October 19, 2018

October 18, 2018

Subscribe to Latest Legal News and Analysis

October 17, 2018

Subscribe to Latest Legal News and Analysis

October 16, 2018

Subscribe to Latest Legal News and Analysis

Weekly Data Privacy Alert – 27 November


Resolutions of the 94th Conference of Data Protection Authorities

Under the chair of the Data Protection Officer of Niedersachsen, on November 8 and 9, 2017, the Conference of the Independent Data Protection Authorities of the Bund and the Länder held its autumn meeting to discuss current data protection issues.

In a resolution, the Data Protection Authorities took a stand against the unfounded data retention of travel data. The German legislator should correct the retention of passenger name records in the light of the opinion of the European Court of Justice (Opinion 1/15 from 26 July 2017) on the passenger name record agreement between Canada and the EU.

In a further resolution, the Data Protection Authorities called for the implementation of the General Data Protection Regulation also into media law. According to the Data Protection Authorities, both the state broadcasting treaties and press and media legislation need to be amended.

Bavarian Supervisory Authority Examines Encryption of Websites

Considering that cyberattacks have significantly increased in recent years, the Bavarian Supervisory Authority (Authority) has announced that it plans to strengthen its concern in relation to the cybersecurity of Bavarian companies. As a first step, the Authority plans to examine the encryption of websites of Bavarian providers.

According to the Authority, experience shows that many companies do not operate state-of-the-art webservers. They often lacked certificates or a sufficient HTTPS configuration, which results in customer data being transmitted to the target server without proper encryption and thus susceptible to being tapped into.

The Authority plans to offer a new online service that gives companies and citizens the opportunity to notify websites to the Authority for examination. Companies that want their own website to be examined can obtain a written feedback with the results of the test. More details on this procedure can be found in the Authority’s press release.


US Congressional Subcommittees to Hold Hearing on Technology Company Data Privacy

Technology company data protection policies will be discussed at a House Communications and Consumer Protection joint subcommittee hearing on November 29 in Washington DC. The hearing, fulfilling a promise made by House Commerce Chairman Greg Walden, R-Ore., will examine how use of algorithms affects consumer privacy and choice with online content. Witnesses include Jeremy Grant, managing director, Venable; Troy Hunt, information security author, Pluralsight; and Ed Mierzwinski, consumer program director, US Public Interest Research Group. According to the Subcommittee chairs, the “hearing will examine how actions taken by tech companies and online platforms affect consumer privacy and choice” and “members will have the opportunity to hear from research experts and academics about the impacts of online algorithms, advertising, privacy policies, consumer data flows, content regulation practices, and more.”

FCC Chair Formally Proposes to Return Oversight of Broadband Privacy Practices to Federal Trade Commission and Pre-empt Inconsistent State and Local Regulations

On November 22, the Chairman of the Federal Communications Commission released a proposed order that, among other things, would formally return authority to regulate broadband privacy and data security to the Federal Trade Commission. This proposal, which is highly likely to be adopted by the FCC on a partisan vote at its December 14 meeting, reflects the reclassification of retail broadband service as an information service, instead of a telecommunications service. It was imposition of that latter classification by the Democratic-controlled FCC that divested the FTC of privacy oversight over such providers. The proposed order also pre-empts “any state and local measures that would effectively impose rules or requirements that we have repealed or decided to refrain from imposing or that would impose more stringent requirements for any aspect of broadband service that we address in this order.” Such pre-emption could apply to state efforts to impose privacy requirements on broadband providers, which had been proposed in some states, such as California.


ICO Fines Nursing Auxiliary for Unlawfully Accessing Patient Records

On 16 November 2017, the ICO announced that a nursing auxiliary has been fined for accessing a patient’s medical records without a valid legal reason.

The nursing auxiliary had worked at the Royal Gwent Hospital in Newport when she unlawfully accessed the records of the patient, who was known to her, on six occasions between 2015 and 2016. This was done without a valid business backing and without the knowledge of the data controller. The nurse was fined £232 and was ordered to pay £150 costs, as well as a £30 victim surcharge.

ICO Grants Programme Supports Independent Research Into Four Privacy and Data Protection Challenges

In June 2017, the ICO launched innovative new research into children’s online privacy and also medical data sharing and consent. New digital tools protecting pseudonymised data and personal information rights in the financial services sector are also among the first independent research projects to be supported by the ICO Grants Programme.

The programme called for proposals for independent research into new, practical solutions for privacy challenges and issues affecting UK citizens, both now and in the future.

The ICO received 117 applications, which were assessed and filtered by two review panels, comprising both ICO experts and external peers. Further information about the successful bids will be published in the near future on the ICO Grants Programme page. The programme will open for a second round of funding in 2018.

© Copyright 2018 Squire Patton Boggs (US) LLP


About this Author

Francesca Fellowes, Squire Patton Boggs, intellectual property attorney, multi-jurisdictional project lawyer, commercial business regulatory legal counsel

Francesca Fellowes is a senior associate our Data Privacy & Cybersecurity team based in our Leeds office. She has a wealth of experience in advising on a wide spectrum of data privacy issues, including managing large-scale projects involving multiple data flows and advising on commercial arrangements involving complex issues of data ownership and use.

She is particularly experienced in managing cross-jurisdictional data privacy compliance projects for multinational clients, which deal with the compliance required throughout the client’s...

Emma Garner, Leeds, UK, Squire Patton Boggs Law FIrm, Intellectual Property, Cybersecurity

Emma is an associate in the Intellectual Property & Technology Practice Group based in Leeds.

Emma has experience in general commercial and intellectual property matters, consumer law matters and data protection matters. She works for clients across a variety of sectors, including manufacturing, technology, healthcare and retail.




+44 113 284 7416
Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law Firm

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal...

+49 30 72616 8226
Paul Besozzi, Squire Patton Boggs, telecommunications attorney
Senior Partner

Paul Besozzi concentrates in the wireless, broadband and emerging technology areas. His extensive experience of more than 30 years in the telecommunications field includes regulatory, transactional, legislative and litigation matters for clients ranging from wireless service and infrastructure providers to resellers of long-distance service, including cellular, personal communications services, specialized mobile radio, point-to-point microwave, advanced wireless services and other emerging wireless technologies.

Paul represents clients before the federal and...