On November 28, 2017, the EU’s Article 29 Working Party issued its report on the First Annual Joint Review of the EU-US Privacy Shield, which was conducted on September 18-19, 2017.
In this 38 page report, the WP analyzed the Privacy Shield’s commercial and government aspects (as it did in its earlier opinion, issued in April 2016 when the Privacy Shield was still a draft;… More
The current challenge to Facebook’s privacy practices in Ireland (“Schrems II”) may be coming to a head. You will recall that in Schrems I, the challenge to Facebook’s privacy practices led to a decision issued by the European Court of Justice that invalidated the US-EU Safe Harbor. Following the invalidation of the Safe Harbor, Facebook switched to the Commission’s Standard Contractual Clauses (SCC) and the Schrems complaint was reformulated to challenge the SCC.… More
In Case You Missed It: The EU/US Privacy Shield is set to go into effect this Tuesday, July 13, pending a decision today by the EU’s College of Commissioners. On Friday, July 8, the Privacy Shield agreement (entered into in February) was adopted by EU member states. EU/US data transfer has been in limbo ever since the erstwhile Safe Harbor was invalided by the European Court of Justice last year. … More
On May 25, 2016, partners Catherine Muyl, Colin Zick and Daniel Schimmel participated in a panel discussion on how companies can transfer personal data and remain compliant. The event, co-sponsored by The French-American Chamber of Commerce, Foley Hoag LLP and The Consulate General of France in New York, was part of the FACC’s “Tech, Media & Entertainment”… More
On November 19, Foley Hoag and UK Trade & Investment presented a webinar discussing the latest developments following ECJ’s decision to invalidate the US-EU Safe Harbor system. Watch the recording here:
Click here to download the slides. More
Last week, the FTC announced approval of a new Safe Harbor Program under the Children’s Online Privacy Protection Act (COPPA), called iKeepSafe. The program was created by the Internet Keep Safe Coalition, a nonprofit organization that describes its goal as the “creation of positive resources for parents, educators and policymakers who teach youths how to use new media devices and platforms in safe and healthy ways.”
The COPPA Rule affords some flexibility in compliance through use of a safe harbor provision,… More
Today’s Law360 addresses “HHS Data-Scrubbing Guidance” with quotes from me and others on the subject:
Clarifying the types of data that need to be removed from data sets can also help companies maximize the value of the information that they hold as the value of and ability to use this data for research and public health purposes increases, Foley Hoag LLP security and privacy practice co-chair Colin Zick added.… More
On November 26, HHS OCR released guidance regarding methods for de-identification of protected health information in accordance with the HIPAA Privacy Rule. This guidance fulfills the American Recovery and Reinvestment Act of 2009 (ARRA) mandate that HHS issue such guidance.
Following the passage of ARRA, OCR collected research and views regarding de-identification approaches, best practices for implementation and management of the current de-identification standard and potential changes to address policy concerns.… More
In March 16, 2011 testimony before the Senate Committee on Commerce, Science, and Transportation, the Obama Administration formally asked Congress to pass a "consumer privacy bill of rights" enforced by the FTC:
Legislation to provide a stronger statutory framework to protect consumers’ online
privacy interests should contain three key elements. First, the Administration recommends that legislation set forth baseline consumer data privacy protections—that is, a “consumer privacy bill of rights.”… More