Tag Archives: safe harbor

Privacy Shield: Article 29 Working Party Calls Upon the European Commission and US Authorities to Restart Discussions

‎On November 28, 2017, the EU’s Article 29 Working Party issued its report on the First Annual Joint Review of the EU-US Privacy Shield, which was conducted on September 18-19, 2017.

In this 38 page report, the WP analyzed the Privacy Shield’s commercial and government aspects (as it did in its earlier opinion, issued in April 2016 when the Privacy Shield was still a draft;… More

EU Updates on Schrems II and the Privacy Shield

The current challenge to Facebook’s privacy practices in Ireland (“Schrems II”) may be coming to a head.  You will recall that in Schrems I, the challenge to Facebook’s privacy practices led to a decision issued by the European Court of Justice that invalidated the US-EU Safe Harbor.  Following the invalidation of the Safe Harbor, Facebook switched to the Commission’s Standard Contractual Clauses (SCC) and the Schrems complaint was reformulated to challenge the SCC.… More

WATCH: Webinar on US-EU Safe Harbor

On November 19, Foley Hoag and UK Trade & Investment presented a webinar discussing the latest developments following ECJ’s decision to invalidate the US-EU Safe Harbor system. Watch the recording here:

 

Click here to download the slides. More

New COPPA Safe Harbor Added By iKeepSafe

Last week, the FTC announced approval of a new Safe Harbor Program under the Children’s Online Privacy Protection Act (COPPA), called iKeepSafe. The program was created by the Internet Keep Safe Coalition, a nonprofit organization that describes its goal as the “creation of positive resources for parents, educators and policymakers who teach youths how to use new media devices and platforms in safe and healthy ways.”

The COPPA Rule affords some flexibility in compliance through use of a safe harbor provision,… More

Law360: “HHS Data-Scrubbing Guidance Backs Strict Privacy Definitions”

Today’s Law360 addresses “HHS Data-Scrubbing Guidance” with quotes from me and others on the subject:

Clarifying the types of data that need to be removed from data sets can also help companies maximize the value of the information that they hold as the value of and ability to use this data for research and public health purposes increases, Foley Hoag LLP security and privacy practice co-chair Colin Zick added.… More

HHS OCR Issues Guidance Regarding Methods for De-identification of PHI in Accordance with HIPAA

On November 26, HHS OCR released guidance regarding methods for de-identification of protected health information in accordance with the HIPAA Privacy Rule. This guidance fulfills the American Recovery and Reinvestment Act of 2009 (ARRA) mandate that HHS issue such guidance.

Following the passage of ARRA, OCR collected research and views regarding de-identification approaches, best practices for implementation and management of the current de-identification standard and potential changes to address policy concerns.… More

Obama Administration Seeks “Consumer Privacy Bill of Rights”

In March 16, 2011 testimony before the Senate Committee on Commerce, Science, and Transportation, the Obama Administration formally asked Congress to pass a "consumer privacy bill of rights" enforced by the FTC:

Legislation to provide a stronger statutory framework to protect consumers’ online
privacy interests should contain three key elements. First, the Administration recommends that legislation set forth baseline consumer data privacy protections—that is, a “consumer privacy bill of rights.”… More