On June 12, 2009 the Article 29 Data Protection Working Party adopted an opinion regarding its expectations for operators, application providers and users of social networking services – including those based outside the EU – to meet the requirements of EU data protection law. See WP 163, “ Opinion 5/2009 on online social networking.”
|
A report commissioned by the Office of the Privacy Commissioner of Canada concludes that Canada's Personal Information Protection and Electronic Document Act (PIPEDA) applies to Second Life, a massively multiplayer online game (MMOG) operated by Linden Lab, which is based in San Francisco, California. The report also concludes that the centralized collection of content, personal information, and "player data" in Second Life, and other MMOGs, may raise significant privacy concerns. The original report, written by a law student at the University of Ottawa, is available here. The Office of the Privacy Commissioner of Canada is inviting responses to the report on its blog.
|
|
|
The New York Times reported today that diplomats from the EU and the US may be nearing agreement on a "binding international agreement" to enable law enforcement and security agencies to obtain and process personal data from the EU without the restrictions that are currently placed on the onward transfer of personal data from the EU to the US. Will this agreement eliminate the frustrating compliance hurdles for private companies doing business in the EU?
|
UPDATED: June 26, 2008 11:23 PM.
The Bush Administration announced today that it will lift longstanding economic sanctions against North Korea in response to North Korea's release of a 60-page declaration on its nuclear program. While the pundits wrangle over the politics, companies that were formerly restricted in business dealings with North Korea by the Office of Foreign Asset Controls ("OFAC") may begin transacting business in and with North Korea effective immediately. But there is a catch . . .
|
Regulators in the United States and the European Union take very different approaches to the nature of IP addresses in data protection law. The United States' regulatory system does not generally treat IP addresses as personal data. The European Union-level administrative position, however, is that IP addresses constitute personal data when they can be linked to an individual user.
|
October 24, 2007 | Posted by Contributor
The U.S. Department of Commerce hosted a conference entitled “Conference on Cross Border Data Flows, Data Protection, and Privacy” in Washington, DC on October 15 and 16.
|
On August 5, 2007, President Bush signed the "Protect America Act of 2007." The Act amends the Foreign Intelligence Surveillance Act of 1978 such that surveillance directed at a person reasonably believed to be located outside the United States no longer requires a government application to, and order issuing from, the FISA Court. Under the Act, communications can be monitored (i.e., intercepted) in real time or reviewed after receipt and storage, for example, in the case of email. The Act provides procedures for the government to issue directives to providers to provide data or assistance, for the government to seek an order to compel provider compliance from the FISA Court, and for the recipient of a directive to seek relief from the FISA Court from an unlawful or overly burdensome directive. Under the Act, providers receive cost reimbursement and full immunity from civil suits for compliance with any directive.
|
Priceline, Travelocity and Cingular Wireless each contracted with DirectRevenue LLC to deliver ads to consumers. To service its clients (including Priceline, Travelocity and Cingular Wireless), DR installed adware on millions of computers. The adware, which was undisclosed to users and difficult to remove, monitored the websites visited by the users and collected the information they typed into web forms. The NY AG filed a law suit alleging that DirectRevenue had violated New York consumer protection law, then pursued DirectRevenue's three major advertiser clients.
|