On April 13, 2016, the Article 29 Working Party (WP29), an influential group of European data protection authorities, issued a non-binding opinion that criticized certain elements of the fledgling Privacy Shield framework. Although the Privacy Shield remains in limbo at this time, a flurry of speculation and Shield-adjacent legal maneuvers have colored the landscape and … Continue Reading
For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the aftermath of the recent invalidation of the Safe Harbor Framework by the Court of Justice of the European … Continue Reading
Last week the European Commission's panel on privacy, commonly known as the Article 29 Working Party, provided long-awaited clarity (in the form of an "Opinion") on whether and how European governments and private enterprise can utilize cloud computing technology in their operations, including processing personal information and other protected data.
Cloud computing is a broad term that varies in context and has been subject to hype, but generally refers to technologies and service models allowing the sharing of on-demand scalable computer resources over the internet, including software programs, computer storage space and elastic computing power. Implementing IaaS systems has allowed companies and governments to significantly reduce capital expenditures by eliminating the need for purchase and maintenance of computer infrastructure equipment. Cloud services also allow for rapid remote deployment of software and network solutions. Additionally, cloud services enable organizations to decrease reliance on developing sophisticated in-house staff since major cloud providers have trained experts monitoring the computing environment.
But, because cloud computing leverages the internet and computing resources in geographically disparate locations, the technologies present serious privacy and data security risks. In addressing this fundamental concern the Opinion indicates that the principal risks are a potential lack of control over data and limited transparency into its processing. A cloud provider's infrastructure can seem opaque and lacking information ensuring the "availability, integrity, confidentiality, transparency, isolation, intervenability and portability of the data". Additionally, due to the collaborative nature of cloud computing, customers may not be aware of subcontractors in the supply chain handling their data. With due respect to the data security risk, many observers consider this to be the great triumph of cloud compuing - that is that is simply "works" without its users having to worry about the back-end.… Continue Reading
Last week we reviewed recent tracking litigation. As part of our ongoing focus on behavioral advertising, below is a summary of recent developments regarding Do Not Track legislation, industry self-regulatory efforts in the United States and abroad, and the FTC’s plan to update its Dot Com Disclosures guidelines. FTC Commissioner J. Thomas Rosch, concerned with … Continue Reading
A recent national survey of smartphone users, not surprisingly, revealed that privacy, transparency, choice, and control are important considerations for users. Indeed, many users indicated that they want more choices and easier access to controls regarding advertising tracking and geolocation data. Legislators and consumer advocacy groups are taking heed. On May 10, 2011, the Senate … Continue Reading