jfgilbert

Online Media are Responsible for Third-Party Content

Ursula Widmer

The Swiss Federal Supreme Court has ruled that a media provider that allows third parties to set up blogs on its website, is jointly responsible for their contents. The case specifically referred to the Geneva newspaper “Tribune de Genève”, which offers readers the facility to keep personal blogs on its website. One of these blogs be- longed to a Geneva politician who, in his articles, had violated the right of personality of a former director of the Cantonal Bank of Geneva. The person concerned consequently initiated legal action against the author of the blog and also against the newspaper, and demanded the deletion of the relevant article from the blog. The cantonal Court upheld the complaint and ordered the author and the newspaper to remove the blog article and to pay legal costs.

The newspaper appealed against this decision to the Federal Court, but without success. The court was not interested in the newspaper’s point that, in certain other countries, operators of websites that allow third parties to set up blogs cannot be held legally responsible for the content of the blog articles. The court referred to the fact that, under Swiss law, anyone who is involved in a violation of personality, and not just the author, may be subject to legal action. The operation of the website by the newspaper was judged by the court as being a relevant factor in the violation of personality.

The ruling of the cantonal court was therefore correct, in the opinion of the Federal Court. The newspaper was ordered to remove the offending blog article and to pay the costs of the proceedings. The court indicated in particular that, unlike in damages and compensation cases, there is no assumption of fault on the part of the respondent in applications for removal and injunction. It there- fore remained unclear whether the newspaper could successfully have been sued for compensation or damages, since the plaintiff had not brought any such claims against the newspaper.

Read More

Comparative Analysis of the Laws Regulating Government Access to Cloud Data

Francoise Gilbert

A program held in conjunction with the RSA San Francisco 2013 Conference and sponsored by the Cloud Security Alliance and Box – a major provider of cloud services – recently featured some of the contributors to the Global Privacy & Security Law treatise, Jean-Francois Henrotte (Philippe & Partners, Belgium), Frederic Forster (Alain Bensoussan Avocats, Paris), Raffaele Zallone (Studio Zallone, Italy) and Francoise Gilbert (IT Law Group, USA). The program presented a discussion of the US and foreign laws that regulate government access to cloud data. (more…)

Read More

Accountability and Protection of Personal Data

Alain Bensoussan

In data privacy matters, “accountability” means an obligation to report and explain, combined with principles of transparency and traceability, with a view to identify and document the measures implemented to comply with data privacy law requirements. It also implies an obligation for the data controller to assume liability and warrant a result, namely the efficacy of the data protection and the verifiability of the measures taken to this end.

Accountability thus implies for the data controller not only the obligation to comply with the applicable rules, but also the obligation to demonstrate to the authorities and/or the data subjects how such compliance is ensured. Laws and other texts will gradually integrate accountability requirements for personal data protection. (more…)

Read More

New FTC COPPA Rule Will Better Protect 21st Century Children

Francoise Gilbert

The Federal Trade Commission final updated COPPA Rule, published this morning (December 19, 2012),  brings child protection online to the 21st century. While most of the high level requirements, which stem directly from the Child Online Privacy Protection Act (COPPA) remain unchanged, the updated Rule contains references to modern technologies such as geolocation, plug-ins and mobile apps, and modern methods of financing websites, such as behavioral targeting.

(more…)

Read More

USA PATRIOT Act Effect on Cloud Computing Services

Francoise Gilbert

Recent reports and press articles, with attention grabbing headlines, have expressed concern, and at times asserted, that the U.S. government has the unfettered ability to obtain access to data stored outside the United States by U.S. cloud service providers or their foreign subsidiaries. They point to the USA PATRIOT Act (“Patriot Act”) as the magic wand that allows U.S. law enforcement and national security agencies unrestricted access to any data, anywhere, any time. In fact, the actual impact of the Patriot Act in this cloud context is negligible.

(more…)

Read More

CNIL’s Advanced Security and Privacy Risk Management Guides

Alain Bensoussan

The French data protection authority, the CNIL, recently published a translated version of its two new guides “Advanced security and Privacy risk management”.

These guides consist of :

  • A methodology for managing the risks that can affect the individuals ;
  • A catalogue of measures and best practices to treat the risks identified with the methodology.

These documents are primarily intended for use by controllers, data protection officers (DPO) and chief information security officers (CISO). They assist them in creating a rational understanding of the risks arising from the processing of personal data and to choose necessary and sufficient organizational and technical measures to protect privacy.

The two guides are available on the CNIL’s website : http://www.cnil.fr/english/

Read More

Privacy by Design

Alain Bensoussan

The Privacy by Design (PbD) principle means that privacy and data protection are embedded throughout the entire life cycle of technologies, from the early design stage to their deployment, use and ultimate disposal. This in particular means that the protection of data must be at the heart of a company’s internal processes.

Adopting a PbD approach is a very visible trend in international groups and this trend is expected to grow significantly.

Privacy by Design can serve as a new tool to help companies stand out among their competitors and be a further mark of quality and trust for clients. (more…)

Read More

EU Parliament Resolution for Amendment of Rome II Regulation on Law Applicable to Violations of Privacy

Alain Bensoussan

On May 10, 2012, the European Parliament adopted a resolution (available here) with recommendations to the Commission on the amendment of Regulation (EC) No. 864/2007 on the law applicable to non-contractual obligations, known as Rome II. The Parliament first noted that “the Rome II Regulation lacks a provision for the determination of the law applicable to violations of privacy and rights relating to personality”. (more…)

Read More