版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
ThePrivacy,
DataProtectionandCybersecurityLawReview
Editor
AlanCharlesRaul
LawBusinessResearch
ThePrivacy,DataProtectionandCybersecurityLawReview
ThePrivacy,DataProtectionandCybersecurityLawReviewReproducedwithpermissionfromLawBusinessResearchLtd.
ThisarticlewasfirstpublishedinThePrivacy,DataProtectionandCybersecurityLawReview-Edition1
(publishedinNovember2014–editorAlanCharlesRaul).
Forfurtherinformationpleaseemail
Nick.Barette@
ThePrivacy,
DataProtectionandCybersecurityLawReview
Editor
AlanCharlesRaul
LawBusinessResearchLtd
THELAWREVIEWS
THEMERGERSANDACQUISITIONSREVIEWTHERESTRUCTURINGREVIEW
THEPRIVATECOMPETITIONENFORCEMENTREVIEWTHEDISPUTERESOLUTIONREVIEW
THEEMPLOYMENTLAWREVIEW
THEPUBLICCOMPETITIONENFORCEMENTREVIEWTHEBANKINGREGULATIONREVIEW
THEINTERNATIONALARBITRATIONREVIEWTHEMERGERCONTROLREVIEW
THETECHNOLOGY,MEDIAANDTELECOMMUNICATIONSREVIEW
THEINWARDINVESTMENTANDINTERNATIONALTAXATIONREVIEW
THECORPORATEGOVERNANCEREVIEWTHECORPORATEIMMIGRATIONREVIEW
THEINTERNATIONALINVESTIGATIONSREVIEWTHEPROJECTSANDCONSTRUCTIONREVIEWTHEINTERNATIONALCAPITALMARKETSREVIEWTHEREALESTATELAWREVIEW
THEPRIVATEEQUITYREVIEW
THEENERGYREGULATIONANDMARKETSREVIEWTHEINTELLECTUALPROPERTYREVIEW
THEASSETMANAGEMENTREVIEW
THEPRIVATEWEALTHANDPRIVATECLIENTREVIEWTHEMININGLAWREVIEW
THEEXECUTIVEREMUNERATIONREVIEW
THEANTI-BRIBERYANDANTI-CORRUPTIONREVIEWTHECARTELSANDLENIENCYREVIEW
THETAXDISPUTESANDLITIGATIONREVIEWTHELIFESCIENCESLAWREVIEW
THEINSURANCEANDREINSURANCELAWREVIEWTHEGOVERNMENTPROCUREMENTREVIEWTHEDOMINANCEANDMONOPOLIESREVIEW
THEAVIATIONLAWREVIEW
THEFOREIGNINVESTMENTREGULATIONREVIEWTHEASSETTRACINGANDRECOVERYREVIEWTHEINTERNATIONALINSOLVENCYREVIEW
THEOILANDGASLAWREVIEWTHEFRANCHISELAWREVIEW
THEPRODUCTREGULATIONANDLIABILITYREVIEWTHESHIPPINGLAWREVIEW
THEACQUISITIONANDLEVERAGEDFINANCEREVIEW
THEPRIVACY,DATAPROTECTIONANDCYBERSECURITYLAWREVIEW
www.TheLawReviews.co.uk
PUBLISHER
GideonRoberton
BUSINESSDEVELOPMENTMANAGER
NickBarette
SENIORACCOUNTMANAGERS
KatherineJablonowska,ThomasLee,JamesSpearing
ACCOUNTMANAGER
FelicityBown
PUBLISHINGCOORDINATOR
LucyBrewer
MARKETINGASSISTANT
DominiqueDestrée
EDITORIALASSISTANT
ShaniBans
HEADOFPRODUCTIONANDDISTRIBUTION
AdamMyers
PRODUCTIONEDITOR
TimothyBeaver
SUBEDITOR
JaninaGodowska
MANAGINGDIRECTOR
RichardDavey
PublishedintheUnitedKingdombyLawBusinessResearchLtd,London
87LancasterRoad,London,W111QQ,UK
©2014LawBusinessResearchLtd
www.TheLawReviews.co.uk
Nophotocopying:copyrightlicencesdonotapply.
Theinformationprovidedinthispublicationisgeneralandmaynotapplyinaspecificsituation,nordoesitnecessarilyrepresenttheviewsofauthors’firmsortheirclients.Legaladviceshouldalwaysbesoughtbeforetakinganylegalactionbasedontheinformationprovided.Thepublishersacceptnoresponsibilityforanyactsoromissionscontainedherein.AlthoughtheinformationprovidedisaccurateasofNovember2014,beadvisedthatthisisadevelopingarea.
EnquiriesconcerningreproductionshouldbesenttoLawBusinessResearch,attheaddressabove.Enquiriesconcerningeditorialcontentshouldbedirected
tothePublisher–
gideon.roberton@
ISBN978-1-909830-28-8
PrintedinGreatBritainbyEncompassPrintSolutions,Derbyshire
Tel:08442480112
ACKNOWLEDGEMENTS
i
Thepublisheracknowledgesandthanksthefollowinglawfirmsfortheirlearnedassistancethroughoutthepreparationofthisbook:
ASTREA
BALLAS,PELECANOS&ASSOCIATESLPCBOGSCH&PARTNERSLAWFIRMDUNAUDCLARENCCOMBLES&ASSOCIÉSELIG,ATTORNEYS-AT-LAW
JONESDAYKIM&CHANGNNOVATIONLLP
NOERR
PINHEIRONETOADVOGADOSSANTAMARINAYSTETA,SCSIDLEYAUSTINLLP
SYNCHADVOKATAB
URÍAMENÉNDEZABOGADOS,SLPWINHELLERRECHTSANWALTSGESELLSCHAFTMBH
CONTENTS
PAGE\*roman
iii
Editor'sPreface v
AlanCharlesRaul
Chapter1 EUROPEANUNIONOVERVIEW 1
WilliamLong,GéraldineScaliandAlanCharlesRaul
Chapter2 APECOVERVIEW 19
CatherineValerioBarradandAlanCharlesRaul
Chapter3 BELGIUM 31
StevenDeSchrijverandThomasDaenens
Chapter4 BRAZIL 43
AndréZonaroGiacchettaandCiroTorresFreitas
Chapter5 CANADA 54
ShaunBrown
Chapter6 FRANCE 70
MeravGriguer
Chapter7 GERMANY 83
Jens-MarwinKoch
Chapter8 GREECE 98
GeorgeBallasandTheodoreKonstantakopoulos
Chapter9 HONGKONG 113
YuetMingThamandJoanneMok
Chapter10 HUNGARY 127
TamásGödölleandPéterKoczor
PAGE\*roman
iv
Contents
Chapter11 ITALY 142
StefanoMacchidiCellere
Chapter12 JAPAN 156
TakahiroNonaka
Chapter13 KOREA 170
JinHwanKim,BrianTae-HyunChung,JenniferSKehandInHwanLee
Chapter14 MEXICO 180
CésarGCruz-AyalaandDiegoAcosta-Chin
Chapter15 RUSSIA 194
VyacheslavKhayryuzov
Chapter16 SINGAPORE 204
YuetMingTham,IjinTanandTeenaZhang
Chapter17 SPAIN 219
CeciliaÁlvarezRigaudiasandReyesBermejoBosch
Chapter18 SWEDEN 230
JimRunstenandCharlottaEmtefall
Chapter19 TURKEY 241
GönençGürkaynakandİlayYılmaz
Chapter20 UNITEDKINGDOM 253
WilliamLongandGéraldineScali
Chapter21 UNITEDSTATES 268
AlanCharlesRaul,TashaDManoranjanandVivekMohan
Appendix1 ABOUTTHEAUTHORS 295
Appendix2 CONTRIBUTINGLAWFIRMS'CONTACTDETAILS 309
PAGE\*roman
v
EDITOR’SPREFACE
ThefirsteditionofThePrivacy,DataProtectionandCybersecurityLawReviewappearsatatimeofextraordinarypolicychangeandpracticalchallengeforthisfieldoflawandregulation.IntheUnitedStates,massivedatabreacheshaveviedwithEdwardSnowdenandforeignstate-sponsoredhackingtomakethebiggestimpressiononbothpolicymakersandthepublic.InEurope,the‘righttobeforgotten’,thedraconiannewpenaltiesproposedinthedraftDataProtectionRegulationandtheSnowdenleaks,havesignificantlyalteredthepolicylandscape.
Moreover,thefreneticconversionoftheglobaleconomytoanincreasinglydigital,internet-drivenmodelisalsostimulatingarapidchangeinprivacy,dataprotectionandcybersecuritylawsandregulations.Governmentsareplayingcatch-upwithtechnologicalinnovation.Itisreportedthathalftheworld’spopulationwillbeonlineby2016andtheeconomiesofemergingnations(except,perhaps,inAfrica)arebeingdevelopeddirectlythroughelectroniccommerceratherthantakingtheintermediatestepofindustrialgrowthasWesterneconomiesdid.Growthandchangeinthisareaisaccelerating,andrapidchangesinlawandpolicyaretobeexpected.
InFrance,whistle-blowinghotlinesaremeticulouslyregulated,butnow,incertainkeyareaslikefinancialfraudorcorruption,advanceauthorisationforthehotlinesisautomaticundera2014legalamendment.InSingapore,2014sawthefirstenforcementmatterunderthatcountry’sPersonalDataProtectionAct–imposingafinancialpenaltyonacompanythatsentunsolicitedtelemarketingmessages.InRussia,anew2014‘forcedlocalisation’lawrequiresdataaboutRussianstobestoredonserversin-countryratherthanwhereverthedatacanbemostefficientlymanagedandprocessed,andjurisdictionsaroundtheworldhavedebatedenactingsuchproposals.Interestingly,whilenoticeofthelocationoftherelevantserversmustbeprovidedtotheRussiandataprotectionauthority,itisnotclearwhetherthelawprohibitspersonaldatatobesimultaneouslystoredbothin-countryandinforeignservers.
TheEuropeanUnioncontinuestoseektoextenditsmodelfordataprotectionregulationaroundtheworldbydeemingonlycountriesthatadoptthe‘omnibus’legislativeapproachoftheEUtobe‘adequate’fordataprotectionpurposes.TheEUmodelisnotbeinguniversallyendorsed,evenoutsidetheUSandtheAsiaandPacific
Editor’sPreface
PAGE\*roman
viii
EconomicCooperation(APEC)economies.Butnonetheless,theEU’sconstraintsoninternationaldatatransfershavesubstantiallyinhibitedtheabilityofmultinationalcompaniestomovepersonaldataaroundtheworldefficientlyforbusinesspurposes.Inparticular,conflictswiththeUSabound,exacerbatedbytheSnowdenleaksregardingUSgovernmentsurveillance.OneoftheprimarymethodsbywhichsuchEU–USdataflowsarefacilitated,theUS–EUSafeHarborregime,hascomeunderattackfromEUparliamentarianswhobelievethatsuchinformationwillnotbeascarefullyprotectedintheUSandcouldbecomemoresusceptibletosurveillance,despitethecomparablesurveillanceauthoritiesofEUintelligenceagencies.
WhilepolicyconflictsoverdataprotectionconflictsappearedtobemoderatingbeforetheSnowdenleaks,afterwards,officialsaroundtheworldprofessedtobesoshockedthatgovernmentswereconductingsurveillanceagainstpossibleterroriststhattheyappeartohavedecidedthatUSconsumercompaniesshouldpaytheprice.Someobserversbelievethatdigitaltradeprotection,andthedesiretopromoteregionalornational‘clouds’,playsomeroleintheantagonismleveledagainstUSinternetandtechnologycompanies.
ThefactthattheUSdoesnothaveanomnibusdataprotectionlaw,andthusdoesnothaveatop-levelprivacyregulatororcoordinator,meansthatithasbeendifficultfortheUStoexplainandadvocateforitsapproachtoprotectingpersonalinformation.ThishasallowedtheEUtofillaperceivedpolicyvoidbydenyingmutualrecognitiontoUSpractices,andtoimposesignificantextraterritorialregulatoryconstraintsonAmericanandothernon-Europeanbusinesses.
Nevertheless,itcannotbedeniedthatprivacyenforcementintheUSisdistinctlymoreaggressiveandpunitivethananywhereelseintheworld,includingtheEU.SubstantialinvestigationsandfinancialrecoverieshavebeenconductedandachievedbytheFederalTradeCommission(whichhascomprehensivejurisdictionoverconsumerdataandbusinesspractices),50stateattorneysgeneral(whohaveevenbroaderjurisdictionoverconsumerprotectionandbusinessactsandpractices),privateclassactionlawyerswhocanbringbroadlegalsuitsinfederalandstatecourts,andaplethoraofotherfederalandstateagencies,suchastheConsumerFinancialProtectionBureau,theFederalCommunicationsCommission,theDepartmentofHealthandHumanServices(formedicalandhealth-caredata),theDepartmentofEducation,theSecuritiesandExchangeCommissionandvariousbankingandinsuranceagencies.
Insum,therearenoshortageofprivacyregulatorsandenforcersintheUS,Europe,andAsia.EnforcementinSouthAmerica,aswellasAfricaandtheMiddleEastappearstobedevelopingmoreslowly.
Trumpingmanyotherprivacyconcerns,however,isthespateofdatabreachesandhackingthathavebeenepidemicandpartofpublicdiscourseintheyearsfollowingCalifornia’senactmentofthefirstdatabreachnotificationlawin2003.WhiletheUSappears(asaconsequenceofmandatoryreporting)tobesufferingthebulkofmajorcyberattacks–onretailers,financialinstitutionsandcompanieswithintellectualpropertyworthstealingbyforeigncompetitorsorgovernments–itisalsotruethattheUSisleadingtherestoftheworldondatabreachnotificationlawsandlawsrequiringthatcompaniesadoptaffirmativedatasecuritysafeguardsforpersonalinformation.
Forcorporateandcriticalinfrastructurenetworksanddatabases,theUShasalsoledthewaywithapresidentialexecutiveorderandtheCybersecurityFramework
developedbytheNationalInstituteofStandardsandTechnologyintheUSDepartmentofCommerce.TheUnitedKingdomhasalsobeenaleaderinthisarea,developingtheUKCyberEssentialsprogramme,whichwillsoonincludeanoptionforcompaniestobecertifiedascompliantwiththeprogramme’scybersecuritystandards.TheEUParliamenthasalsoenactedcybersecuritydirectives,andtheEU’sEuropeanNetworkandInformationSecurityAgencyhasprovidedextensiveandexpertanalysis,guidanceandrecommendationsforpromotingcybersecurityforEU-basedorganisations.
Despiteattemptstoimplementbaselinesforcybersafeguards,itappearsthatnooneisimmuneandnoorganisationissufficientlyprotectedtohaveanyconfidencethatitcanavoidbeingthevictimofsuccessfulcyberattacks,particularlybythesophisticatedhackersemployedbystatesponsors,organisedcrime,socialhacktivistsordetermined,renegadeinsiders(likeSnowden).Governmentagenciesandhighlyresourcedprivatecompanieshavebeenunabletopreventtheirnetworksfrombeingpenetrated,andsometimesarelikelytoidentify‘advancedpersistentthreats’monthsafterthemalwarehasbegunexecutingitsmaliciouspurposes.Thisphenomenallydestructivesituationcannotobtain,andpresumablysomemoreeffectivesolutionswillhavetobeidentified,developedandimplemented.Whatthoseremedieswillbe,however,isnotatallclearas2014yieldsto2015.
Inthecomingyear,itwouldseemplausiblethattherecouldbeeffortsatinternationalcooperationoncybersecurityaswellascross-borderenforcementagainstprivacyviolators.EnforcersintheEU,USandamongtheAPECeconomies,mayincreasinglyagreetoworktogethertopromotethesharedvaluesembodiedinthe‘fairinformationpracticesprinciples’thatarecommontomostnationalprivacyregimes.Inearly2014,astepinthisdirectionwastakenwhenAPECandtheEuropeanUnion’sArticle29WorkingParty(onDataProtection)jointlyreleasedaframeworkbywhichinternationaldatatransferscouldbeeffectuatedpursuanttotheguidelinesofbothorganisations.
Challengesandconflictswillcontinuetobefactorswithrespectto:assurancesofprivacyprotection‘inthecloud’;commonunderstandingsoflimitsonandtransparencyofgovernmentaccesstopersonaldatastoredeitherinthecloud,orbyinternetcompaniesandserviceproviders;differencesabouthowandwheninformationcanbecollectedinEurope(andperhapssomeothercountries)andtransmittedtotheUSforcivildiscoveryandlawenforcementorregulatorypurposes;freedomofexpressionforinternetpostsandpublications;theabilityofcompaniestomarketontheinternetandtotrack–andprofile–usersonlinethroughcookiesandotherpersistentidentifiers;andthedeploymentofdronesforcommercialandgovernmentaldataacquisitionpurposes.
Thebiggestloomingissueofthemall,however,willlikelybe‘bigdata’.Thisisahighlypromisingpractice–basedondatascienceandanalytics–thatcollectsandusesenormousquantitiesofdisparate(andoftenunstructured)data,andappliescreativenewalgorithmsenabledbyvastlycheaperandmorepowerfulcomputerpowerandstorage.Bigdatacandiscoverhelpfulnewpatternsandmakeusefulnewpredictionsabouthealthproblems,civicneeds,commercialefficiencies,andyes,consumerinterestsandpreferences.
ThepotentialsocialutilityofbigdatahasbeenunequivocallyacknowledgedbytheUSadministrationaswellasbythekeypolicymakersintheEU.But,bigdatachallengestheexistingprivacyparadigmofnoticeanddisclosuretoindividualswhoarethenfreeto
makechoicesabouthowandwhentheirdatacanbeusedandcollected.Manyexistingandproposedapplicationsofbigdataonlyworkifthevaststoresofdatacollectedbytoday’scompaniescanbemaintainedandanalysedirrespectiveofpurposelimitations.Suchlimitationsmayhavebeenrelevant(anddisclosed)atthepointofcollection,butnolongeraddressthevalueofthedatatocompaniesandconsumerswhocanbenefitfrombigdataapplications.NumeroushighlythoughtfulreportsbypolicymakersintheUSandEUhavenotedconcernsaboutthepossibilitythatunfetteredbigdataapplicationscouldresultinhiddendiscriminationagainstcertaindemographicgroupsthatmightbedifficulttoidentifyandcorrect;orcouldresultinundueprofilingofindividualsthatmightinhibittheirautonomy,limittheirfinancial,employment,insuranceorevenserendipitouschoices,orpossiblysomehowencroachontheirpersonalprivacy(totheextentthatotherwiseaggregateoranonymousdatacanbere-identified).
Thispublicationarrivesatatimeofenormousfermentforprivacy,dataprotectionandcybersecurity.Readersareinvitedtoprovideanysuggestionsforthenexteditionofthiscompendium,andwelookforwardtoseeinghowthemanyfascinatingandconsequentialissuesaddressedherewillevolveordevelopinthenextyear.
AlanCharlesRaulSidleyAustinLLPWashington,DCNovember2014
PAGE
268
Chapter21
UNITEDSTATES
AlanCharlesRaul,TashaDManoranjanandVivekMohan1
OVERVIEW
Thoughnotuniversallyacknowledged,theUnitedStates’commercialprivacyregimeisarguablytheoldest,mostrobust,welldevelopedandeffectiveintheworld.TheUnitedStates’privacysystemhasarelativelyflexibleandnon-prescriptivenature,relyingmoreonposthocgovernmentenforcementandprivatelitigation,andonthecorrespondingdeterrentvalueofsuchenforcementandlitigation,thanondetailedprohibitionsandrules.Withcertainnotableexceptions,theUSsystemdoesnotapplya‘precautionaryprinciple’toprotectprivacy,butrather,allowsinjuredparties(andgovernmentagencies)tobringlegalactiontorecoverdamagesfor,orenjoin,‘unfairordeceptive’businesspractices.However,USfederallawdoesimposeaffirmativeprohibitionsandrestrictionsincertaincommercialsectors,suchasthoseinvolvingfinancialandmedicaldata,andelectroniccommunications,aswellaswithrespecttochildren’sprivacy,backgroundinvestigationsand‘consumerreports’forcreditoremploymentpurposes,andcertainotherspecificareas.Statelawsaddnumerousadditionalprivacyrequirements.
LegalprotectionofprivacyincivilsocietyhasbeenrecognisedintheUScommonlawsince1890whenthearticle‘TheRighttoPrivacy’waspublishedintheHarvardLawReviewbyProfessorsSamuelDWarrenandLouisDBrandeis.Moreover,fromitsconceptionbyWarrenandBrandeis,theUSsystemforprotectingprivacyinthecommercialrealmhasbeenfocusedonaddressingtechnologicalinnovation.TheHarvard
1 AlanCharlesRaulisapartnerandTashaDManoranjanandVivekMohanareassociatesatSidleyAustinLLP.Passagesofthischapterwereoriginallypublishedin‘Privacyanddata
protectionintheUnitedStates’,TheDebateonprivacyandsecurityoverthenetwork:Regulationandmarkets,2012,FundaciónTelefónica;andRaulandMohan,‘TheStrengthoftheU.S.CommercialPrivacyRegime’,31March2014,amemorandumtotheBigDataStudyGroup,USOfficeofScienceandTechnologyPolicy.
UnitedStates
PAGE
269
professorsastutelynotedthat‘[r]ecentinventionsandbusinessmethodscallattentiontothenextstepwhichmustbetakenfortheprotectionoftheperson,andforsecuringtotheindividual[…]theright“tobeletalone”’.In1974,CongressenactedthefederalPrivacyAct,regulatinggovernmentdatabases,andfoundthat‘therighttoprivacyisapersonalandfundamentalrightprotectedbytheConstitutionoftheUnitedStates’.ItisgenerallyacknowledgedthattheUSPrivacyActrepresentedthefirstofficialembodimentofthefairinformationprinciplesandpracticesthathavebeenincorporatedinmanyotherdataprotectionregimes,includingtheEuropeanUnion’s1995DataProtectionDirective.
TheUShasalsoledthewayfortheworldnotonlyonestablishingmodellegaldataprotectionstandardsinthe1974PrivacyAct,butalsointermsofimposingaffirmativedatabreachnotificationandinformationsecurityrequirementsonprivateentitiesthatcollectorprocesspersonaldatafromconsumers,employeesandotherindividuals.ThestateofCaliforniawasthepathbreakerondatasecurityanddatabreachnotificationbyfirstrequiringin2003thatcompaniesnotifyindividualswhosepersonalinformationwascompromisedorimproperlyacquired.Sincethen,approximately47states,theDistrictofColumbiaandotherUSjurisdictions,andthefederalbanking,health-careandcommunicationsagencieshavealsorequiredcompaniestoprovidemandatorydatabreachnotificationtoaffectedindividuals,andimposedaffirmativeadministrative,technicalandphysicalsafeguardstoprotectthesecurityofsensitivepersonalinformation.Dozensofothermedicalandfinancialprivacylawsalsoexistinvariousstates.Thereis,however,nosingleomnibusfederalprivacylawintheUS.Moreover,thereisnodesignatedcentraldataprotectionauthorityintheUS,thoughtheFederalTradeCommission(FTC)hasessentiallyassumedthatroleforconsumerprivacy.TheFTCisindependentofthePresident,andisnotobliged(thoughitisencouraged)torespecttheAdministration’sperspectiveontheproperbalancebetweencostsandbenefitswithrespecttoprotectingdataprivacy.
AsintheEUandelsewhere,privacyanddataprotectionarebalancedintheUS
inaccordancewithotherrightsandintereststhatsocietiesneedtoprosperandflourish,namely,economicgrowthandefficiency,technologicalinnovation,propertyandfreespeechrightsand,ofcourse,thevaluesofpromotinghumandignityandpersonalautonomy.ThemostsignificantfactorincounterbalancingprivacyprotectionsintheUS,perhaps,istherighttofreedomofexpressionguaranteedbytheFirstAmendment.Preservingfreespeechrightsforeveryonecertainlyentailscomplicationsfora‘righttobeforgotten’sinceoneperson’sdesireforoblivionmayruncountertoanother’ssenseofnostalgia(orsomeotherdesiretomemorialisethepastforgoodorill).
TheFirstAmendmenthasalsobeeninterpretedtoprotectthepeople’srighttoknowinformationofpublicconcernorinterest,evenifittrenchestosomeextentonindividualprivacy.CompanieshavealsobeendeemedtohaveaFirstAmendmentrighttocommunicaterelativelyfreelywiththeircustomersbyexchanginginformationinbothdirections(subjecttotheinformationbeingtruthful,notmisleading,andotherwisenotthesubjectofanunfairordeceptivebusinesspractice).
ThedynamicandrobustsystemofprivacygovernanceintheUnitedStatesmarshalsthecombinedfocusandenforcementmuscleoftheUSFederalTradeCommission,stateattorneysgeneral,theFederalCommunicationsCommission,theSecuritiesandExchangeCommission,theConsumerFinancialProtectionBureau(andotherfinancialandbankingregulators),theDepartmentofHealthandHumanServices,
theDepartmentofEducation,thejudicialsystem,andlast–butcertainlynotleast–thehighlymotivatedandaggressiveUSplaintiffs’bar.Takentogether,thisenforcementecosystemhasproventobenimble,flexible,andeffectiveinadaptingtorapidlychangingtechnologicaldevelopmentsandpractices,respondingtoevolvingconsumerandcitizenexpectations,andservingasameaningfulagentofdeterrenceandaccountability.Indeed,theUSenforcementandlitigation-basedapproachappearstobeparticularlywellsuitedtodealwith‘recentinventionsandbusinessmethods’–namely,newtechnologiesandmodesofcommerce–thatposeeverchangingopportunitiesandunpredictableprivacychallenges.
THEYEARINREVIEW
AswithnearlyotherareaofrecentlegislativeactivityinWashington,Congresshasnotbeenabletoactonprivacy,consumerdatasecurity,databreachnotificationorcybersecuritylegislation.WhiletheAdministrationofPresidentObamahascalleduponCongresstoenacta‘ConsumerPrivacyBillofRights’andlegislationtohelpprotectcybersecurityfor‘criticalinfrastructure’,partisangridlock,aswellasconcernaboutover-regulatingtheprivatesector,hasstalledaction.Thecongressionalstalematewasconsiderablyshakenup,however,whenformerNationalSecurityAgency(NSA)contractorEdwardSnowdenleakedinformationregardingUSgovernmentsurveillanceprogrammestoTheGuardianandTheWashingtonPostinthesummerof2013.ThissparkedamediafrenzyaroundvariousNSAsurveillanceprogrammes.SomeoftheallegationsconcernedunauthorisedsurveillanceofUScitizensorforeignintelligencetargetswithintheUnitedStates,whileotherssuggestedwidespreadsurveillanceoutsidetheUS.
Asaresultofthesedisclosures,foreigngovernments,includingwithintheEuropeanUnion,expressedconcernregardingthebreadthofNSAsurveillanceoutsidetheUnitedStates.Forexample,theEUArticle29WorkingPartysentalettertoEUJusticeCommissionerVivianeRedingsuggestingapossibleinvestigationofviolationsbytheUSoftheEU’sdataprotectionrules.2
ThemediaandpoliticalfirestormsurroundingtheSnowdendisclosureshasledtheexecutivebranchtointroduceproposalsregardingNSAandcommercialdatacollectionprocesses.Inadditiontoitsproposalsforreformsofthegovernment’sbulkmetadatasurveillance,theWhiteHousehasalsoissuedreportsandrecommendationsfordatacollectionintheprivatebigdatasector.Followingcloselyonthis,on29MaytheFTCissuedamuchanticipatedreportonbigdatathatheavilycriticisedthelackoftransparencyinthedatabrokeringindustry,offeredrecommendationsforconsumercontrolofinformationandadvocatedforbroadlegislationthatwouldnotonlycreateobligationsforanalyticscompanies,butalsoforretailersthatmayprovidethemwithinformation.Significantly,however,thereportdoesnotsuggestthatanycurrentdatabrokerpracticesareillegalunderexistinglaw.
SeeJacobKohnstamm,ChairmanofEUArticle29WorkingParty,lettertoVivianeReding(13August2013),availableat
http://ec.europa.eu/justice/data-protection/article-29/
documentation/other-document/files/2013/20130813_letter_to_vp_reding_final_en.pdf.
Cybersecurityremainsahottopic,althoughexpectationsforcongressionalactionremainuncertain.Legislativeactioninthestatescontinues,withKentuckybecomingthe47thstatetohavepasseddatabreachnotificationlegislation.Severalstateshavealsoamendedexistinglawstoexpandbreachobligations.
FTCactions
TheFTCannouncedon21January2014thatithadenteredintono-faultconsentorderswith12companiesthatallegedlyclaimedtheywereincompliancewiththeUS–EUandUS–SwitzerlandSafeHarborprogrammeswheninfacttheircertificationshadlapsed.Theagreementcoversseverallargebusinesses,includingthreeNFLfootballteamsandLevel3CommunicationsLLC,oneofthelargestinternetserviceprovidersintheworld.TheSafeHarborprogrammerequirescompaniestoannuallyre-certifytheircompliancewiththeSafeHarborframework.TheFTCchargedthatbyincludingstatementsint
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 八年级英语Myfuture课件
- JJF(陕) 028-2020 数显糖量计校准规范
- 【培训课件】著作权集体管理之讨论
- 加强抗震救灾安全保障计划
- 办公室消防安全培训
- 读书驿站在社区内搭建临时图书馆提供服务计划
- 2024-2025学年年七年级数学人教版下册专题整合复习卷28.2 解直角三角形(1)(含答案)-
- 班主任的情绪智力提升计划
- 断路器关键部件相关项目投资计划书
- 有效的班级会议组织与实施计划
- 陕西省咸阳市秦都区2023-2024学年八年级上学期1月期末考试语文试题
- 校园眼镜店 项目招商引资方案
- 高中语文统编版(部编版)必修 上册第二单元4《喜看稻菽千重浪》《心有一团火 温暖中人心》《“探界者”钟扬》群文阅读
- HACCP计划年度评审报告
- 中职语文教案:高尔基(节选)教案
- 驾驶服务外包投标方案(完整版)
- 大学课件-机电传动控制(完整)
- 2023-2024学年山东省德州市九年级上学期期末化学质量检测试题(含答案)
- 童年试题附答案
- 端午节食品购销合同
- 江西旅游经济发展调查报告
评论
0/150
提交评论