Standard Post with Image

Microsoft makes big improvements in order to adhere with French Data Protection Act

Since the French Commission nationale de l'informatique et des liberté (CNIL) has issued a formal notice to Microsoft to comply with the French Data Protection Act on July 2016, the US company has made great progress.  The report that opened the dispute was claiming that, with Windows 10, Microsoft was violating the French law through excessive collection of personal data, monitoring of users’ web browsing without their consent, and lack of security and confidentiality of the users’ data.  The Company’s response has addressed these problems by halving the volume of collected data, providing clear information to users that an advertising ID is intended to track their web-browsing and strengthening codes and passwords.  CNIL has recognized these efforts by closing the procedure today.

The CNIL press release on the matter is available here
Standard Post with Image

Illinois House and Senate pass the Geolocation Privacy Protection Act

The Geolocation Privacy Protection Act has taken effect in Illinois.  After defining “geolocation information” as data sufficient to determine or infer the precise location of a person, and not just the location of the device, it has also clarified the meanings of “location-based application” and “private entity”.  Moreover, the Act provides that “a private entity may not collect, use, store, or disclose geolocation information from a location-based application on a person’s device unless the private entity first receives the person’s affirmative express consent after complying with specified notice requirements”.

The Bill is available at the Illinois General Assembly websites here
Standard Post with Image

Airway Oxygen Inc. reports being subject to a ransomware attack that affected 500,000 customer’s health data

The Airway Oxygen Company reported to have suffered a ransomware attack that affected the health data of 500.000 patients.  Through this attack personal information (including full name, home address, birth date, telephone number, diagnosis, type of service, health insurance policy number) of patients, and similar personal information of approximately 1,160 employees, have been stolen.  This is actually the second larger data breach of 2017 among the breaches registered by the Office for Civil Rights (“OCR”).

You can find the Airway Oxygen’s report here

The OCR register of data breaches is available here
Standard Post with Image

German Higher Administrative Court deliberates that the German Telecommunications Act violates the EU Privacy and Electronic Communications Law

The German Higher Administrative Court (Oberverwaltungsgericht) has argued that, as a result of the judgment of the European Court of Justice C-203/15 and C-698/15, the German Telecommunication Act (the Act) violates the European Law. The Act is due to take effect on July 1, 2017.  In particular, the Court has ruled that the obligation for providers of publicly available telecommunications services to store users’ data for a period floating from 10 to 4 weeks, as being not in line with the Article 15 (1) of the Electronic Communications Directive 2002/58/EC of 12 July 2002.

The decision of the German Higher Administrative Court is available, in German language, here
Standard Post with Image

FTC updates its guidance to comply with the COPPA

The Federal Trade Commission (FTC) has released a new guidance on the compliance with the Children’s Online Privacy Protection Act (COPPA) based on the revision of its Six-Step Compliance Plan for Your Business.  The document covers technologies such as internet connected toys and other Internet of Things (IoT) devices for kids, and provides also new methods for getting parental consent.

The new COPPA compliance guideline is available at the FTC website here