Tag Archives: consent

Enforcing Canadian Anti-Spam Law

The Canadian Anti-Spam Legislation (CASL) has aroused concern among marketers on both sides of the border since it started coming into force in July 2014 (some provisions, such as a private right of action, do not take effect until next year). It has stricter consent requirements than the US CAN-SPAM Act, as well as rules … Continue Reading

Two FCC TCPA Orders Address Consent through an Intermediary, Provide First TCPA Exemption, and Hint at Future Directions

The FCC recently issued a Declaratory Ruling and an Order that provide some clarity in the TCPA arena and create a new exemption for certain types of text messages and calls. In sum, the FCC clarified that a company may obtain “prior express consent” through an intermediary for the purpose of sending administrative text messages. … Continue Reading

EPIC Alleges Epic FTC Fail In Google Saga; We Review the Complaint

On February 8, 2012, the Electronic Privacy Information Center (EPIC) asked the Federal District Court for the District of Columbia to compel the Federal Trade Commission (FTC) to enforce the terms of the agency's Google Buzz privacy settlement with Google. EPIC seeks to compel the FTC to stop Google's planned consolidation of user data from across the company's services into a single profile for each user under a single privacy policy. EPIC has alleged that the proposed changes and the way Google seeks to implement the changes violate the Google Buzz consent order. The District Court will hear the case before March 1, 2012. In this post, we discuss the highlights of EPIC's complaint, Google's response and lessons learned. … Continue Reading

Russia Amends Federal Data Protection Law; Privacy Enforcement on the Rise

Last week, the upper house of Russia's federal legislature approved amendments to the country's federal data protection law. The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute's data subject consent provisions.The amended law will come into force when it is published in the official newsletter. … Continue Reading

Russia Postpones Enforcement of Data Protection Law; Considers Revisions

On December 23, 2010, Russia's President Dmitry Medvedev signed legislation delaying until July 1, 2011 the enforcement of the country's omnibus data protection law (the Federal Law Regarding Personal Data). Pursuant to the new legislation, the revised effective date for the country's data protection law is January 1, 2011, but operators have until July 1, 2011 to bring their personal data information systems into compliance with the law. … Continue Reading

As California Goes, so Goes the Nation? Part One

Many of you probably read earlier this month that California's Office of Administrative Law approved the California Department of Insurance's proposal to repeal certain privacy regulations. The California changes actually have greater significance than may be apparent on a quick glance. Although rarely noted in the media coverage, State insurance privacy regulations across the country (not just in California) find their roots in the federal Gramm Leach Bliley Act, so California's decision to make such changes provides a helpful illustration of the extraordinarily complex and confusing web of privacy regulation that governs even small organizations in this country. Also, California's move with respect to these changes contravenes the conventional wisdom that California is a renegade pro-consumer state when it comes to privacy regulation. Many of our followers have asked me to break down this newest California development, so here goes. … Continue Reading

FAQ on the “BEST PRACTICES Act” – Part Two

We recently published the first part of our FAQ series on Congressman Bobby Rush's new data privacy bill known as "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (a.k.a. "BEST PRACTICES Act" or "Act"). In Part One we looked at some of the key definitions and requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for de-identified information and application and enforcement. … Continue Reading

FAQ on the “BEST PRACTICES Act” – Part One

Congressman Bobby Rush has introduced a new data privacy bill to Congress known as the "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (a.k.a. "BEST PRACTICES Act" or "Act"). We have put together a summary of the Act in "FAQ" format. In Part One we look at some of the key definitions, requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for deidentified information, and provisions concerning the application and enforcement of the Act. … Continue Reading

Do the New EU Processing Clauses Apply to You?

A new set of EU standard contract clauses ("SCCs" or "model contracts") for processing European personal data abroad came into effect on May 15, 2010. Taken together with a recent opinion by the official EU "Article 29" working group on the concepts of "controller" and "processor" under the EU Data Protection Directive, this development suggests that it is time to review arrangements for business process outsourcing, software as a service (SaaS), cloud computing, and even interaffiliate support services, when they involve storing or processing personal data from Europe in the United States, India, and other common outsourcing locations. … Continue Reading

Breaking Down the Boucher Bill

In early May, Reps. Rick Boucher (D-Va.) and Cliff Stearns (R-Fla.) introduced a long anticipated "discussion draft" of a bill "[t]o require notice to and consent of an individual prior to the collection and disclosure of certain personal information relating to that individual." You have probably heard that industry and consumer groups alike are not happy with the discussion draft. What exactly is the Boucher Bill and what would it mean for almost every company engaged in the collection, use or disclosure of personal information (not just companies engaged in online behavioral advertising)? Following is a FAQ. Comments on the draft legislation are due June 4 (mark your calendars). … Continue Reading
LexBlog