Privacy & Information Security Law Blog

On November 5, 2015, the White House released the proposed text of the Trans-Pacific Partnership Agreement (the “TPP”) containing a chapter on cross-border data transfers in the context of electronic commerce. In the chapter on Electronic Commerce, Chapter 14, the TPP includes commitments from participating parties to adopt and maintain a legal framework to protect personal information, and encourages cross-border data transfers to help facilitate business and trade.

On November 2, 2015, Federal Communications Commission (“FCC”) Chairman, Tom Wheeler, indicated in an interview that the agency would take on the issue of broadband privacy within the next several months, most likely in the form of a notice of proposed rulemaking. Chairman Wheeler said that the FCC’s inquiry would look at the privacy practices of “those who provide the networks” (i.e., Internet service providers (“ISPs”)) and how such businesses are protecting their customers’ information.

On November 9, 2015, U.S. District Judge Richard J. Leon issued a preliminary injunction ordering the National Security Agency to stop its bulk telephony metadata program. The preliminary injunction was issued in favor of subscribers of Verizon Wireless Business Network and comes 20 days before the program was set to expire under the USA Freedom Act. The case is Klayman v. Obama et al. (1:13-cv-00851) in the U.S. District Court for the District of Columbia.

On November 6, 2015, the European Commission published a communication and a Q&A document addressed to the European Parliament and European Council on the transfer of personal data from the EU to the U.S. under EU Data Protection Directive 95/46/EC (the “Directive”), following the decision by the Court of Justice of the European Union invalidating the European Commission’s Safe Harbor Decision.

Hunton & Williams LLP’s Aaron Simpson, partner in the firm’s Global Privacy and Cybersecurity practice, and Adam Solomon, associate, co-authored an article in Pratt’s Privacy & Cybersecurity Law Report entitled Dealmakers Ignore Cyber Risks At Their Own Peril.

On Monday, November 2, 2015, Hunton & Williams LLP’s Centre for Information Policy Leadership (“CIPL”) Senior Policy Advisor, Fred H. Cate, moderated an academic panel on The Data Dilemma: A Transatlantic Discussion on Privacy, Security, Innovation, Trade, and the Protection of Personal Data in the 21st Century. The event was sponsored by Indiana University and took place at the CIEE Global Institute in Berlin, Germany.

On November 3, 2015, John Murphy, Senior Vice President for International Policy at the U.S. Chamber of Commerce, testified about the Court of Justice of the European Union’s (“CJEU’s”) EU-U.S. Safe Harbor Decision at a joint hearing of the House Commerce and Communications and Technology Subcommittees.

On October 26, 2015, the Federal Trade Commission (“FTC”) issued a press release on the Global Privacy Enforcement Network (“GPEN”) Alert, a new multilateral information sharing system that would allow participating agencies to share information relating to an investigation in order to facilitate better cross-border coordination. The FTC, along with agencies from seven other nations, signed a Memorandum of Understanding at the 37th International Conference of Data Protection and Privacy Commissioners in Amsterdam. FTC Chairwoman Edith Ramirez stated that the “GPEN Alert is an important, practical cooperation tool that will help GPEN authorities protect consumer privacy across the globe.” Australia, Canada, Ireland, The Netherlands, New Zealand, Norway and the United Kingdom join the U.S. in their efforts to coordinate global consumer privacy protection.

On October 27, 2015, David Smith, the UK Deputy Commissioner of the Information Commissioner’s Office (“ICO”), published a blog post commenting on the ongoing Safe Harbor compliance debate in light of the Schrems v. Facebook decision of the Court of Justice of the European Union. His key message to organizations was, “Don’t panic.”

The National Institute of Standards and Technology (“NIST”) recently released the final draft of its report entitled De-Identification of Personal Information. The report stems from a review conducted by NIST of various de-identification techniques for removal of personal information from computerized documents. While de-identification techniques are widely used, there is concern that existing techniques are insufficient to protect personal privacy because certain remaining information can make it possible to re-identify individuals.