版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
ThePrivacy,
DataProtectionandCybersecurityLawReview
Editor
AlanCharlesRaul
LawBusinessResearch
ThePrivacy,DataProtectionandCybersecurityLawReview
ThePrivacy,DataProtectionandCybersecurityLawReviewReproducedwithpermissionfromLawBusinessResearchLtd.
ThisarticlewasfirstpublishedinThePrivacy,DataProtectionandCybersecurityLawReview-Edition1
(publishedinNovember2014–editorAlanCharlesRaul).
Forfurtherinformationpleaseemail
Nick.Barette@
ThePrivacy,
DataProtectionandCybersecurityLawReview
Editor
AlanCharlesRaul
LawBusinessResearchLtd
THELAWREVIEWS
THEMERGERSANDACQUISITIONSREVIEWTHERESTRUCTURINGREVIEW
THEPRIVATECOMPETITIONENFORCEMENTREVIEWTHEDISPUTERESOLUTIONREVIEW
THEEMPLOYMENTLAWREVIEW
THEPUBLICCOMPETITIONENFORCEMENTREVIEWTHEBANKINGREGULATIONREVIEW
THEINTERNATIONALARBITRATIONREVIEWTHEMERGERCONTROLREVIEW
THETECHNOLOGY,MEDIAANDTELECOMMUNICATIONSREVIEW
THEINWARDINVESTMENTANDINTERNATIONALTAXATIONREVIEW
THECORPORATEGOVERNANCEREVIEWTHECORPORATEIMMIGRATIONREVIEW
THEINTERNATIONALINVESTIGATIONSREVIEWTHEPROJECTSANDCONSTRUCTIONREVIEWTHEINTERNATIONALCAPITALMARKETSREVIEWTHEREALESTATELAWREVIEW
THEPRIVATEEQUITYREVIEW
THEENERGYREGULATIONANDMARKETSREVIEWTHEINTELLECTUALPROPERTYREVIEW
THEASSETMANAGEMENTREVIEW
THEPRIVATEWEALTHANDPRIVATECLIENTREVIEWTHEMININGLAWREVIEW
THEEXECUTIVEREMUNERATIONREVIEW
THEANTI-BRIBERYANDANTI-CORRUPTIONREVIEWTHECARTELSANDLENIENCYREVIEW
THETAXDISPUTESANDLITIGATIONREVIEWTHELIFESCIENCESLAWREVIEW
THEINSURANCEANDREINSURANCELAWREVIEWTHEGOVERNMENTPROCUREMENTREVIEWTHEDOMINANCEANDMONOPOLIESREVIEW
THEAVIATIONLAWREVIEW
THEFOREIGNINVESTMENTREGULATIONREVIEWTHEASSETTRACINGANDRECOVERYREVIEWTHEINTERNATIONALINSOLVENCYREVIEW
THEOILANDGASLAWREVIEWTHEFRANCHISELAWREVIEW
THEPRODUCTREGULATIONANDLIABILITYREVIEWTHESHIPPINGLAWREVIEW
THEACQUISITIONANDLEVERAGEDFINANCEREVIEW
THEPRIVACY,DATAPROTECTIONANDCYBERSECURITYLAWREVIEW
www.TheLawReviews.co.uk
PUBLISHER
GideonRoberton
BUSINESSDEVELOPMENTMANAGER
NickBarette
SENIORACCOUNTMANAGERS
KatherineJablonowska,ThomasLee,JamesSpearing
ACCOUNTMANAGER
FelicityBown
PUBLISHINGCOORDINATOR
LucyBrewer
MARKETINGASSISTANT
DominiqueDestrée
EDITORIALASSISTANT
ShaniBans
HEADOFPRODUCTIONANDDISTRIBUTION
AdamMyers
PRODUCTIONEDITOR
TimothyBeaver
SUBEDITOR
JaninaGodowska
MANAGINGDIRECTOR
RichardDavey
PublishedintheUnitedKingdombyLawBusinessResearchLtd,London
87LancasterRoad,London,W111QQ,UK
©2014LawBusinessResearchLtd
www.TheLawReviews.co.uk
Nophotocopying:copyrightlicencesdonotapply.
Theinformationprovidedinthispublicationisgeneralandmaynotapplyinaspecificsituation,nordoesitnecessarilyrepresenttheviewsofauthors’firmsortheirclients.Legaladviceshouldalwaysbesoughtbeforetakinganylegalactionbasedontheinformationprovided.Thepublishersacceptnoresponsibilityforanyactsoromissionscontainedherein.AlthoughtheinformationprovidedisaccurateasofNovember2014,beadvisedthatthisisadevelopingarea.
EnquiriesconcerningreproductionshouldbesenttoLawBusinessResearch,attheaddressabove.Enquiriesconcerningeditorialcontentshouldbedirected
tothePublisher–
gideon.roberton@
ISBN978-1-909830-28-8
PrintedinGreatBritainbyEncompassPrintSolutions,Derbyshire
Tel:08442480112
ACKNOWLEDGEMENTS
i
Thepublisheracknowledgesandthanksthefollowinglawfirmsfortheirlearnedassistancethroughoutthepreparationofthisbook:
ASTREA
BALLAS,PELECANOS&ASSOCIATESLPCBOGSCH&PARTNERSLAWFIRMDUNAUDCLARENCCOMBLES&ASSOCIÉSELIG,ATTORNEYS-AT-LAW
JONESDAYKIM&CHANGNNOVATIONLLP
NOERR
PINHEIRONETOADVOGADOSSANTAMARINAYSTETA,SCSIDLEYAUSTINLLP
SYNCHADVOKATAB
URÍAMENÉNDEZABOGADOS,SLPWINHELLERRECHTSANWALTSGESELLSCHAFTMBH
CONTENTS
PAGE\*roman
iii
Editor'sPreface v
AlanCharlesRaul
Chapter1 EUROPEANUNIONOVERVIEW 1
WilliamLong,GéraldineScaliandAlanCharlesRaul
Chapter2 APECOVERVIEW 19
CatherineValerioBarradandAlanCharlesRaul
Chapter3 BELGIUM 31
StevenDeSchrijverandThomasDaenens
Chapter4 BRAZIL 43
AndréZonaroGiacchettaandCiroTorresFreitas
Chapter5 CANADA 54
ShaunBrown
Chapter6 FRANCE 70
MeravGriguer
Chapter7 GERMANY 83
Jens-MarwinKoch
Chapter8 GREECE 98
GeorgeBallasandTheodoreKonstantakopoulos
Chapter9 HONGKONG 113
YuetMingThamandJoanneMok
Chapter10 HUNGARY 127
TamásGödölleandPéterKoczor
PAGE\*roman
iv
Contents
Chapter11 ITALY 142
StefanoMacchidiCellere
Chapter12 JAPAN 156
TakahiroNonaka
Chapter13 KOREA 170
JinHwanKim,BrianTae-HyunChung,JenniferSKehandInHwanLee
Chapter14 MEXICO 180
CésarGCruz-AyalaandDiegoAcosta-Chin
Chapter15 RUSSIA 194
VyacheslavKhayryuzov
Chapter16 SINGAPORE 204
YuetMingTham,IjinTanandTeenaZhang
Chapter17 SPAIN 219
CeciliaÁlvarezRigaudiasandReyesBermejoBosch
Chapter18 SWEDEN 230
JimRunstenandCharlottaEmtefall
Chapter19 TURKEY 241
GönençGürkaynakandİlayYılmaz
Chapter20 UNITEDKINGDOM 253
WilliamLongandGéraldineScali
Chapter21 UNITEDSTATES 268
AlanCharlesRaul,TashaDManoranjanandVivekMohan
Appendix1 ABOUTTHEAUTHORS 295
Appendix2 CONTRIBUTINGLAWFIRMS'CONTACTDETAILS 309
PAGE\*roman
v
EDITOR’SPREFACE
ThefirsteditionofThePrivacy,DataProtectionandCybersecurityLawReviewappearsatatimeofextraordinarypolicychangeandpracticalchallengeforthisfieldoflawandregulation.IntheUnitedStates,massivedatabreacheshaveviedwithEdwardSnowdenandforeignstate-sponsoredhackingtomakethebiggestimpressiononbothpolicymakersandthepublic.InEurope,the‘righttobeforgotten’,thedraconiannewpenaltiesproposedinthedraftDataProtectionRegulationandtheSnowdenleaks,havesignificantlyalteredthepolicylandscape.
Moreover,thefreneticconversionoftheglobaleconomytoanincreasinglydigital,internet-drivenmodelisalsostimulatingarapidchangeinprivacy,dataprotectionandcybersecuritylawsandregulations.Governmentsareplayingcatch-upwithtechnologicalinnovation.Itisreportedthathalftheworld’spopulationwillbeonlineby2016andtheeconomiesofemergingnations(except,perhaps,inAfrica)arebeingdevelopeddirectlythroughelectroniccommerceratherthantakingtheintermediatestepofindustrialgrowthasWesterneconomiesdid.Growthandchangeinthisareaisaccelerating,andrapidchangesinlawandpolicyaretobeexpected.
InFrance,whistle-blowinghotlinesaremeticulouslyregulated,butnow,incertainkeyareaslikefinancialfraudorcorruption,advanceauthorisationforthehotlinesisautomaticundera2014legalamendment.InSingapore,2014sawthefirstenforcementmatterunderthatcountry’sPersonalDataProtectionAct–imposingafinancialpenaltyonacompanythatsentunsolicitedtelemarketingmessages.InRussia,anew2014‘forcedlocalisation’lawrequiresdataaboutRussianstobestoredonserversin-countryratherthanwhereverthedatacanbemostefficientlymanagedandprocessed,andjurisdictionsaroundtheworldhavedebatedenactingsuchproposals.Interestingly,whilenoticeofthelocationoftherelevantserversmustbeprovidedtotheRussiandataprotectionauthority,itisnotclearwhetherthelawprohibitspersonaldatatobesimultaneouslystoredbothin-countryandinforeignservers.
TheEuropeanUnioncontinuestoseektoextenditsmodelfordataprotectionregulationaroundtheworldbydeemingonlycountriesthatadoptthe‘omnibus’legislativeapproachoftheEUtobe‘adequate’fordataprotectionpurposes.TheEUmodelisnotbeinguniversallyendorsed,evenoutsidetheUSandtheAsiaandPacific
Editor’sPreface
PAGE\*roman
viii
EconomicCooperation(APEC)economies.Butnonetheless,theEU’sconstraintsoninternationaldatatransfershavesubstantiallyinhibitedtheabilityofmultinationalcompaniestomovepersonaldataaroundtheworldefficientlyforbusinesspurposes.Inparticular,conflictswiththeUSabound,exacerbatedbytheSnowdenleaksregardingUSgovernmentsurveillance.OneoftheprimarymethodsbywhichsuchEU–USdataflowsarefacilitated,theUS–EUSafeHarborregime,hascomeunderattackfromEUparliamentarianswhobelievethatsuchinformationwillnotbeascarefullyprotectedintheUSandcouldbecomemoresusceptibletosurveillance,despitethecomparablesurveillanceauthoritiesofEUintelligenceagencies.
WhilepolicyconflictsoverdataprotectionconflictsappearedtobemoderatingbeforetheSnowdenleaks,afterwards,officialsaroundtheworldprofessedtobesoshockedthatgovernmentswereconductingsurveillanceagainstpossibleterroriststhattheyappeartohavedecidedthatUSconsumercompaniesshouldpaytheprice.Someobserversbelievethatdigitaltradeprotection,andthedesiretopromoteregionalornational‘clouds’,playsomeroleintheantagonismleveledagainstUSinternetandtechnologycompanies.
ThefactthattheUSdoesnothaveanomnibusdataprotectionlaw,andthusdoesnothaveatop-levelprivacyregulatororcoordinator,meansthatithasbeendifficultfortheUStoexplainandadvocateforitsapproachtoprotectingpersonalinformation.ThishasallowedtheEUtofillaperceivedpolicyvoidbydenyingmutualrecognitiontoUSpractices,andtoimposesignificantextraterritorialregulatoryconstraintsonAmericanandothernon-Europeanbusinesses.
Nevertheless,itcannotbedeniedthatprivacyenforcementintheUSisdistinctlymoreaggressiveandpunitivethananywhereelseintheworld,includingtheEU.SubstantialinvestigationsandfinancialrecoverieshavebeenconductedandachievedbytheFederalTradeCommission(whichhascomprehensivejurisdictionoverconsumerdataandbusinesspractices),50stateattorneysgeneral(whohaveevenbroaderjurisdictionoverconsumerprotectionandbusinessactsandpractices),privateclassactionlawyerswhocanbringbroadlegalsuitsinfederalandstatecourts,andaplethoraofotherfederalandstateagencies,suchastheConsumerFinancialProtectionBureau,theFederalCommunicationsCommission,theDepartmentofHealthandHumanServices(formedicalandhealth-caredata),theDepartmentofEducation,theSecuritiesandExchangeCommissionandvariousbankingandinsuranceagencies.
Insum,therearenoshortageofprivacyregulatorsandenforcersintheUS,Europe,andAsia.EnforcementinSouthAmerica,aswellasAfricaandtheMiddleEastappearstobedevelopingmoreslowly.
Trumpingmanyotherprivacyconcerns,however,isthespateofdatabreachesandhackingthathavebeenepidemicandpartofpublicdiscourseintheyearsfollowingCalifornia’senactmentofthefirstdatabreachnotificationlawin2003.WhiletheUSappears(asaconsequenceofmandatoryreporting)tobesufferingthebulkofmajorcyberattacks–onretailers,financialinstitutionsandcompanieswithintellectualpropertyworthstealingbyforeigncompetitorsorgovernments–itisalsotruethattheUSisleadingtherestoftheworldondatabreachnotificationlawsandlawsrequiringthatcompaniesadoptaffirmativedatasecuritysafeguardsforpersonalinformation.
Forcorporateandcriticalinfrastructurenetworksanddatabases,theUShasalsoledthewaywithapresidentialexecutiveorderandtheCybersecurityFramework
developedbytheNationalInstituteofStandardsandTechnologyintheUSDepartmentofCommerce.TheUnitedKingdomhasalsobeenaleaderinthisarea,developingtheUKCyberEssentialsprogramme,whichwillsoonincludeanoptionforcompaniestobecertifiedascompliantwiththeprogramme’scybersecuritystandards.TheEUParliamenthasalsoenactedcybersecuritydirectives,andtheEU’sEuropeanNetworkandInformationSecurityAgencyhasprovidedextensiveandexpertanalysis,guidanceandrecommendationsforpromotingcybersecurityforEU-basedorganisations.
Despiteattemptstoimplementbaselinesforcybersafeguards,itappearsthatnooneisimmuneandnoorganisationissufficientlyprotectedtohaveanyconfidencethatitcanavoidbeingthevictimofsuccessfulcyberattacks,particularlybythesophisticatedhackersemployedbystatesponsors,organisedcrime,socialhacktivistsordetermined,renegadeinsiders(likeSnowden).Governmentagenciesandhighlyresourcedprivatecompanieshavebeenunabletopreventtheirnetworksfrombeingpenetrated,andsometimesarelikelytoidentify‘advancedpersistentthreats’monthsafterthemalwarehasbegunexecutingitsmaliciouspurposes.Thisphenomenallydestructivesituationcannotobtain,andpresumablysomemoreeffectivesolutionswillhavetobeidentified,developedandimplemented.Whatthoseremedieswillbe,however,isnotatallclearas2014yieldsto2015.
Inthecomingyear,itwouldseemplausiblethattherecouldbeeffortsatinternationalcooperationoncybersecurityaswellascross-borderenforcementagainstprivacyviolators.EnforcersintheEU,USandamongtheAPECeconomies,mayincreasinglyagreetoworktogethertopromotethesharedvaluesembodiedinthe‘fairinformationpracticesprinciples’thatarecommontomostnationalprivacyregimes.Inearly2014,astepinthisdirectionwastakenwhenAPECandtheEuropeanUnion’sArticle29WorkingParty(onDataProtection)jointlyreleasedaframeworkbywhichinternationaldatatransferscouldbeeffectuatedpursuanttotheguidelinesofbothorganisations.
Challengesandconflictswillcontinuetobefactorswithrespectto:assurancesofprivacyprotection‘inthecloud’;commonunderstandingsoflimitsonandtransparencyofgovernmentaccesstopersonaldatastoredeitherinthecloud,orbyinternetcompaniesandserviceproviders;differencesabouthowandwheninformationcanbecollectedinEurope(andperhapssomeothercountries)andtransmittedtotheUSforcivildiscoveryandlawenforcementorregulatorypurposes;freedomofexpressionforinternetpostsandpublications;theabilityofcompaniestomarketontheinternetandtotrack–andprofile–usersonlinethroughcookiesandotherpersistentidentifiers;andthedeploymentofdronesforcommercialandgovernmentaldataacquisitionpurposes.
Thebiggestloomingissueofthemall,however,willlikelybe‘bigdata’.Thisisahighlypromisingpractice–basedondatascienceandanalytics–thatcollectsandusesenormousquantitiesofdisparate(andoftenunstructured)data,andappliescreativenewalgorithmsenabledbyvastlycheaperandmorepowerfulcomputerpowerandstorage.Bigdatacandiscoverhelpfulnewpatternsandmakeusefulnewpredictionsabouthealthproblems,civicneeds,commercialefficiencies,andyes,consumerinterestsandpreferences.
ThepotentialsocialutilityofbigdatahasbeenunequivocallyacknowledgedbytheUSadministrationaswellasbythekeypolicymakersintheEU.But,bigdatachallengestheexistingprivacyparadigmofnoticeanddisclosuretoindividualswhoarethenfreeto
makechoicesabouthowandwhentheirdatacanbeusedandcollected.Manyexistingandproposedapplicationsofbigdataonlyworkifthevaststoresofdatacollectedbytoday’scompaniescanbemaintainedandanalysedirrespectiveofpurposelimitations.Suchlimitationsmayhavebeenrelevant(anddisclosed)atthepointofcollection,butnolongeraddressthevalueofthedatatocompaniesandconsumerswhocanbenefitfrombigdataapplications.NumeroushighlythoughtfulreportsbypolicymakersintheUSandEUhavenotedconcernsaboutthepossibilitythatunfetteredbigdataapplicationscouldresultinhiddendiscriminationagainstcertaindemographicgroupsthatmightbedifficulttoidentifyandcorrect;orcouldresultinundueprofilingofindividualsthatmightinhibittheirautonomy,limittheirfinancial,employment,insuranceorevenserendipitouschoices,orpossiblysomehowencroachontheirpersonalprivacy(totheextentthatotherwiseaggregateoranonymousdatacanbere-identified).
Thispublicationarrivesatatimeofenormousfermentforprivacy,dataprotectionandcybersecurity.Readersareinvitedtoprovideanysuggestionsforthenexteditionofthiscompendium,andwelookforwardtoseeinghowthemanyfascinatingandconsequentialissuesaddressedherewillevolveordevelopinthenextyear.
AlanCharlesRaulSidleyAustinLLPWashington,DCNovember2014
PAGE
268
Chapter21
UNITEDSTATES
AlanCharlesRaul,TashaDManoranjanandVivekMohan1
OVERVIEW
Thoughnotuniversallyacknowledged,theUnitedStates’commercialprivacyregimeisarguablytheoldest,mostrobust,welldevelopedandeffectiveintheworld.TheUnitedStates’privacysystemhasarelativelyflexibleandnon-prescriptivenature,relyingmoreonposthocgovernmentenforcementandprivatelitigation,andonthecorrespondingdeterrentvalueofsuchenforcementandlitigation,thanondetailedprohibitionsandrules.Withcertainnotableexceptions,theUSsystemdoesnotapplya‘precautionaryprinciple’toprotectprivacy,butrather,allowsinjuredparties(andgovernmentagencies)tobringlegalactiontorecoverdamagesfor,orenjoin,‘unfairordeceptive’businesspractices.However,USfederallawdoesimposeaffirmativeprohibitionsandrestrictionsincertaincommercialsectors,suchasthoseinvolvingfinancialandmedicaldata,andelectroniccommunications,aswellaswithrespecttochildren’sprivacy,backgroundinvestigationsand‘consumerreports’forcreditoremploymentpurposes,andcertainotherspecificareas.Statelawsaddnumerousadditionalprivacyrequirements.
LegalprotectionofprivacyincivilsocietyhasbeenrecognisedintheUScommonlawsince1890whenthearticle‘TheRighttoPrivacy’waspublishedintheHarvardLawReviewbyProfessorsSamuelDWarrenandLouisDBrandeis.Moreover,fromitsconceptionbyWarrenandBrandeis,theUSsystemforprotectingprivacyinthecommercialrealmhasbeenfocusedonaddressingtechnologicalinnovation.TheHarvard
1 AlanCharlesRaulisapartnerandTashaDManoranjanandVivekMohanareassociatesatSidleyAustinLLP.Passagesofthischapterwereoriginallypublishedin‘Privacyanddata
protectionintheUnitedStates’,TheDebateonprivacyandsecurityoverthenetwork:Regulationandmarkets,2012,FundaciónTelefónica;andRaulandMohan,‘TheStrengthoftheU.S.CommercialPrivacyRegime’,31March2014,amemorandumtotheBigDataStudyGroup,USOfficeofScienceandTechnologyPolicy.
UnitedStates
PAGE
269
professorsastutelynotedthat‘[r]ecentinventionsandbusinessmethodscallattentiontothenextstepwhichmustbetakenfortheprotectionoftheperson,andforsecuringtotheindividual[…]theright“tobeletalone”’.In1974,CongressenactedthefederalPrivacyAct,regulatinggovernmentdatabases,andfoundthat‘therighttoprivacyisapersonalandfundamentalrightprotectedbytheConstitutionoftheUnitedStates’.ItisgenerallyacknowledgedthattheUSPrivacyActrepresentedthefirstofficialembodimentofthefairinformationprinciplesandpracticesthathavebeenincorporatedinmanyotherdataprotectionregimes,includingtheEuropeanUnion’s1995DataProtectionDirective.
TheUShasalsoledthewayfortheworldnotonlyonestablishingmodellegaldataprotectionstandardsinthe1974PrivacyAct,butalsointermsofimposingaffirmativedatabreachnotificationandinformationsecurityrequirementsonprivateentitiesthatcollectorprocesspersonaldatafromconsumers,employeesandotherindividuals.ThestateofCaliforniawasthepathbreakerondatasecurityanddatabreachnotificationbyfirstrequiringin2003thatcompaniesnotifyindividualswhosepersonalinformationwascompromisedorimproperlyacquired.Sincethen,approximately47states,theDistrictofColumbiaandotherUSjurisdictions,andthefederalbanking,health-careandcommunicationsagencieshavealsorequiredcompaniestoprovidemandatorydatabreachnotificationtoaffectedindividuals,andimposedaffirmativeadministrative,technicalandphysicalsafeguardstoprotectthesecurityofsensitivepersonalinformation.Dozensofothermedicalandfinancialprivacylawsalsoexistinvariousstates.Thereis,however,nosingleomnibusfederalprivacylawintheUS.Moreover,thereisnodesignatedcentraldataprotectionauthorityintheUS,thoughtheFederalTradeCommission(FTC)hasessentiallyassumedthatroleforconsumerprivacy.TheFTCisindependentofthePresident,andisnotobliged(thoughitisencouraged)torespecttheAdministration’sperspectiveontheproperbalancebetweencostsandbenefitswithrespecttoprotectingdataprivacy.
AsintheEUandelsewhere,privacyanddataprotectionarebalancedintheUS
inaccordancewithotherrightsandintereststhatsocietiesneedtoprosperandflourish,namely,economicgrowthandefficiency,technologicalinnovation,propertyandfreespeechrightsand,ofcourse,thevaluesofpromotinghumandignityandpersonalautonomy.ThemostsignificantfactorincounterbalancingprivacyprotectionsintheUS,perhaps,istherighttofreedomofexpressionguaranteedbytheFirstAmendment.Preservingfreespeechrightsforeveryonecertainlyentailscomplicationsfora‘righttobeforgotten’sinceoneperson’sdesireforoblivionmayruncountertoanother’ssenseofnostalgia(orsomeotherdesiretomemorialisethepastforgoodorill).
TheFirstAmendmenthasalsobeeninterpretedtoprotectthepeople’srighttoknowinformationofpublicconcernorinterest,evenifittrenchestosomeextentonindividualprivacy.CompanieshavealsobeendeemedtohaveaFirstAmendmentrighttocommunicaterelativelyfreelywiththeircustomersbyexchanginginformationinbothdirections(subjecttotheinformationbeingtruthful,notmisleading,andotherwisenotthesubjectofanunfairordeceptivebusinesspractice).
ThedynamicandrobustsystemofprivacygovernanceintheUnitedStatesmarshalsthecombinedfocusandenforcementmuscleoftheUSFederalTradeCommission,stateattorneysgeneral,theFederalCommunicationsCommission,theSecuritiesandExchangeCommission,theConsumerFinancialProtectionBureau(andotherfinancialandbankingregulators),theDepartmentofHealthandHumanServices,
theDepartmentofEducation,thejudicialsystem,andlast–butcertainlynotleast–thehighlymotivatedandaggressiveUSplaintiffs’bar.Takentogether,thisenforcementecosystemhasproventobenimble,flexible,andeffectiveinadaptingtorapidlychangingtechnologicaldevelopmentsandpractices,respondingtoevolvingconsumerandcitizenexpectations,andservingasameaningfulagentofdeterrenceandaccountability.Indeed,theUSenforcementandlitigation-basedapproachappearstobeparticularlywellsuitedtodealwith‘recentinventionsandbusinessmethods’–namely,newtechnologiesandmodesofcommerce–thatposeeverchangingopportunitiesandunpredictableprivacychallenges.
THEYEARINREVIEW
AswithnearlyotherareaofrecentlegislativeactivityinWashington,Congresshasnotbeenabletoactonprivacy,consumerdatasecurity,databreachnotificationorcybersecuritylegislation.WhiletheAdministrationofPresidentObamahascalleduponCongresstoenacta‘ConsumerPrivacyBillofRights’andlegislationtohelpprotectcybersecurityfor‘criticalinfrastructure’,partisangridlock,aswellasconcernaboutover-regulatingtheprivatesector,hasstalledaction.Thecongressionalstalematewasconsiderablyshakenup,however,whenformerNationalSecurityAgency(NSA)contractorEdwardSnowdenleakedinformationregardingUSgovernmentsurveillanceprogrammestoTheGuardianandTheWashingtonPostinthesummerof2013.ThissparkedamediafrenzyaroundvariousNSAsurveillanceprogrammes.SomeoftheallegationsconcernedunauthorisedsurveillanceofUScitizensorforeignintelligencetargetswithintheUnitedStates,whileotherssuggestedwidespreadsurveillanceoutsidetheUS.
Asaresultofthesedisclosures,foreigngovernments,includingwithintheEuropeanUnion,expressedconcernregardingthebreadthofNSAsurveillanceoutsidetheUnitedStates.Forexample,theEUArticle29WorkingPartysentalettertoEUJusticeCommissionerVivianeRedingsuggestingapossibleinvestigationofviolationsbytheUSoftheEU’sdataprotectionrules.2
ThemediaandpoliticalfirestormsurroundingtheSnowdendisclosureshasledtheexecutivebranchtointroduceproposalsregardingNSAandcommercialdatacollectionprocesses.Inadditiontoitsproposalsforreformsofthegovernment’sbulkmetadatasurveillance,theWhiteHousehasalsoissuedreportsandrecommendationsfordatacollectionintheprivatebigdatasector.Followingcloselyonthis,on29MaytheFTCissuedamuchanticipatedreportonbigdatathatheavilycriticisedthelackoftransparencyinthedatabrokeringindustry,offeredrecommendationsforconsumercontrolofinformationandadvocatedforbroadlegislationthatwouldnotonlycreateobligationsforanalyticscompanies,butalsoforretailersthatmayprovidethemwithinformation.Significantly,however,thereportdoesnotsuggestthatanycurrentdatabrokerpracticesareillegalunderexistinglaw.
SeeJacobKohnstamm,ChairmanofEUArticle29WorkingParty,lettertoVivianeReding(13August2013),availableat
http://ec.europa.eu/justice/data-protection/article-29/
documentation/other-document/files/2013/20130813_letter_to_vp_reding_final_en.pdf.
Cybersecurityremainsahottopic,althoughexpectationsforcongressionalactionremainuncertain.Legislativeactioninthestatescontinues,withKentuckybecomingthe47thstatetohavepasseddatabreachnotificationlegislation.Severalstateshavealsoamendedexistinglawstoexpandbreachobligations.
FTCactions
TheFTCannouncedon21January2014thatithadenteredintono-faultconsentorderswith12companiesthatallegedlyclaimedtheywereincompliancewiththeUS–EUandUS–SwitzerlandSafeHarborprogrammeswheninfacttheircertificationshadlapsed.Theagreementcoversseverallargebusinesses,includingthreeNFLfootballteamsandLevel3CommunicationsLLC,oneofthelargestinternetserviceprovidersintheworld.TheSafeHarborprogrammerequirescompaniestoannuallyre-certifytheircompliancewiththeSafeHarborframework.TheFTCchargedthatbyincludingstatementsint
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 血液制品使用安全护理文书
- 初中诚信友善品德培养主题班会说课稿2025
- Unit 14 One,two,three,catch!说课稿2025年小学英语1A新概念英语(青少版)
- 初中2025文明主题班会说课稿
- 上饶卫生健康职业学院《安全监察和管理》2025-2026学年第一学期期末试卷(B卷)
- 上饶卫生健康职业学院《ASP.NET程序设计》2025-2026学年第一学期期末试卷(B卷)
- 初中语文2025年说课稿
- 上海音乐学院《安全原理》2025-2026学年第一学期期末试卷(B卷)
- 26年DRG下检测适配操作指引
- 上海震旦职业学院《安全科学与工程导论》2025-2026学年第一学期期末试卷(A卷)
- 2025年深圳非高危安全管理员和企业负责人习题(有答案版)
- 2025年R2移动式压力容器充装证考试题库(含答案)
- 黄体破裂护理查房课件
- (正式版)DB52∕T 1888-2025 《数据中心运行与管理人才培养规范》
- 工厂信息安全培训课件
- 垃圾处理厂安全培训资料课件
- GJB2351A-2021航空航天用铝合金锻件规范
- 基于SLP的公司仓库布局优化研究
- 2025年中国球笼配件市场调查研究报告
- (2025年标准)u盾授权协议书
- 2025年浙江省乐清市辅警招聘考试试题题库附答案详解(精练)
评论
0/150
提交评论