March 18, 2018

March 16, 2018

Subscribe to Latest Legal News and Analysis

March 15, 2018

Subscribe to Latest Legal News and Analysis

Weekly Data Privacy Alert – 27 November


Resolutions of the 94th Conference of Data Protection Authorities

Under the chair of the Data Protection Officer of Niedersachsen, on November 8 and 9, 2017, the Conference of the Independent Data Protection Authorities of the Bund and the Länder held its autumn meeting to discuss current data protection issues.

In a resolution, the Data Protection Authorities took a stand against the unfounded data retention of travel data. The German legislator should correct the retention of passenger name records in the light of the opinion of the European Court of Justice (Opinion 1/15 from 26 July 2017) on the passenger name record agreement between Canada and the EU.

In a further resolution, the Data Protection Authorities called for the implementation of the General Data Protection Regulation also into media law. According to the Data Protection Authorities, both the state broadcasting treaties and press and media legislation need to be amended.

Bavarian Supervisory Authority Examines Encryption of Websites

Considering that cyberattacks have significantly increased in recent years, the Bavarian Supervisory Authority (Authority) has announced that it plans to strengthen its concern in relation to the cybersecurity of Bavarian companies. As a first step, the Authority plans to examine the encryption of websites of Bavarian providers.

According to the Authority, experience shows that many companies do not operate state-of-the-art webservers. They often lacked certificates or a sufficient HTTPS configuration, which results in customer data being transmitted to the target server without proper encryption and thus susceptible to being tapped into.

The Authority plans to offer a new online service that gives companies and citizens the opportunity to notify websites to the Authority for examination. Companies that want their own website to be examined can obtain a written feedback with the results of the test. More details on this procedure can be found in the Authority’s press release.


US Congressional Subcommittees to Hold Hearing on Technology Company Data Privacy

Technology company data protection policies will be discussed at a House Communications and Consumer Protection joint subcommittee hearing on November 29 in Washington DC. The hearing, fulfilling a promise made by House Commerce Chairman Greg Walden, R-Ore., will examine how use of algorithms affects consumer privacy and choice with online content. Witnesses include Jeremy Grant, managing director, Venable; Troy Hunt, information security author, Pluralsight; and Ed Mierzwinski, consumer program director, US Public Interest Research Group. According to the Subcommittee chairs, the “hearing will examine how actions taken by tech companies and online platforms affect consumer privacy and choice” and “members will have the opportunity to hear from research experts and academics about the impacts of online algorithms, advertising, privacy policies, consumer data flows, content regulation practices, and more.”

FCC Chair Formally Proposes to Return Oversight of Broadband Privacy Practices to Federal Trade Commission and Pre-empt Inconsistent State and Local Regulations

On November 22, the Chairman of the Federal Communications Commission released a proposed order that, among other things, would formally return authority to regulate broadband privacy and data security to the Federal Trade Commission. This proposal, which is highly likely to be adopted by the FCC on a partisan vote at its December 14 meeting, reflects the reclassification of retail broadband service as an information service, instead of a telecommunications service. It was imposition of that latter classification by the Democratic-controlled FCC that divested the FTC of privacy oversight over such providers. The proposed order also pre-empts “any state and local measures that would effectively impose rules or requirements that we have repealed or decided to refrain from imposing or that would impose more stringent requirements for any aspect of broadband service that we address in this order.” Such pre-emption could apply to state efforts to impose privacy requirements on broadband providers, which had been proposed in some states, such as California.


ICO Fines Nursing Auxiliary for Unlawfully Accessing Patient Records

On 16 November 2017, the ICO announced that a nursing auxiliary has been fined for accessing a patient’s medical records without a valid legal reason.

The nursing auxiliary had worked at the Royal Gwent Hospital in Newport when she unlawfully accessed the records of the patient, who was known to her, on six occasions between 2015 and 2016. This was done without a valid business backing and without the knowledge of the data controller. The nurse was fined £232 and was ordered to pay £150 costs, as well as a £30 victim surcharge.

ICO Grants Programme Supports Independent Research Into Four Privacy and Data Protection Challenges

In June 2017, the ICO launched innovative new research into children’s online privacy and also medical data sharing and consent. New digital tools protecting pseudonymised data and personal information rights in the financial services sector are also among the first independent research projects to be supported by the ICO Grants Programme.

The programme called for proposals for independent research into new, practical solutions for privacy challenges and issues affecting UK citizens, both now and in the future.

The ICO received 117 applications, which were assessed and filtered by two review panels, comprising both ICO experts and external peers. Further information about the successful bids will be published in the near future on the ICO Grants Programme page. The programme will open for a second round of funding in 2018.

© Copyright 2018 Squire Patton Boggs (US) LLP


About this Author

Francesca Fellowes, Squire Patton Boggs, intellectual property attorney, multi-jurisdictional project lawyer, commercial business regulatory legal counsel
Senior Associate

Francesca Fellowes’ practice covers both commercial and intellectual property work. She has substantial experience in all aspects of non-contentious commercial work and specialises in both contentious and non-contentious intellectual property work.

She also has a specialist knowledge of data protection law and in particular, advising on the compliance aspects of and project-managing multijurisdictional projects for global clients.

Francesca trained at a media and entertainment law firm in London and has been at Squire...

Emma Garner, Leeds, UK, Squire Patton Boggs Law FIrm, Intellectual Property, Cybersecurity

Emma is an associate in the Intellectual Property & Technology Practice Group based in Leeds.

Emma has experience in general commercial and intellectual property matters, consumer law matters and data protection matters. She works for clients across a variety of sectors, including manufacturing, technology, healthcare and retail.




+44 113 284 7416
Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law FIrm

Dr. Annette Demmel is located in our Berlin office and a certified information technology lawyer (Fachanwältin für Informationstechnologierecht) as well as a certified copyright and media lawyer (Fachanwältin für Urheber- und Medienrecht)

For more than 15 years Annette has advised national and international businesses in e-commerce and IT and telecommunications law, privacy and data protection, copyright and competition law. She has been involved in the development of web-based marketing and distribution business models including commercial...

+49 30 72616 8226
Paul Besozzi, Squire Patton Boggs, telecommunications attorney, wireless technology legal counsel, broadband internet lawyer

Paul Besozzi primarily represents clients in the competitive telecommunications arena, including wireless, broadband and emerging technology areas.

His extensive experience of some 30 years in these fields includes regulatory, transactional, legislative and litigation matters for clients ranging from wireless service providers to resellers of long-distance service, including cellular, personal communications services, specialized mobile radio, point-to-point microwave, advanced wireless services, mobile virtual network operators and other...