DNC litigation brought by the DOJ and FTC results in $ 280 million civil penalty against Dish Network

The United States Department of Justice (DOJ) has brought a case on behalf of the Federal Trade Commission (FTC), as well as the states of California, Illinois, North Carolina, and Ohio, for violation of the Do Not Call (DNC) regulations and other consumers and privacy related laws.  As a result, the release reads that “a Federal Court in Illinois has ordered penalties totaling 0 million and strong injunctive relief against Englewood, Colorado-based satellite television provider Dish Network.  The U.S. District Court for the Central District of Illinois found Dish liable for millions of calls that violated the FTC’s Telemarketing Sales Rule (TSR) -- including DNC, entity-specific, and abandoned-call violations -- the Telephone Consumer Protection Act (TCPA), and state law.  The civil penalty award includes 8 million for the federal government, which is a record in a DNC case.  The remainder of the civil penalty was awarded to the states.  […] The court also awarded injunctive relief, and all of the provisions in the permanent injunction are important to protect consumers from future harm”.

The press release issued by the FTC is available here

Italian DPA declares as illicit employees’ personal data retention

In its 2016 Annual Report, the Italian DPA (the Garante per la protezione dei dati personali) has underlined the importance to prohibit the processing of employees’ personal data by companies, especially of the data collected through companies’ e-mail service.  In particular, the Report recalled an important proceeding in which the Italian Authority established the unlawfulness of the systematic retention of electronic communications through corporate email accounts.  Basically, the Garante per la protezione dei dati personali considered such activities in contrast with the principles of necessity, relevance and pertinence.

Find the 2016 Annual Report of the Italian DPA (in Italian language) here

Find here the decision in the cited proceeding (in Italina language)

OAIC publishes a Draft document on “Notifying individuals about an eligible data breach”

The Office of the Australian Information Commissioner (OAIC) has published a Draft that intends to represent a resource explaining when a company must report a breach of an eligible data.  This duty is based on compliance obligations that will start having effect on 22 February 2018. The document lists key points of the system, the main compliance principles to be respected, and provides guidance on the notification process.  The Draft is open for comments and feedback due by July 14, 2017.

The Draft is available here

EU Commission questionnaire for the Privacy Shield annual review

The European Union Commission has issued a questionnaire addressed to trade associations and other groups to collect information related to the Privacy Shield annual review.  In particular, answers to the questionnaire, which are due by July 5th, will be used to inform the annual review of the function, implementation, enforcement and supervision of the Privacy Shield.

China’s Cybersecurity Law is now effective

Cybersecurity Law of the People’s Republic of China took effect on the 1st of June, and is expected to have a significant impact on both domestic and foreign companies operating on the Chinese mainland.  This Law cover a broad variety of topics such as the use of internet, information and communications technologies, the use of personal data, and national security.  The Law is reported to be part of a far-reaching plan taken by the Chinese Government in order to strengthen its global network.

The text of the law (in Chinese) is available here