October 25, 2012
I've been invited by the University of Oxford
October 18, 2012
French Regulator Says Google Violates EU Privacy Rules
April 19, 2012
KOREAN NEW DATA PROTECTION ACT
March 17, 2012
TAIWAN'S NEW DATA PROTECTION ACT
The PDPA does not provide for single oversight body and does not create a data protection authority. Enforcement is left to the Ministries responsible for each industry sector. The Act in chapter V provides for provisions on the criminal offences. Interestingly, like the Korean new law, the PDPA allows damages action as well as class action be taken companies and organisations.
March 16, 2012
Lawmakers Focus on Cyberattacks on Infrastructure
During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago. The increase has prompted a new interest in cybersecurity on Capitol Hill, where lawmakers are being prodded by the Obama administration to advance legislation that could require new standards at facilities where a breach could cause significant casualties or economic damage.
Read the article: http://gigalaw.com/2012/03/14/lawmakers-focus-on-cyberattacks-on-infrastructure/ (Source: The New York Times)
March 1, 2012
French Agency Says Google’s Privacy Policy May Be Illegal
The French data protection authority said that Google’s new privacy policy appeared to violate European Union law, raising the stakes in a showdown with the company only days before it planned to put the new system into effect. Google announced the new policy last month, billing it as a way to streamline and simplify the privacy practices it employed worldwide across about 60 different online services, and to introduce greater clarity for users.
Read the article: http://gigalaw.com/2012/02/28/french-agency-says-googles-privacy-policy-may-be-illegal/ (Source: The New York Times)
February 23, 2012
British Judge Allows Serving Claims via Facebook
Legal authorities said that a High Court judge in England has approved the use of Facebook to serve legal claims. Lawyers in a commercial dispute were granted permission to serve a suit against a defendant via the popular social networking site.
Read the article: http://gigalaw.com/2012/02/21/british-judge-allows-serving-claims-via-facebook/ (Source: The Washington Post)
January 29, 2012
THE PROPOSED PHILIPPINES DATA PRIVACY ACT
Professor Abu Bakar Munir
In June 2011, the Philippines House of Representatives passed the Data Privacy Bill. Subsequently, the proposed law was considered by the Senate in its second regular session and some changes were adopted. Understandably, the proposed law seeks to protect personal information. Like the data protection laws around the world, the suggested Act, in both versions, specify the privacy or data protection principles, rights of the data subjects, and penalties for the breach of the law.
Under the General Data Privacy Principles, the processing of personal information must be based on the principles of transparency, legitimate purpose and proportionality. Specifically, personal information must be collected for specified and legitimate purpose. The personal information must be relevant, accurate, adequate and not excessive for the purposes that it is collected. Personal information can be retained as long as necessary for the fulfilment of the purposes.
The House of Representatives’ draft law requires that personal information must be processed fairly and lawfully. The Senate dropped out the word “fairly”. So, the Senate’s version only requires the data controller to ensure that the processing is lawful. The Senate added the Principle of Accountability, which is non-existence under the House of Representatives’ version. Under this Principle, every data controller is accountable to comply with the proposed Act and also be accountable for the action or inaction of the data processor. Each data controller is required to designate an individual that will be responsible to ensure compliance.
Both versions of the proposed law provide for several rights to the individual. They are the right to be informed whether an individual’s data is being processed, to have access to personal data and to correct. Remarkably, the proposed law gives a right to the data subject to suspend, block, remove or destruct personal information from the data controller’s filing system if the information is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or direct marketing. Another interesting point is that the proposed law gives a right to the data subject to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
The proposed Act distinguishes personal information and sensitive personal information. The latter, is defined, in a very broad manner by the House of Representatives to include an individual’s race, ethnic origin, marital status, age, genetic or sexual life and education. The Senate, however, does not regard factors such as age, marital status and education as sensitive information.
The major difference relates to the enforcement body. The House of Representatives desires to use the existing organisation, the Commission on Information and Communications Technology (CICT), to enforce the Act. In contrast, the Senate prefers a new entity called the National Privacy Commission to be established to do the job.
January 27, 2012
THE PROPOSED SINGAPORE DATA PROTECTION ACT
January 25, 2012
PERSONAL DATA PROTECTION ACT 2010: BUSINESS AS USUAL?
January 11, 2012
January 5, 2012
SAUDI HACKERS POST PERSONAL INFO ON ISRAELIS
A group of Saudi hackers dubbed Group-XP claimed to have posted the personal information of nearly half a million Israelis online, though credit card companies said the number of compromised records is actually much lower. The hackers said they broke into one of Israel’s top sports Web sites, One.co.il, and redirected visitors to a site where they could download a file containing the personal information of 400,000 Israelis.
Read the article: http://gigalaw.com/2012/01/03/saudi-hackers-post-personal-info-on-israelis/ (Source: PCMag.com)
December 23, 2011
FACEBOOK CHANGES PRIVACY RULES AFTER IRISH PROBE
Facebook agreed to overhaul privacy protection for more than half a billion users outside North America, after a three-month investigation found that its privacy policies were overly complex and lacked transparency. The probe by the Irish Data Protection Commissioner (DPC) at the U.S. group’s international headquarters in Dublin said users were at risk of unknowingly publicizing personal details.
Read the article: http://gigalaw.com/2011/12/21/facebook-changes-privacy-rules-after-irish-probe/ (Source: Reuters)
CHINESE HACKERS BREAK INTO U.S CHAMBER OF COMMERCE
A group of hackers in China breached the computer defenses of America’s top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter. The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers.
Read the article: http://gigalaw.com/2011/12/21/chinese-hackers-break-into-u-s-chamber-of-commerce/ (Source: The Wall Street Journal)
December 9, 2011
JUDGE SAYS BLOGGER DOESN'T QUALIFY AS JOURNALIST
· Read the article: http://gigalaw.com/2011/12/07/judge-says-blogger-doesnt-qualify-as-journalist/ (Source: CNET News)
December 2, 2011
FACEBOOK SETTLES PRIVACY CHARGES WITH FTC
November 24, 2011
DATA PROTECTION LAW IS COMING TO ASIA
Thirty one years after the adoption of the first international instrument, the data protection law is now coming to Asia. Singapore is expected to have the data protection law in 2012 and currently busy consulting the public. The Philippines Congress very recently wrapped up the debate and tabling of the Bill. Malaysia is the first country in ASEAN to do it in June 2010 and its Personal Data Protection Act is likely to be enforced in 2012. Two months earlier than Malaysia, the Taiwanese Parliament passed a comprehensive regulation called the Personal Information Protection Act. Korea follows suit and enacted a new Data Protection Act in March 2011. Who's next?
November 18, 2011
PORN COMPANY SUES ICANN OVER .XXX DOMAIN
November 16, 2011
GERMANY SUSPECTS FACEBOOK OF ILLEGAL TRACKING
Facebook may be tracking the Internet activity of users even after they cancel their accounts, the German data privacy watchdog said. After an investigation of the way cookies are installed after a user opens and then closes a Facebook account, the Hamburg Data Protection agency said on its Web site that it suspected the company was unlawfully tracking subscribers.
· Read the article: http://gigalaw.com/2011/11/03/germany-suspects-facebook-of-illegal-tracking/ (Source: The New York Times)
November 4, 2011
PRIVACY LAW PROMPTS KIDS TO LIE, REPORT SAYS
A federal law aimed at protecting the privacy of children under 13 has instead resulted in millions of kids lying about their age — often with their parents’ knowledge — in order to join Facebook, social media guru Danah Boyd says in a new report. Facebook officially bans kids under 13 — a move that Boyd attributes to the Children’s Online Privacy Protection Act, which prohibits publishers from collecting personal information from users 12 and under without their parents’ permission.
· Read the article: http://gigalaw.com/2011/11/02/privacy-law-prompts-kids-to-lie-report-says/ (Source: MediaPost)