Category Archives: Privacy

Data Privacy Day Reflections – Compliance, Governance, Ethics (and AI)

Cross-posted from Security, Privacy & the Law

January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics.

Far from being an academic concept, “data ethics” presents a model for data management with real practical implications for organizations.  (I should note that I am focused here on personal data.)  To understand what the concept might entail,… More

Five on Friday – Five Recent Developments that We’ve Been Watching Closely

iStock_000011057325XSmallIt’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.

This week’s post includes: the formal withdrawal of the United States from the EITI; the passage of the Canadian Magnitsky Act; and the launch of the Investor Alliance for Human Rights.

Five on Friday – Five Recent Developments that We’ve Been Watching Closely

It’s Friday iStock_000011057325XSmalland time for another overview of developments in the field of business and human rights that we’ve been monitoring.

This week’s post includes: the European Parliament’s adoption of a new conflict minerals regulation; the French Constitutional Council’s review of the proposed duty of vigilance legislation; the dismissal of the Doe v. Nestle litigation; and the release of a new Corporate Accountability Index by Ranking Digital Rights.… More

Five on Friday – Five Recent Developments that We’ve Been Watching Closely

It’s Friday iStock_000011057325XSmalland time for another overview of developments in the field of business and human rights that we’ve been monitoring.

This week’s post includes: a federal court decision holding that U.S.-based companies may be obligated to turn over customer data stored outside the United States; an amicus brief opposing President Trump’s Executive Order establishing an entry ban on individual from seven Muslim-majority countries; and new guidance from the OECD with regard to due diligence in apparel and footwear supply chains.… More

Second Circuit Holds that the U.S. Government Can’t Order Microsoft to Disclose Customer Emails Stored in Ireland

Cloud computing security conceptIn a case closely watched by privacy advocates, on July 14, the Second Circuit Court of Appeals held that the Stored Communications Act (“SCA”) does not authorize U.S. law enforcement authorities to order U.S.-based companies to turn over customer e-mail content that is stored exclusively outside the United States.

In the case, Microsoft v. United States of America, Microsoft challenged a warrant requiring it to turn over customer data,… More

Five on Friday – Five Recent Developments that We’ve Been Watching Closely

iStock_000011057325XSmallIt’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.

This week’s post includes: a new guide for business lawyers from the International Bar Association that seeks to promote implementation of the U.N. Guiding Principles on Business and Human Rights; the public release of Know the Chain’s first report benchmarking technology companies on efforts to address forced labor in their supply chains;… More

Five on Friday – Five Recent Developments that We’ve Been Watching Closely

iStock_000011057325XSmallIt’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.

This week’s post includes: an overview of amicus briefs in the Apple case; the arrest of a Facebook executive in Brazil; and a statement from the U.S. Government on its human rights “commitments and pledges,” including its forthcoming adoption of a National Action Plan on Responsible Business Conduct.… More

FTC Announces Children’s Online Privacy Protection Settlements Based on Collection of Persistent Identifiers

This post, written by Jeremy Meisinger, was originally published on the firm’s Security, Privacy, and the Law blog.

The Children’s Online Privacy Protection Rule (“COPPA Rule”) requires website and online service operators to give notice to parents and obtain verifiable parental consent before collecting children’s “personal information” online. 16 CFR §§ 312.4, 312.5. The definition of “personal information” encompasses some obvious pieces of data – name and address,… More

Five on Friday – Five Recent Developments that We’ve Been Watching Closely

iStock_000011057325XSmallIt’s Friday and time for another overview of developments in the field of business and human rights that we’ve been monitoring.

This week’s post includes: Apple’s refusal to comply with a federal court order; a new report highlighting the most pressing business and human rights challenges facing companies today; and an evaluation of corporate compliance with the California Transparency in Supply Chains Act.

Five on Friday – Five Recent Developments that We’ve Been Watching Closely

iStock_000011057325XSmallIt’s Friday and time for our latest overview of developments in the field of business and human rights that we’ve been monitoring.

This week’s post includes notice of several new lawsuits regarding human rights concerns in corporate supply chains as well as coverage of the European Court of Justice’s recent decision to strike down the 15-year old “Safe Harbor” agreement allowing companies to self-certify that their data transfers between the United States and Europe are in compliance with E.U.… More

Five on Friday: Five Recent Developments that We’ve Been Watching Closely

iStock_000011057325XSmall

There continue to be regular developments in the business and human rights field that warrant attention from both companies and their stakeholders. New legislation and regulation, shifting policy positions, and developments in ongoing litigation…there is always a lot to discuss.

To conclude this week, we have put together a rundown of five recent developments that we’ve been watching closely:

  • On September 2,…
  • More

European Court Establishes “Right to be Forgotten” Online

Flag_of_Europe.svgToday’s decision by the European Court of Justice (ECJ) that individuals enjoy the right to have truthful yet unflattering information about them “forgotten” from online search results is generating a great deal of controversy in Europe and beyond. In a case brought by Spanish national Mario Costeja Gonzalez against Google demanding that the search giant remove results referring to a years-old newspaper notice of a tax auction of his property,… More

Building Capacity to Exercise Good Judgment in a World of Big Data

ConferenceThis week the news has been full of reports from Las Vegas regarding the latest technological trends on display at the International Consumer Electronics Show. Discussions about wearable technologies and smart appliances — and the emerging “Internet of Things” — often lead privacy advocates to question the potential downsides of companies collecting massive amounts of data regarding everything from where we walk to what we eat.… More

Corporate Transparency Reports: Understanding Limitations and Leveraging Opportunities

Lock backgroundRecent revelations regarding surveillance activities by the U.S. Government have raised many questions regarding the balance between privacy and security. There have already been, and there will continue to be, Congressional hearings and other public policy forums regarding the appropriate scope of  government surveillance efforts and the role of private companies in responding to law enforcement requests.

Beyond questions regarding the scope of government under existing legislation,… More

Telecommunications Companies Release Guiding Principles on Freedom of Expression and Privacy

The Telecommunications Industry Dialogue, a group of eight telecommunications companies, recently published a set of Guiding Principles on freedom of expression and privacy. Originally formed in 2011, the Industry Dialogue also announced a two-year partnership with the Global Network Initiative.

Current participants in the Industry Dialogue include: Alcatel-Lucent, France Telecom-Orange, Millicom,… More

Mobile Phone Security: Flawed Out of the Box?

phone with key on white background. Isolated 3D imageAccording to an article in the Wall Street Journal last week (subscription required), smartphone makers are receiving an increasing number of requests from U.S. law enforcement agencies for assistance in bypassing password protections on encrypted mobile devices seized from criminal suspects. Although it is heartening to hear the article’s report that companies such as Google are challenging warrants requiring them to divulge “any and all means of gaining access,… More

Board Oversight and Cybersecurity – What are the Risks to Your Company?

Does your board exercise proper oversight over cybersecurity risks? Directors and officers have fiduciary duties to protect the assets of their companies. This obligation covers digital assets, including corporate information, applications, and networks. The scope of the obligation is defined, in part, by laws and regulations that impose specific privacy and security obligations on companies.

The threats to digital assets are real, and companies are increasingly grappling with how best to manage network infiltrations,… More

Publicizing Privacy Threats, Real and Imagined

“There is no such thing as bad publicity” goes the old adage, but sometimes casting the glare of publicity on non-issues can obscure real and pressing issues from public view. So it is with Senator Charles Schumer’s (D-NY) comments yesterday over the threat to privacy posed by online mapping technologies such as Google Maps, Microsoft’s Bing Maps, and Apple’s forthcoming iOS Maps. “Sunbathing in your backyard shouldn’t be a public event”… More

Why Every Company Needs a Geolocation Policy

No matter how big or small your company currently might be, your company needs a geolocation policy that takes human rights into account if you are either: (1) gathering or storing data that personally identifies your customers; or (2) providing a platform for creating or storing user generated content.

Technology companies typically first think about geolocation when they have grown to the point where they need to locate data somewhere other than their home base for redundancy reasons or to reduce network latency.… More

CSR for Start-ups = CSR from the Start!

Technology companies typically begin to think about corporate social responsibility in the context of "giving back to the community" once they have become large, established market players with a track record of profitability. This is far from an ideal approach to CSR, however, because having a proper CSR framework in place right from day one can young companies avoid problems that can stymie their growth or tarnish their reputation permanently.… More

Advocates Seek Human Rights Commitments from Telecommunications Companies

Access, an advocacy organization that promotes open and secure access to the Internet, recently released its Telco Action Plan, a document that sets forth ten steps and implementation objectives for telecommunications companies (“telcos”) seeking to operate with respect for human rights.  

Access launched the plan at last month’s Stockholm Internet Forum and intends to use the document as a platform for dialogue with telcos that seek to operate in political and legal contents that may post threats to freedom of expression,… More

Assessing Corporate Policies and Procedures to Protect Freedom of Expression and Privacy Rights

What policies, processes, and procedures do companies need to have in place in order to protect the fundamental human rights of freedom of expression and privacy?

This question was central to the first independent assessments of corporate implementation of the Global Network Initiative ("GNI") Principles, conducted this past year and announced on April 18 with the release of GNI’s second annual report. … More

FTC Releases Final Report: “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”

This post, written by Colin J. Zick, was originally posted on Foley Hoag’s Security, Privacy and the Law blog.

                                                       *     *     *     *     *

FTC has released the final version of its original 2010 Report "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers."… More

Predictive Analytics, Informed Consent, and Privacy: The Case of Target

A fascinating article in last weekend’s New York Times Magazine discusses the powerful statistical techniques that some companies are using to analyze sales and other data in order to gain insights into their customers’ behaviors and needs. The article raises a number of difficult consent and privacy issues.

The feature-length piece by Charles Duhigg uses the “predictive analytics” program developed by Target, America’s third-biggest retailer, as a case study to illustrate how companies are combining data from customer interactions with other information obtained from commercial databases to draw strikingly detailed portraits of individual customers.… More

Facebook Settles FTC Charges and Agrees to Independent Audits of Its Privacy Program

Earlier today, Federal Trade Commission (“FTC”) and Facebook announced a settlement of the government’s charges that the company had deceived users regarding their ability to keep their information private. We have reposted below a blog post outlining the major elements of the settlement agreement. The post was authored by our colleague Colin Zick, co-founder of Foley Hoag’s Security & Privacy practice group,… More

The Global Network Initiative: Confronting Human Rights Challenges in the Information & Communications Technology Sector

The Global Network Initiative ("GNI") released its first annual report (.pdf) last month. This is a milestone worth celebrating by all who continue to believe in the power of the information and communications technology ("ICT") sector to promote freedom and development (and development as freedom) worldwide.

Although the changes wrought in the last decade by the proliferation of ICT companies to the furthest reaches of the globe are almost unimaginable,… More

When Creepy is the New Cool: The Internet, Consumer Privacy, and Human Rights

Foley Hoag’s Emerging Enterprise Center blog has recently published several posts on a preliminary staff report, recently released by the Federal Trade Commission (“FTC”), which sets out a proposed framework for protecting privacy in the digital economy.  Specifically, the report endorses the implementation of a “Do Not Track” mechanism to allow consumers to choose whether to allow the collection of data regarding their online activities.… More