Chris Wolf to speak on Privacy Data Protection: Transatlantic Developments

Microsoft hosts a discussion panel on the future direction of U.S. privacy policy, the overhaul of the European Data Protection Directive and the transatlantic relationship.

A PANEL DISCUSSION WITH:

Justin Brookman (moderator)

Director, Center for Democracy and Technology, Project on Consumer Privacy

Stacy Feuer

Assistant Director for International Consumer Protection, Federal Trade Commission

Mike Hintze

Assistant General Counsel, Microsoft

Kurt Wimmer

Chair, Global Privacy and Data Security practice, Covington & Burling LLP

Christopher Wolf

Co-Chair, Future of Privacy Forum

 

Friday, December 7, 2012

8:30a.m. – 10:00a.m.

Breakfast will be provided

The event will be located at:

The Microsoft Innovation & Policy Center

901 K Street, 11th Floor, Washington, DC 20001

RSVP directly to [email protected]

 

Nov. 28, 2012 – FPF Senior Fellow Peter Swire to Take on Do Not Track

Best of luck to FPF Senior Fellow and the Ohio State University Moritz College of Law Professor Peter Swire, as he takes on the effort to forge a practical solution for Do Not Track.
Peter’s experience and his evenhanded approach to forging privacy solutions makes him uniquely qualified to take on this challenge.
Jules Polonetsky and Christopher Wolf
Co-Chairmen, Future of Privacy Forum

FPF Senior Fellow Peter Swire Quoted in NYT Front Page Story on ECPA

FPF Senior Fellow and the Ohio State University Moritz College of Law Professor Peter Swire was quoted today in a New York Times front page story highlighting challenges to applying the 1986 Electronic Communications Privacy Act (ECPA) to mobile technologies.

Here is a passage:

As technology races ahead of the law, courts and lawmakers are still trying to figure out how to think about the often intimate data that cellphones contain, said Peter P. Swire, a law professor at Ohio State University. Neither the 1986 statute nor the Constitution, he said, could have anticipated how much information cellphones may contain, including detailed records of people’s travels and diagrams of their friends.

“It didn’t take into account what the modern cellphone has — your location, the content of communications that are easily readable, including Facebook posts, chats, texts and all that stuff,” Mr. Swire said.

The article cites a series of divergent rulings regarding the admissibility of information obtained from cellular devices, highlighting the lack of a clear legal standard on cellular information and privacy.

The NY Times article was published ahead of Thursday’s Senate Judiciary Committee vote on a proposed amendment to ECPA.

Personal reflection and report: together at the 34th annual meeting of data protection authorities and privacy commissioners

FPF Founder and Co-chair Christopher Wolf has captured some of the remaining differences in international approaches to privacy in his reflections on last month’s 34th annual meeting of data protection authorities and privacy commissioners in Punta del Este, Uruguay.

The article  is featured in the International Association of Privacy Professionals’ (IAPP) current issue of  “the Privacy Advisor.”

FPF to co-host App Developers Privacy Summit series in D.C. on Nov. 29th

We’re hosting an event with the Application Developers Alliance in D.C. on Thursday, November 29th and we would love to see you there! It’s free to register, but space is limited.  Here are the details – please feel free to share this information with anyone who might be interested:

Free Happy Hour + Application Developer Privacy Conversation – Thursday, November 29 at Living Social

WHAT:  Happy Hour and Open Discussion – How are privacy policies going to impact developers’ work? What can you do influence the debate? No charge, but you must register to reserve a spot – REGISTER NOW

WHO: Leading the discussion — Tim Sparapani, Sr. Advisor for Policy and Law, Application Developers Alliance; Colin O’Malley, Chief Strategy Officer, Evidon; Jeff Brueggeman, Vice President-Public Policy and Deputy Chief Privacy Officer, AT&T; Michael Mayernick, Co-Founder, Spinnakr;  Jules Polonetsky, Co-chair and Director, Future of Privacy Forum; FTC representative (tbc)

WHEN:  Thursday, November 29 – 6:30-9:30pm

WHERE:  Living Social, Dupont Room — 918 F Street, NW  Washington, DC 20004

WHY:  Developers are in the crosshairs of a nationwide explosion of lawmaking. Legislators and regulators are making decisions about software privacy that will make your work more difficult, and this is your opportunity to make your voice heard. Anyone who writes software — no matter the language or platform — must understand the issues and take the lead in the discussion to ensure privacy protections are effective but do not impede growth in the business of creating software.

That’s why we’ve brought the privacy conversation to developers in cities across the U.S. The series includes conversations guided by discussion leaders to help developers better understand the changing privacy landscape and give them a voice in the dialogue. This isn’t a heavy event, it’s a conversation led by and for developers which is why we’re also providing a fully stocked happy hour. Because we know even the biggest challenges can be solved over a few beers (just not too many). REGISTER NOW.

HOSTED BY: SpinnakrFortifyHin.geFuture of Privacy ForumMoDev, and Living Social. Nationwide App Developers Privacy Summitseries sponsored by AT&TTRUSTe and Evidon.

Nov. 13, 2012 Epic.org Privacy Chat via Twitter #PrivChat

This weeks event features FPF Senior Fellow, Peter Swire. Peter is Faculty Advisor for 2012-2013 Symposium “The Second Wave of Global Privacy Protection” to be held on November 16, 2012.

Topics to be discussed can be submitted in advance of the chat, either on Twitter using the #PrivChat OR via the Privacy Camp Blog.

For more information and how to join the conversation click here.

New Smart Grid Research Shows Last Generation Technologies Pose Privacy Risks

Researchers at the University of South Carolina have published research showing that some types of electrical meters are broadcasting unencrypted information that could enable eavesdropping on energy usage data. New meters based on AMI (advanced metering infrastructure) should avoid this problem because they use encryption as recommended by the National Institute of Standards and Technology’s Smart Grid Interoperability Panel.

For more information: Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems

 

Proposed Framework for a Policy Protecting Customer Information Privacy in Michigan

The Michigan Public Service Commission (MPSC) recently requested information and comments related to its proposed framework for a policy protecting customer information privacy. The Commission’s current rules, 1999 AC, R 460.101 et seq., Consumer Standards and Billing Practices for Residential Customers provide some limited protection of customer privacy with respect to billing information. The new framework under consideration is a set of best practices intended to address customer data privacy related to advanced metering infrastructure.

While many of the suggested protection will be welcome, it is worth flagging at least one aspect of the framework, which will make it extremely inconvenient for consumers who want to easily activate new devices that responsibly take advantage of smart grid data. The framework requires that “customer usage data, personally identifiable information, and certain other customer information are only disclosed to third parties with the customer’s written consent.” Companies with responsible privacy practices in place should be able to use electronic means to make consent simple for consumers.

For additional information, see the announcement:

http://www.michigan.gov/lara/0,4601,7-154-10573_11472-289300–,00.html

Nov. 2, 2012 With Chairman’s Likely Exit, Guessing Game Has Begun at the Federal Trade Commission

Regardless of who wins in Tuesday’s voting, Federal Trade Commission Chairman Jon Leibowitz is widely expected to leave his post after the election, sparking speculation over who could be in line to head the agency charged with protecting consumers and ensuring competition.

“Chairman of the FTC, if you’re a privacy person or a consumer-protection person, it’s a once-in-a-lifetime opportunity,” said Jules Polonetsky, Director and Co-Chairman of the Future of Privacy Forum.

UK Parliament Rejects Commission’s Data Protection Proposal Despite Promise for More Flexibility

The European Commission’s Data Protection Reform Proposal came under fire in a just-issued report by the UK House of Commons Justice Committee that called the proposed Regulation “overly prescriptive” and lacking “flexibility or discretion” for data controllers and regulators. While The UK Justice Committee report concludes that a Regulation is necessary in order to update the 1995 Directive, and to account for the rapidly changing technological environment and address individuals’ rights, it does not believe that the current proposal is “proportionate, practicable, affordable or am effective system of data protection in the EU.”

EU Justice Commissioner Viviane Reding recently responded to similar criticism from Member States by outlining three key areas where flexibility could be added to the Commission’s existing draft data protection reform. Commissioner Reding’s announcement came during the Justice Council Meeting on October 26, 2012 in Luxemburg, several days before the EU Justice Committee released its report.

First, the Commissioner highlighted the reform’s intention to further reduce administrative burdens on companies and asserted the potential to broaden SME exemptions by taking an approach that accounts for the amount and sensitivity of the data processed.

Second, the Commissioner conceded that the delegated and implementing acts foreseen by the Regulation should be reviewed “one by one” and limited to cases in which they are “truly necessary.” However, Citing that Delegated and implementing acts are necessary in certain circumstances, Commissioner Reding  proposed three specific review criteria that should determine each case. The Commissioner believes these criteria could lead to a reduction of Commission empowerment by 40%: (1) “need to avoid fragmentation”, (2) “the need to supplement rather than amend the regulation”, and (3) “maintaining the technologically neutral character of law.”

Third, the Commissioner acknowledged that specific rules for public sector data processing are necessary in some cases; and that the Commission is willing to introduce more legislative flexibility on this point. However, Commissioner Reding believes that this necessary flexibility can and should be achieved through regulation and asserts that the Commission’s draft “already foresees 20 cases in which specific rules are adapted to the public sector.”

It is unclear how the UK Justice Committee’s report, which largely calls for the Draft Data Protection Reform to be re-written, will affect current discussions in the EU Parliament and Council.

-Julian Flamant