Privacy & Information Security Law Blog

On October 6 and 7, 2015, the Centre for Information Policy Leadership at Hunton & Williams LLP (“CIPL”), a global privacy policy think-tank based in Washington D.C. and London, and the Instituto Brasiliense de Direito Publico, a legal institute based in Brazil, will co-host a two-day Global Data Privacy Dialogue in Brazil, at the IDP’s conference facilities.

On October 1, 2015, the Court of Justice of the European Union (the “CJEU”) issued its judgment in Weltimmo v Nemzeti (Case C-230/14). Weltimmo, a company registered and headquartered in Slovakia, runs a website that allows property owners in Hungary to advertise their properties. The CJEU stated that, in some cases, Weltimmo had failed to delete the personal data of the advertisers upon request, and also had sent debt collectors to some advertisers despite their earlier attempts to cancel their accounts. The advertisers complained to the Hungarian Data Protection Authority (“DPA”), which investigated the matter and issued a fine of HUF 10 million (approximately 36,500 USD) against Weltimmo.

On September 29, 2015, the Centre for Information Policy Leadership at Hunton & Williams LLP (“CIPL”), a global privacy policy think-tank based in Washington D.C. and London, hosted a webinar on The Ins and Outs of the APEC Cross-Border Privacy Rules (“CBPR”) and their Role in Enabling Legal Compliance and International Data Transfers.

On September 11, 2015, the Federal Communications Commission (“FCC”) announced that Lyft Inc. (“Lyft”) and First National Bank Corporation (“FNB”) violated the Telephone Consumer Protection Act (“TCPA”) by forcing their users to consent to receive automated text messages as a condition of using their services. The FCC warned that these violations could result in fines if they continue.

When novelist William Gibson said, “[t]he future is already here, it’s just not very evenly distributed,” he may have had innovation like blockchain technology in mind. In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role (e.g., payment processor, broker, dealer, custodian).

On September 29, 2015, the Court of Justice of the European Union (“CJEU”) announced that it will deliver its judgment in the Schrems vs. Facebook case on October 6, 2015. The CJEU’s judgment will be the final ruling in the case, and comes after the Advocate General’s Opinion regarding Safe Harbor earlier this week.

On September 17, 2015, the Seventh Circuit rejected Neiman Marcus’ petition for a rehearing en banc of Remijas v. Neiman Marcus Group, LLC, No. 14-3122. In Remijas, a Seventh Circuit panel found that members of a putative class alleged sufficient facts to establish standing to sue Neiman Marcus following a 2013 data breach that resulted in hackers gaining access to customers’ credit and debit card information. No judge in regular active service requested a vote on the rehearing petition. Additionally, all members of the original panel voted to deny rehearing. As we previously reported, and according to The Practitioner's Handbook for Appeals to the United States Court of Appeals for the Seventh Circuit, “it is more likely to have a petition for writ of certiorari granted by the Supreme Court than to have a request for en banc consideration granted” in the Seventh Circuit.

On September 22, 2015, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the Cloud Select Industry Group (“C-SIG”) Code of Conduct on data protection for Cloud Service Providers (the “Code”). In the Opinion, the Working Party analyzes the Code that was drafted by the Cloud Select Industry Group (the “C-SIG”).

On September 22, 2015, the Securities and Exchange Commission (“SEC”) announced a settlement order (the “Order”) with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert (the “Alert”) entitled Identity Theft, Data Breaches, and Your Investment Accounts.

On September 8, 2015, representatives from the U.S. Government and the European Commission initialed a draft agreement known as the Protection of Personal Information Relating to the Prevention, Investigation, Detection and Prosecution of Criminal Offenses (the “Umbrella Agreement”). The European Commission’s stated aim for the Umbrella Agreement is to put in place “a comprehensive high-level data protection framework for EU-U.S. law enforcement cooperation.” The Umbrella Agreement has been agreed upon amid the ongoing uncertainty over the future of the U.S.-EU Safe Harbor, and was drafted shortly before the release of the September 23 Advocate General’s Opinion in the Schrems v. Facebook litigation. The content of the Umbrella Agreement is in its final form, but its implementation is dependent upon revisions to U.S. law that are currently before Congress.