Privacy Law

WPF Comments to OMB regarding AI and Privacy Impact Assessments

The World Privacy Forum has filed detailed comments to the U.S. Office of Management and Budget (OMB) in response to its Request for Information on Privacy Impact Assessments. Specifically, OMB requested information about how the U.S. Federal government should update or adjust its requirements for Privacy Impact Assessments (PIAs) in regards to changes to data ecosystems brought about by Artificial Intelligence (AI). WPF provided substantive recommendations regarding administrative provisions of the Privacy Act, scalable automated AI governance tools for privacy and trustworthy AI, ensuring nimble processes for privacy and AI assessments, and ensuring balanced, skillful socio-legal-technical decisionmaking.

Another reminder that student privacy matters: Student doxing through FERPA loopholes

Today Inside Higher Ed wrote an excellent article about the relationship of the Family Educational Rights and Privacy Act (FERPA) and the recent doxing of Harvard students. In short, it was easy to dox the students based on information the college published — legally — about them. FERPA was supposed ...

New Zealand’s New Privacy Law 2020 is Now in Force

New Zealand has meaningfully updated its privacy law, The Privacy Act 2020, which took force December 1. The new Privacy Act 2020 is a significant advancement of New Zealand’s privacy law, and encompasses numerous changes, including: Data Breach Reporting Obligations : There are new reporting obligations for data breaches. Companies ...

Expert Commentary: Kenya follows the path of European-style Data Protection

Guest Post by Dr. Isaac Rutenberg, Director and Senior Lecturer, Centre for Intellectual Property and Information Technology Law, Strathmore University, Nairobi, Kenya. On the 8th of November, the President of Kenya signed into law the Data Protection Act 2019. This action completed a process that spanned more than a decade, and allows Kenya to enter a new phase with respect to the evolving centricity and treatment of data in society. This article looks at the content of the Act, highlights important and interesting provisions, and concludes with predictions as to the implementation.

Europe has reached agreement on new Data Protection Regulation

After four years of negotiations, the EU Commission, Parliament, and Council have reached a final agreement on the General Data Protection Regulation (GDPR). The GDPR is an omnibus data protection law which sets arguably the most extensive data protection laws globally, along with strong enforcement authority. The new law contains ...

Privacy News: Obama launches sweeping privacy plan

President Obama announced a sweeping set of proposals around privacy today as he spoke from the venue of the FTC. The World Privacy Forum is pleased with the announcement, but retain some concerns. "We are pleased to see the Consumer Privacy Bill of Rights head into actual legislation at long ...

Privacy News: A decade-plus of compliance reports from the NSA Intelligence Oversight Board

On Christmas Eve, the US National Security Agency (NSA) declassified and released 12 years of reports outlining compliance violations that were submitted to the NSA Intelligence Oversight Committee. The reports, which are required by law, had previously been classified and were the subject of a legal battle between the ACLU and the government. Although heavily redacted, the reports the NSA released of are vital interest to the public because they reveal a pattern of significant privacy violations and in some cases serious abuses in granular detail.

WPF participating in Human Rights review, civil society consultation

The World Privacy Forum will be speaking about medical and health privacy rights in the Universal Periodic Review as part of the Civil Society Consultation for the United States. The UPR is an important cyclical process run under the auspices of the UN Human Rights Council. The last UPR was ...

Privacy Spotlight: FTC Big Data Event

Big Data and its potential for inclusion and exclusion was on center stage this past September as the FTC held a day-long workshop with experts from industry, technology, privacy, civil liberties, and academia. World Privacy Forum's Executive Director Pam Dixon, a panelist at the event, spoke about Big Data and privacy, emphasizing several key points, including the need for statistical parity, fairness, and the need for keeping existing consumer protection regulation.

California consumers get new smartphone remote lock law, plus tips for iPhone users

California Governor Jerry Brown signed a new law today that requires smartphone phone manufacturers to put a “kill switch” (remote lock) in phones, and to turn it on by default. Lawmakers have stated that they see this as an important way to reduce smart phone crimes. For consumers, it’s a way to prevent our personal information from getting into the wrong hands when we misplace, lose, or otherwise are missing our smartphones. Apple users can already use Find My iPhone as a remote lock. See more ...

Consumer experiences of job searching and online reputation

Reputation and privacy -- Pam Dixon spoke at the Southwestern Law School Privacy Conference on the topic of reputational privacy Friday the 22cnd along with Neville Johnson and Paul Tweed. Dixon highlighted three key consumer situations WPF assisted with recently, discussing the employment challenges consumers faced when harmful material was available online during the job search process.

Debating the future of privacy

Arizona School of Law -- Pam Dixon participated as a discussant and contributor to the Arizona School of Law's private workshop on the topic of the future of privacy. Key areas of discussion included the European Union's Right to be Forgotten proposal, consent and health privacy, and Do Not Track.

US Supreme Court delivers opinion about GPS tracking

01/23/2012 GPS tracking | United States v. Jones -- The US Supreme Court unanimously ruled that police must get a warrant before using GPS devices to track criminal suspects. This case was narrow and dealt specifically with a GPS device physically attached to a suspect's vehicle. The concurring opinion of Justice Sotomayor points out that the subtler issues of digital era tracking were not dealt with in this case, for example, cell phone tracking, web site tracking, etc. She wrote: "More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U. S., at 742; United States v. Miller, 425 U. S. 435, 443 (1976)." She continued: "This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."

Public Comments: September 2010 - Joint comments on the Proposed Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH

In our view, the Department’s proposed changes to HIPAA regarding marketing are contrary to the law. Current law requires that paid communications for any marketing should be allowed only on an opt-in basis. We oppose the Department’s proposed regulation that would allow communications paid for by third parties who are not the entities whose product or service is being described in the communication.

WPF files two sets of key comments on HIPAA privacy rule

Health privacy and HIPAA -- The World Privacy Forum filed two sets of detailed regulatory comments on recently proposed changes to HIPAA. The first comments focused on proposed changes to HIPAA in the area of marketing patient information. The proposed changes would be harmful to patient privacy, and are contrary to the law. WPF was joined in the marketing comments by the Center for Digital Democracy, Consumer Action, Consumer Federation of America, the Electronic Frontier Foundation, Privacy Activism, Privacy Rights Clearinghouse, and Privacy Times. The second set of comments WPF filed included the comments on marketing as well as on additional provisions that would be problematic if enacted.

WPF Resource Page: State Security Freeze Laws and General Information

A credit freeze (sometimes called a security freeze) lets you stop the disclosure of your credit report by a credit bureau. Currently, the three credit bureaus are allowing all consumers nationwide to set a security freeze for a fee. Some states have specific security freeze laws; a list of states with security freeze laws may be found below. However, even if you live in a state without a security freeze law, you can still set a security freeze.

California Health Information Identification data base California CHILI database now online

Resource -- A substantial new resource for individuals seeking to research California laws and regulations regarding health information has come online. The CHILI database is a project of the California Office of Health Information Integrity, and has interfaced with the California Privacy and Security Advisory Board, which the World Privacy Forum co-chairs. The CHILI database can be searched by HIPAA section, California Code section, California health information law keywords, or by statutory scheme.