Privacy

Subscribe to Privacy via RSS

On Monday September 7, 2020, the European Data Protection Board (EDPB) issued draft Guidelines 8/2020 on the targeting of social media users (the “Draft Guidelines”). The Draft Guidelines have far-reaching implications for social media platforms, advertisers, and adtech companies, as they will result in a clarification of the roles and responsibilities of the key stakeholders, and establish rules for consent.

The Draft Guidelines are open for public consultation until October 19, 2020. Interested companies can submit their comments to the EDPB.
Continue Reading EDPB Issues Guidelines on Social Media Targeting Under GDPR

Over the last few days, the European Data Protection Board (EDPB), the European Data Protection Supervisor (EDPS) and various Supervisory Authorities (SAs) across Europe issued statements addressing the decision of the European Court of Justice (ECJ) to invalidate the EU-U.S. Privacy Shield framework (Schrems 2.0). Below we summarize some of the main reactions.

The EDPB is working on a set of FAQs that will hopefully provide some level of clarification on key issues that companies now face. The EDPB is meeting on July 22 and 23, and we expect the FAQs to be published shortly thereafter. We will report on these FAQs as soon as they are issued.
Continue Reading Initial Reaction of European Data Protection Regulators to Schrems 2.0 Judgment

On July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield framework (Privacy Shield) invalid. The ECJ upheld the EU Standard Contractual Clauses (SCCs), but ruled that companies must verify prior to any transfer using SCCs that the parties can effectively provide the level of protection required by EU law.
Continue Reading ECJ Invalidates EU-U.S. Privacy Shield and Upholds the Standard Contractual Clauses

In Liu v. Securities & Exchange Commission,1 the Supreme Court upheld, but circumscribed, the Securities and Exchange Commission’s (SEC’s) disgorgement authority by holding 8-1 that the SEC may seek disgorgement through its equitable relief power only if the award does not exceed a wrongdoer’s net profits and is awarded to victims. Although this decision is important in its own right, the Court’s underlying reasoning also has significant ramifications on a similar question regarding the Federal Trade Commission’s (FTC’s) power to obtain equitable monetary relief under 15 U.S.C. § 53(b) (Section 13(b) of the FTC Act).
Continue Reading Liu v. SEC: Foreshadowing a Challenge to the FTC’s Disgorgement Authority

On June 30, 2020 the Federal Trade Commission (FTC) announced that it reached a settlement in its litigation against NTT Global Data Centers (formerly RagingWire Data Centers) over allegations that the company misled customers about its adherence to the EU-U.S. Privacy Shield framework.1 As part of the settlement, the cloud service provider is required to hire a third-party assessor to annually verify its compliance with the Privacy Shield if it chooses to participate in the framework.2 As noted by three commissioners, this order is “more protective of the Privacy Shield Principles than the 14 orders [the] Commission … has approved in prior Privacy Shield Cases.”3
Continue Reading FTC Announces Unusually Stringent Consent Order in Privacy Shield Case Settlement

On June 19, 2020, the Federal Trade Commission (FTC) submitted to Congress two reports that Congress requested in connection with the spending bill that funds the FTC. One of these reports (the “Resources Report”) describes the resources used and needed by the FTC to protect consumer privacy and security, and the second (the “Authorities Report”) describes the FTC’s use of its existing authorities to protect consumer privacy and security.
Continue Reading FTC Outlines Potential Changes to Enhance Privacy and Security Enforcement Efforts If Given More Resources