by Daniel J. Solove
Is the right to be forgotten good or bad?
This is the question many are asking these days in light of the recent EU Court of Justice (ECJ) decision that requires search engines such as Google to remove personal data from search results when people request it. (For more background, I wrote about the ECJ decision last week.)
After the decision was released, critics attacked the right to be forgotten as impractical, undesirable, and antithetical to free speech.
by Daniel J. Solove
In a momentous decision, the EU Court of Justice has ruled in favor of a Spanish man who sought to have links to his personal data removed from Google search results. Under what has become known as the “right to be forgotten,” EU citizens have a right to the deletion of certain personal data under the EU Data Protection Directive.
The EU Court of Justice has concluded that “the operator of a search engine is obliged to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages, published by third parties and containing information relating to that person, also in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful.”
by Daniel J. Solove
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here are some lessons from this latest case:
by Daniel J. Solove
Co-authored by Woodrow Hartzog
The Federal Trade Commission (FTC) recently entered into a consent order with the media service Snapchat for not living up to its promises about how it maintains the privacy and security of user’s data. The FTC order prohibits Snapchat from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information” and requires the company “to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.”
by Daniel J. Solove
Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted in pastels; it finesses the hard issues and leaves specifics for another day. So it is a step forward, which is good, but it is a very small step, like a child on a beach reluctantly dipping a toe into ocean.
by Daniel J. Solove
For any organization who doesn’t take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?
by Daniel J. Solove
Increasingly, companies, hospitals, schools, and other organizations are using cloud service providers (and also other third party data service providers) to store and process the personal data of their customers, patients, clients, and others. When an entity shares people’s personal data with a cloud service provider, this data is protected in large part through a contract between the organization and the cloud service provider.
In many cases, these contracts fail to contain key protections of data. For example, a study conducted by Fordham School of Law’s Center on Law and Information Policy revealed that contracts between K-12 school districts and cloud service providers lacked essential terms for the protection of student data. I blogged about this study previously here.
by Daniel J. Solove
I recently had the opportunity to interview Christopher Kuner, Senior Of Counsel with Wilson Sonsini Goodrich & Rosati in Brussels. He is also an Honorary Professor at the University of Copenhagen, a visiting fellow at the London School of Economics, and teaches at the University of Cambridge. He is editor-in-chief of the law journal International Data Privacy Law, and has been active in international organizations such as the Council of Europe, the OECD, and UNCITRAL. His book entitled “Transborder Data Flows and Data Privacy Law” was published in 2013 by Oxford University Press. More information is available at his personal web site.
by Daniel J. Solove
This post was co-authored by Professor Woodrow Hartzog.
The long-awaited federal district court opinion in FTC v. Wyndham was finally released last week. The U.S. District Court for the District of New Jersey rejected Wyndham’s arguments that the FTC lacks the authority to regulate unfair data security practices, that the FTC is required to issues rules before bringing an unfair data security complaint, and that the FTC failed to provide fair notice of what constitutes an unfair data security practice.
I blogged about the case here last week.
by Daniel J. Solove
It sounds like a late April Fool’s joke, but it isn’t. Heartbleed, a data security bug in Open SSL, allows hackers to access personal data and encryption keys. This vulnerability has existed for 2+ years, and there is no way to know if your data has been compromised. And the majority of websites that encrypt use OpenSSL, such as the most popular banking and retail sites. This is a security flaw of titanic proportions. According to CNN: “Researchers discovered the issue last week and published their findings on Monday, but said the problem has been present for more than two years, since March 2012. Any communications that took place over SSL in the past two years could have been subject to malicious eavesdropping.”
Free newsletter with cartoons, writings, events, webinars, training, humor and whiteboards.
