Blog

Proposed Changes to the EU Data Directives: What Consequences for Businesses?

Francoise Gilbert

The European Commission has determined that the privacy and data protection framework applicable throughout the European Union must be revised in order to adapt the current rules to the rapid technological changes that have dramatically modified the way individuals live and companies operate. Communication COM (2010) 609, published on November 4, 2010, summarizes the goals that the European Commission has set for the overhaul of the EU data protection regime.[1]

The Commission intends to expand the duties and obligations of the data controllers, improve the awareness and understanding of privacy matters by individuals, increase the protection of individuals’ rights especially in the context of Web 3.0 applications, and ease the flow of information in the internal market as well as in the context of crossborder data transfers out of the European Union.

(more…)

Read More

When Will Your CEO’s Social Media Postings End-Up in a Court Room?

Francoise Gilbert

Social networks such as Facebook and MySpace allow members to create an online profile that may be accessed by other members.  Some social networks have privacy controls that allow members to choose who can view their profiles or contact them.  Others do not require pre-approval to gain access to a member’s profiles.

These materials are easy target for trial or litigation attorneys who may wish to use them to impeach the opposing party or its witnesses. (more…)

Read More

Department of Energy’s Report on Data Access and Privacy Issues Related to Smart Grid Technologies

Francoise Gilbert

On October 5, 2010, the US Department of Energy (DoE) issued two important reports that outline recommendations for the use of Smart Grid technologies.  One of the reports focuses on the protection of personal data that will be collected through Smart Grid meters, the other addresses communications requirements.  Both reports were issued after consultation with the utilities, consumer advocates, and telecommunications companies.

The 65 page DoE report on Data Access and Privacy Issues Related to Smart Grid Technologies recommends that detailed energy consumption information that is collected through the use of Smart Grid technologies be accorded privacy protections that are similar to the protections that are granted to other categories of personal data. (more…)

Read More

No Attorney Client Privilege for In-House Lawyers Under EU Law

Francoise Gilbert

On September 14, 2010 the European Court of Justice (ECJ) confirmed that there is no attorney-client privilege under EU law for communications with in-house counsel when a company is under investigation by the European Commission.

In its ruling in the case of Akzo Nobel Chemicals Ltd and Akcros Chemicals Ltd v European Commission, the European Court of Justice affirmed a prior decision of the European General Court that had rejected a claim for legal professional privilege over the company’s communications with its in-house lawyer. The court reasoned that in-house lawyers are economically dependent on their employers, and thus cannot be regarded as independent. (more…)

Read More

Google Engineer Fired for Accessing User Accounts

Francoise Gilbert

Google fired a software engineer because he allegedly took advantage of his position as a member of an elite technical group at the company to access user accounts in violation of the company policy.  Accounts accessed included those of four minors whom he had encountered through a technology group, according to reports by CNN and Gawker.

While there is no allegation of sexual predatory behavior, the engineer appears to have spied on minors’ accounts, accessed their contact lists and chats transcripts.

Given Google’s size it is almost predictable that an incident such as this would happen. When a company has thousands of employees, it is just a matter of statistics and probability. If X% of the country’s population is immature, emotionally unstable or has other personal problems, it is likely that these same characteristics will appear in the workforce of companies, despite the employers’ attempts at identifying the problem employee and prevent the occurrence of any mishap. (more…)

Read More

Lessons from FTC v. Twitter

Francoise Gilbert

Security is not just for credit card and social security numbers

The proliferation of security breach disclosure laws has brought companies’ attention to the need to protect financial information, social security, and drivers license numbers. Since most of these laws target only these categories of data, and most state laws that require the use security measures also have focused on these categories of data, many companies have limited their information security efforts to the protection of a small amount of data: credits cards, social security and drivers license numbers. As a result, other categories of data that have not been in the limelight or the subject of investigative reporting have been neglected. (more…)

Read More

Mexico’s New Federal Law on the Protection of Personal Data

Francoise Gilbert

Mexico’s new Ley Federal de Protección de Datos Personales en Posesión de los Particulares (Federal Law on the Protection of Personal Data Possessed by Private Persons) became effective on July 6, 2010. The Law is “of public order,” which means that contract provisions that conflict with it are unenforceable.

The Federal Institute for Access to Information and Data Protection (IFAI) is charged with issuing regulations and enforcing the Law. The regulations are expected to be issued within one year, and the Law will not be enforced until January 2012. (more…)

Read More

Of Cookies and Spam

Francoise Gilbert

What’s Cookin’ in the European Union?

The European Union Member States will soon change the rules that apply to cookies and unsolicited messages. Recent amendments to the ePrivacy Directive require the Member States to implement new restrictions in their national laws by June 2011. These changes are likely to significantly affect the procedures and processes used for marketing in, or with, the European Union. The most important change creates new rules for the use of cookies.

(more…)

Read More

Location Information in Consumer Contracts

Francoise Gilbert

The use of location-based services by consumers, such as for the provision of directions, traffic information, or mapping to locate nearby stores, should be subject to terms and conditions that address the quality of the service, and the reliability of the data. In addition, the contract should address the privacy concerns of the customer. The collection, use and sharing of location information might raise more concerns than that of other data such as their name, phone number or the duration of a call. Thus, special attention should be given to the protection of the location data.

(more…)

Read More

Remaining in Safe Waters

Francoise Gilbert

How to Ensure Continued Compliance with The Safe Harbor Requirements

The Safe Harbor created by the US Department of Commerce and the European Commission provides a convenient way for US companies with limited global transactions to address the “adequacy” requirement under the national laws of the European Union Member States. Being self-certified under the US Department of Commerce Safe Harbor allows them to reduce the amount of red tape that usually accompanies the transfer of personal data to the United States and from a European Union Member State, and EEA Member State or Switzerland.

However, the initial self-certification filing is only one of many obligations. In order for the self-certification to remain valid, the company must re-certify each year of its compliance with the Safe Harbor Principles and pay the related fee to the Department of Commerce. When a company wishes to renew its self-certification, it must go through the same due diligence as for the initial filing, and… much more. (more…)

Read More