Justice invalidated the U.S.-EU Safe Harbor Framework (Safe Harbor), which previously provided a valid mechanism for data transfers from the European Union to the U.S.  This decision may have extraordinary consequences for the over 4,400 companies that rely on Safe Harbor, which has been in place for

The Federal Trade Commission (FTC) has struck again in the data privacy world, this time at 13 companies that allegedly misrepresented in their privacy statements that they were U.S.-EU or U.S.-Swiss Safe Harbor certified. This latest enforcement sweep demonstrates the FTC’s privacy focus and reinforces the need for companies to make accurate public representations.

The FTC charged the 13 companies with misleading consumers and has proposed placing them under a familiar 20-year consent order. The consent order requires the companies to refrain from  misrepresenting privacy or security program adherence and to keep strict records for the FTC’s overview. For the next 20 years, any companies that disobey the consent order will be subject to a $16,000 civil penalty per violation.


Continue Reading Recent FTC Safe Harbor Enforcement Takeaways