Cross-posted from Security, Privacy & the Law
January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics.
Far from being an academic concept, “data ethics” presents a model for data management with real practical implications for organizations. (I should note that I am focused here on personal data.) To understand what the concept might entail,… More
This post, written by Christopher Hart, was originally posted on Foley Hoag’s Security, Privacy and the Law blog.
* * * * *
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications.… More
It’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.
This week’s post includes: the formal withdrawal of the United States from the EITI; the passage of the Canadian Magnitsky Act; and the launch of the Investor Alliance for Human Rights.
It’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.
This week’s post includes: the European Parliament’s adoption of a new conflict minerals regulation; the French Constitutional Council’s review of the proposed duty of vigilance legislation; the dismissal of the Doe v. Nestle litigation; and the release of a new Corporate Accountability Index by Ranking Digital Rights.… More
It’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.
This week’s post includes: a federal court decision holding that U.S.-based companies may be obligated to turn over customer data stored outside the United States; an amicus brief opposing President Trump’s Executive Order establishing an entry ban on individual from seven Muslim-majority countries; and new guidance from the OECD with regard to due diligence in apparel and footwear supply chains.… More
This post, written by Jeremy Meisinger, was originally published on the firm’s Security, Privacy, and the Law blog.
For internet-of-things watchers, some information to chew on: several news outlets have reported on a dispute between Amazon and law enforcement investigators in Bentonville, Arkansas. Arkansas police are investigating an apparent homicide that took place in November 2015,… More
In a case closely watched by privacy advocates, on July 14, the Second Circuit Court of Appeals held that the Stored Communications Act (“SCA”) does not authorize U.S. law enforcement authorities to order U.S.-based companies to turn over customer e-mail content that is stored exclusively outside the United States.
In the case, Microsoft v. United States of America, Microsoft challenged a warrant requiring it to turn over customer data,… More
It’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.
This week’s post includes: a new guide for business lawyers from the International Bar Association that seeks to promote implementation of the U.N. Guiding Principles on Business and Human Rights; the public release of Know the Chain’s first report benchmarking technology companies on efforts to address forced labor in their supply chains;… More
I’ll be speaking this morning at RightsCon regarding a new guide for early-stage technology companies seeking to operate with respect for users’ rights to freedom of expression and privacy.
I have worked to develop the guide with Vivek Krishnamurthy and Dalia Ritvo, friends and colleagues at the Cyberlaw Clinic, which is based at Harvard University’s Berkman Center for Internet &… More
This post was originally published on the firm’s Security, Privacy, and the Law blog.
Last month we presented a webinar detailing what you need to know about the EU-U.S. Privacy Shield and what your company should do now. Watch the recording here:
To download a copy of the presentation,… More
It’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.
This week’s post includes: an overview of amicus briefs in the Apple case; the arrest of a Facebook executive in Brazil; and a statement from the U.S. Government on its human rights “commitments and pledges,” including its forthcoming adoption of a National Action Plan on Responsible Business Conduct.… More
This post, written by Jeremy Meisinger, was originally published on the firm’s Security, Privacy, and the Law blog.
The Children’s Online Privacy Protection Rule (“COPPA Rule”) requires website and online service operators to give notice to parents and obtain verifiable parental consent before collecting children’s “personal information” online. 16 CFR §§ 312.4, 312.5. The definition of “personal information” encompasses some obvious pieces of data – name and address,… More
It’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.
This week’s post includes: Apple’s refusal to comply with a federal court order; a new report highlighting the most pressing business and human rights challenges facing companies today; and an evaluation of corporate compliance with the California Transparency in Supply Chains Act.
It’s Friday and time for our latest overview of developments in the field of business and human rights that we’ve been monitoring.
This week’s post includes notice of several new lawsuits regarding human rights concerns in corporate supply chains as well as coverage of the European Court of Justice’s recent decision to strike down the 15-year old “Safe Harbor” agreement allowing companies to self-certify that their data transfers between the United States and Europe are in compliance with E.U.… More
This post, written by Colin Zick, Catherine Muyl, and Alice Berendes, was originally published as a client alert on the firm’s Security, Privacy, and the Law blog.
The European Court of Justice has issued a decision (ECJ 6 October 2015 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner) that invalidates the so-called US-EU “Safe Harbor” system.… More
This post, written by Martha Coakley and John Hurst, originally ran as an op-ed in the September 25, 2015 edition of The Boston Globe.
Hardly a week goes by without a news report of a new cyberattack. As any consumer affected by fraud knows, the harm is real. The impact on businesses, government,… More
There continue to be regular developments in the business and human rights field that warrant attention from both companies and their stakeholders. New legislation and regulation, shifting policy positions, and developments in ongoing litigation…there is always a lot to discuss.
To conclude this week, we have put together a rundown of five recent developments that we’ve been watching closely:
This post, written by Catherine Muyl and Alice Berendes, was originally published on the firm’s Security, Privacy, and the Law blog.
On 13 May 2014 the Court of Justice of the European Union (CJEU) issued a judgment which Google called a “landmark ruling” (Google v. Costeja Gonzalez case,… More
Today’s decision by the European Court of Justice (ECJ) that individuals enjoy the right to have truthful yet unflattering information about them “forgotten” from online search results is generating a great deal of controversy in Europe and beyond. In a case brought by Spanish national Mario Costeja Gonzalez against Google demanding that the search giant remove results referring to a years-old newspaper notice of a tax auction of his property,… More
Today, February 11, is a digital day of protest against surveillance by the National Security Agency. Billed ‘The Day We Fight Back“, participants in the protest range from activist groups to the Reform Government Surveillance Coalition, an business entity which includes Google, Microsoft, LinkedIn, Twitter, Facebook, Yahoo!, and AOL. Protesters’ demands include Congressional support for the Freedom Act,… More
This week the news has been full of reports from Las Vegas regarding the latest technological trends on display at the International Consumer Electronics Show. Discussions about wearable technologies and smart appliances — and the emerging “Internet of Things” — often lead privacy advocates to question the potential downsides of companies collecting massive amounts of data regarding everything from where we walk to what we eat.… More
Recent revelations regarding surveillance activities by the U.S. Government have raised many questions regarding the balance between privacy and security. There have already been, and there will continue to be, Congressional hearings and other public policy forums regarding the appropriate scope of government surveillance efforts and the role of private companies in responding to law enforcement requests.
Beyond questions regarding the scope of government under existing legislation,… More
The Telecommunications Industry Dialogue, a group of eight telecommunications companies, recently published a set of Guiding Principles on freedom of expression and privacy. Originally formed in 2011, the Industry Dialogue also announced a two-year partnership with the Global Network Initiative.
Current participants in the Industry Dialogue include: Alcatel-Lucent, France Telecom-Orange, Millicom,… More
According to an article in the Wall Street Journal last week (subscription required), smartphone makers are receiving an increasing number of requests from U.S. law enforcement agencies for assistance in bypassing password protections on encrypted mobile devices seized from criminal suspects. Although it is heartening to hear the article’s report that companies such as Google are challenging warrants requiring them to divulge “any and all means of gaining access,… More
Does your board exercise proper oversight over cybersecurity risks? Directors and officers have fiduciary duties to protect the assets of their companies. This obligation covers digital assets, including corporate information, applications, and networks. The scope of the obligation is defined, in part, by laws and regulations that impose specific privacy and security obligations on companies.
The threats to digital assets are real, and companies are increasingly grappling with how best to manage network infiltrations,… More
“There is no such thing as bad publicity” goes the old adage, but sometimes casting the glare of publicity on non-issues can obscure real and pressing issues from public view. So it is with Senator Charles Schumer’s (D-NY) comments yesterday over the threat to privacy posed by online mapping technologies such as Google Maps, Microsoft’s Bing Maps, and Apple’s forthcoming iOS Maps. “Sunbathing in your backyard shouldn’t be a public event”… More
.jpg)
How should software companies set the default privacy settings on their products? Microsoft’s announcement last week that the next version of its Internet Explorer web browser will ship with its “Do Not Track” functionality switched on has sparked a lively debate on this very issue.
“Do Not Track” is a technological standard being implemented in all major web browsers that allows users to tell web sites,… More
No matter how big or small your company currently might be, your company needs a geolocation policy that takes human rights into account if you are either: (1) gathering or storing data that personally identifies your customers; or (2) providing a platform for creating or storing user generated content.
Technology companies typically first think about geolocation when they have grown to the point where they need to locate data somewhere other than their home base for redundancy reasons or to reduce network latency.… More
Technology companies typically begin to think about corporate social responsibility in the context of "giving back to the community" once they have become large, established market players with a track record of profitability. This is far from an ideal approach to CSR, however, because having a proper CSR framework in place right from day one can young companies avoid problems that can stymie their growth or tarnish their reputation permanently.… More
Access, an advocacy organization that promotes open and secure access to the Internet, recently released its Telco Action Plan, a document that sets forth ten steps and implementation objectives for telecommunications companies (“telcos”) seeking to operate with respect for human rights.
Access launched the plan at last month’s Stockholm Internet Forum and intends to use the document as a platform for dialogue with telcos that seek to operate in political and legal contents that may post threats to freedom of expression,… More
.jpg)
What policies, processes, and procedures do companies need to have in place in order to protect the fundamental human rights of freedom of expression and privacy?
This question was central to the first independent assessments of corporate implementation of the Global Network Initiative ("GNI") Principles, conducted this past year and announced on April 18 with the release of GNI’s second annual report. … More
This post, written by Colin J. Zick, was originally posted on Foley Hoag’s Security, Privacy and the Law blog.
* * * * *
FTC has released the final version of its original 2010 Report — "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers."… More
The Obama Administration’s release last month of a framework for protecting online privacy ranks among the most significant efforts to address privacy concerns in the short history of the information age.
The framework’s centerpiece is a “Consumer Privacy Bill of Rights” (.pdf). As discussed on Foley Hoag’s Security, Privacy, and the Law blog, the Bill of Rights articulates seven broad,… More
.jpg)
A fascinating article in last weekend’s New York Times Magazine discusses the powerful statistical techniques that some companies are using to analyze sales and other data in order to gain insights into their customers’ behaviors and needs. The article raises a number of difficult consent and privacy issues.
The feature-length piece by Charles Duhigg uses the “predictive analytics” program developed by Target, America’s third-biggest retailer, as a case study to illustrate how companies are combining data from customer interactions with other information obtained from commercial databases to draw strikingly detailed portraits of individual customers.… More
A developer for Google’s Android mobile phone operating system has exposed what has the potential to be the most significant user privacy security vulnerability ever discovered in any computing device.
In a video posted to YouTube, Connecticut-based developer Trevor Eckhard has demonstrated how a program called Carrier IQ logs an astonishing amount of information about every aspect of mobile device use —… More
Earlier today, Federal Trade Commission (“FTC”) and Facebook announced a settlement of the government’s charges that the company had deceived users regarding their ability to keep their information private. We have reposted below a blog post outlining the major elements of the settlement agreement. The post was authored by our colleague Colin Zick, co-founder of Foley Hoag’s Security & Privacy practice group,… More
The Global Network Initiative ("GNI") released its first annual report (.pdf) last month. This is a milestone worth celebrating by all who continue to believe in the power of the information and communications technology ("ICT") sector to promote freedom and development (and development as freedom) worldwide.
Although the changes wrought in the last decade by the proliferation of ICT companies to the furthest reaches of the globe are almost unimaginable,… More
Foley Hoag’s Emerging Enterprise Center blog has recently published several posts on a preliminary staff report, recently released by the Federal Trade Commission (“FTC”), which sets out a proposed framework for protecting privacy in the digital economy. Specifically, the report endorses the implementation of a “Do Not Track” mechanism to allow consumers to choose whether to allow the collection of data regarding their online activities.… More