SlideShare une entreprise Scribd logo

A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS

Internet Law Center
Internet Law Center

An overview of attempts to regulate privacy in the US

Droit
1  sur  10
Télécharger pour lire hors ligne
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
1973 HEW Report Records, Computers and the Rights of Citizens: report of the Secretary’s Advisory Committee on Automated Personal Data Systems – U.S. Department of Health Education & Welfare Safeguards for personal privacy based on our concept of mutuality in record-keeping would require adherence by record-keeping organizations to certain fundamental principles of fair information practice. 2
1980’s OECD Guidelines OECD 7 Principals • Notice—data subjects should be given notice when their data is being collected; • Purpose—data should only be used for the purpose stated and not for any other purposes; • Consent—data should not be disclosed without the data subject’s consent; • Security—collected data should be kept secure from any potential abuses; • Disclosure—data subjects should be informed as to who is collecting their data; • Access—data subjects should be allowed to access their data and make corrections to any inaccurate data • Accountability—data subjects should have a method available to them to hold data collectors accountable for not following the above principles. 3
1990’s Industry Measures • Privacy safeguards were enacted in the health care and financial sectors through passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 and Gramm-Leach-Bliley Act in 1999. • In Europe, the European Union adopted its Data Protection Directive in 1995. • US-EU Safe Harbor Framework approved in 2000 to permit cross-continental data sharing. 4
2000 FTC Calls for Regulation • After series of studies and reports to Congress, Clinton FTC proposes that websites adhere to four privacy principles • Notice Web sites would be required to provide consumers clear and conspicuous notice of their information practices, including what information they collect, how they collect it (e.g., directly or through non-obvious means such as cookies), how they use it, how they provide Choice, Access, and Security to consumers, whether they disclose the information collected to other entities, and whether other entities are collecting information through the site. • Choice Web sites would be required to offer consumers choices as to how their personal identifying information is used beyond the use for which the information was provided (e.g., to consummate a transaction). Such choice would encompass both internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities). • Access Web sites would be required to offer consumers reasonable access to the information a Web site has collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information. • Security Web sites would be required to take reasonable steps to protect the security of the information they collect from consumers. 5
BUSH ERA Privacy Legislation on Hold • Bush FTC drops call for privacy legislation • 2002 – California enacts first data breach notification law • 2003 – California Online Privacy Protection Act requires websites to post privacy policy if they collect personally identifiable information
OBAMA ERA - 1 FTC Revisits Privacy Regulation • Obama FTC launches series of privacy roundtable that leads to several key recommendations. • PRIVACY BY DESIGN: Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services. Companies should incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention practices, and data accuracy. • SIMPLIFIED CHOICE: Companies should simplify consumer choice. Companies do not need to provide choice before collecting and using consumers’ data for commonly accepted practices, such as product fulfillment. For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data. • GREATER TRANSPARENCY: Companies should increase the transparency of their data practices. Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices
OBAMA ERA - 2 Privacy Bill of Rights • Principal Element – Concise and Easily Understandable Disclosures • (a) In General. Each covered entity shall provide individuals in concise and easily understandable language, accurate, clear, timely, and conspicuous notice about the covered entity’s privacy and security practices. Such notice shall be reasonable in light of context. Covered entities shall provide convenient and reasonable access to such notice, and any updates or modifications to such notice, to individuals about whom it processes personal data. • (b) Contents of Notice. The notice required by subsection (a) shall include but is not limited to (1) the data collected; (2) the purpose it is collected for; (3) the persons to whom it is disclosed; (4) how long the data is retained; (5) how a consumer may access his data and revoke consent; 6) where to send complaints; and (7) data security measures. • Additional Elements: • Consumer Control Covered entities would be required to allow consumers to exercise control over what data is collected about them and how it is used; • Respect for Context Covered entities collect and use data in ways that are consistent with the context in which consumers provide such data. Would require internal reviews of privacy and security practices for data collected outside of such contexts. • Security Covered entities would be required to identify reasonable risks and implement safeguards designed to protect against breach, theft, loss, etc. of personal data. • Access and Accuracy Covered entities would be required to grant individuals access to, or an accurate representation of, data collected about them upon request. The consumer would have the right to correct or amend the data.
OBAMA ERA - 3 EU Developments • 2014 – Edward Snowden revelations re NSA data collection. • 2015 - EU Court of Justice invalidates Safe Harbor program • 2016 – US-EU Agree to Privacy Shield • 2016 – EU approves General Data Protection Regulation – effective 2018
TRUMP ERA Privacy Happens • May 2018 – EU GDPR goes into effect • June 2018 – California passes Consumer Privacy Act. • Industry seeks Federal solution to preempt California law.

Recommandé

Ppt
PptPpt
Ppt
Gareth Badrian
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV
 
FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...
FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...
FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...
Darío Garigliotti
 
Mobileprivacyazahir
MobileprivacyazahirMobileprivacyazahir
Mobileprivacyazahir
Azahir Hifzalla
 
Information policy sunil sir
Information policy sunil sirInformation policy sunil sir
Information policy sunil sir
bgshalini
 
Information policy ppt
Information policy pptInformation policy ppt
Information policy ppt
Kabir Khan
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
Niamh Headon
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon Marks
Levi Shapiro
 

Recommandé

Ppt
PptPpt
Ppt
Gareth Badrian
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV
 
FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...
FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...
FACT-IR. Fairness, Accountability, Confidentiality and Transparency in Inform...
Darío Garigliotti
 
Mobileprivacyazahir
MobileprivacyazahirMobileprivacyazahir
Mobileprivacyazahir
Azahir Hifzalla
 
Information policy sunil sir
Information policy sunil sirInformation policy sunil sir
Information policy sunil sir
bgshalini
 
Information policy ppt
Information policy pptInformation policy ppt
Information policy ppt
Kabir Khan
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
Niamh Headon
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon Marks
Levi Shapiro
 
Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-act
RodamaeLBaccay
 
Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...
Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...
Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...
Valeria Pesce
 
Farmers data Rights by Valerie Pesce
Farmers data Rights by Valerie Pesce Farmers data Rights by Valerie Pesce
Farmers data Rights by Valerie Pesce
Brussels Briefings (brusselsbriefings.net)
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
Ray ABOU
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
Andrew Sharpe
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentation
Ian Clive Oultram
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
IDC4EU
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
kclcompbio
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
3GDR
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
cliff_rudolph
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
Gydeline Ltd
 
Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?
ANSItunCERT
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
John Greenwood
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the Cloud
Gurbir Singh
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
- Mark - Fullbright
 
Legal&ethical presentation wk6_barnett
Legal&ethical presentation wk6_barnettLegal&ethical presentation wk6_barnett
Legal&ethical presentation wk6_barnett
John Barnett
 
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth..."The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
3GDR
 
Presentation on consumer issues in ICT regulation
Presentation on consumer issues in ICT regulationPresentation on consumer issues in ICT regulation
Presentation on consumer issues in ICT regulation
CA
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
devbhargav1
 
Data Ethics Framework 2.pptx
Data Ethics Framework 2.pptxData Ethics Framework 2.pptx
Data Ethics Framework 2.pptx
UgurKaplancali
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 

Contenu connexe

Tendances

Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentation
Ian Clive Oultram
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
kclcompbio
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
John Greenwood
 
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth..."The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
3GDR
 

Tendances (19)

Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-act
 
Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...
Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...
Codes of conduct for farm data sharing. Work done and ideas for a GODAN/CTA s...
 
Farmers data Rights by Valerie Pesce
Farmers data Rights by Valerie Pesce Farmers data Rights by Valerie Pesce
Farmers data Rights by Valerie Pesce
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
 
Data protection
Data protectionData protection
Data protection
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentation
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the Cloud
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
 
Legal&ethical presentation wk6_barnett
Legal&ethical presentation wk6_barnettLegal&ethical presentation wk6_barnett
Legal&ethical presentation wk6_barnett
 
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth..."The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
 
Presentation on consumer issues in ICT regulation
Presentation on consumer issues in ICT regulationPresentation on consumer issues in ICT regulation
Presentation on consumer issues in ICT regulation
 

Similaire à A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS

New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
若水 鲁
 
Smart grid - report
Smart grid - reportSmart grid - report
Smart grid - report
Swetha Kaza
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
CFG
 

Similaire à A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS (20)

Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
 
Data Ethics Framework 2.pptx
Data Ethics Framework 2.pptxData Ethics Framework 2.pptx
Data Ethics Framework 2.pptx
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...
 
To Shred or Not to Shred: Spoliation in the Digital Age
To Shred or Not to Shred: Spoliation in the Digital AgeTo Shred or Not to Shred: Spoliation in the Digital Age
To Shred or Not to Shred: Spoliation in the Digital Age
 
Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy
 
BoyarMiller – To Shred or Not to Shred: Document Retention Policies and Spoli...
BoyarMiller – To Shred or Not to Shred: Document Retention Policies and Spoli...BoyarMiller – To Shred or Not to Shred: Document Retention Policies and Spoli...
BoyarMiller – To Shred or Not to Shred: Document Retention Policies and Spoli...
 
Clare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsClare Sanderon, IG Solutions
Clare Sanderon, IG Solutions
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptxETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 
April 1 - Lesson COMPUTER ETHICS and SAFETY.pptx
April 1 - Lesson COMPUTER ETHICS and SAFETY.pptxApril 1 - Lesson COMPUTER ETHICS and SAFETY.pptx
April 1 - Lesson COMPUTER ETHICS and SAFETY.pptx
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
Smart grid - report
Smart grid - reportSmart grid - report
Smart grid - report
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 

Plus de Internet Law Center

Plus de Internet Law Center (20)

Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdfBlueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
 
Blueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdfBlueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdf
 
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
 
SEC Cybersecurity Rule.pdf
SEC Cybersecurity Rule.pdfSEC Cybersecurity Rule.pdf
SEC Cybersecurity Rule.pdf
 
Oregon Data Broker Law eff 2024.pdf
Oregon Data Broker Law eff 2024.pdfOregon Data Broker Law eff 2024.pdf
Oregon Data Broker Law eff 2024.pdf
 
Generative Artificial Intelligence and Data Privacy: A Primer
Generative Artificial Intelligence and Data Privacy: A Primer Generative Artificial Intelligence and Data Privacy: A Primer
Generative Artificial Intelligence and Data Privacy: A Primer
 
CCPA proposed privacy regs.pdf
CCPA proposed privacy regs.pdfCCPA proposed privacy regs.pdf
CCPA proposed privacy regs.pdf
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
 
20200724 edpb faqoncjeuc31118
20200724 edpb faqoncjeuc3111820200724 edpb faqoncjeuc31118
20200724 edpb faqoncjeuc31118
 
ECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II Decision
 
The Road to Schrems II
The Road to Schrems IIThe Road to Schrems II
The Road to Schrems II
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH Economy
 
FIFA Indictment
FIFA IndictmentFIFA Indictment
FIFA Indictment
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletin
 
Data Privacy Day 2020
Data Privacy Day 2020Data Privacy Day 2020
Data Privacy Day 2020
 
Data Privacy Day - Five Ways to Help Employees be Privacy Aware
Data Privacy Day - Five Ways to Help Employees be Privacy AwareData Privacy Day - Five Ways to Help Employees be Privacy Aware
Data Privacy Day - Five Ways to Help Employees be Privacy Aware
 
Cyber Report: A New Year with New Laws
Cyber Report: A New Year with New LawsCyber Report: A New Year with New Laws
Cyber Report: A New Year with New Laws
 
Cal AB 5 - CHAPTER 296
Cal AB 5 - CHAPTER 296Cal AB 5 - CHAPTER 296
Cal AB 5 - CHAPTER 296
 
FTC's Influencer Guide
FTC's Influencer GuideFTC's Influencer Guide
FTC's Influencer Guide
 
Dumpson v-Ade-opinion-on-default-judgment (1)
Dumpson v-Ade-opinion-on-default-judgment (1)Dumpson v-Ade-opinion-on-default-judgment (1)
Dumpson v-Ade-opinion-on-default-judgment (1)
 

Dernier

一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
bd2c5966a56d
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
A AA
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
Airst S
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
ShashankKumar441258
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
Contract law. Indemnity
Contract law. IndemnityContract law. Indemnity
Contract law. Indemnity
mahikaanand16
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
RRR Chambers
 

Dernier (20)

Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
 
Police Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. SteeringPolice Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. Steering
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
Clarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo forClarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo for
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
Contract law. Indemnity
Contract law. IndemnityContract law. Indemnity
Contract law. Indemnity
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 

A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS

  • 1. A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
  • 2. 1973 HEW Report Records, Computers and the Rights of Citizens: report of the Secretary’s Advisory Committee on Automated Personal Data Systems – U.S. Department of Health Education & Welfare Safeguards for personal privacy based on our concept of mutuality in record-keeping would require adherence by record-keeping organizations to certain fundamental principles of fair information practice. 2
  • 3. 1980’s OECD Guidelines OECD 7 Principals • Notice—data subjects should be given notice when their data is being collected; • Purpose—data should only be used for the purpose stated and not for any other purposes; • Consent—data should not be disclosed without the data subject’s consent; • Security—collected data should be kept secure from any potential abuses; • Disclosure—data subjects should be informed as to who is collecting their data; • Access—data subjects should be allowed to access their data and make corrections to any inaccurate data • Accountability—data subjects should have a method available to them to hold data collectors accountable for not following the above principles. 3
  • 4. 1990’s Industry Measures • Privacy safeguards were enacted in the health care and financial sectors through passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 and Gramm-Leach-Bliley Act in 1999. • In Europe, the European Union adopted its Data Protection Directive in 1995. • US-EU Safe Harbor Framework approved in 2000 to permit cross-continental data sharing. 4
  • 5. 2000 FTC Calls for Regulation • After series of studies and reports to Congress, Clinton FTC proposes that websites adhere to four privacy principles • Notice Web sites would be required to provide consumers clear and conspicuous notice of their information practices, including what information they collect, how they collect it (e.g., directly or through non-obvious means such as cookies), how they use it, how they provide Choice, Access, and Security to consumers, whether they disclose the information collected to other entities, and whether other entities are collecting information through the site. • Choice Web sites would be required to offer consumers choices as to how their personal identifying information is used beyond the use for which the information was provided (e.g., to consummate a transaction). Such choice would encompass both internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities). • Access Web sites would be required to offer consumers reasonable access to the information a Web site has collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information. • Security Web sites would be required to take reasonable steps to protect the security of the information they collect from consumers. 5
  • 6. BUSH ERA Privacy Legislation on Hold • Bush FTC drops call for privacy legislation • 2002 – California enacts first data breach notification law • 2003 – California Online Privacy Protection Act requires websites to post privacy policy if they collect personally identifiable information
  • 7. OBAMA ERA - 1 FTC Revisits Privacy Regulation • Obama FTC launches series of privacy roundtable that leads to several key recommendations. • PRIVACY BY DESIGN: Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services. Companies should incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention practices, and data accuracy. • SIMPLIFIED CHOICE: Companies should simplify consumer choice. Companies do not need to provide choice before collecting and using consumers’ data for commonly accepted practices, such as product fulfillment. For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data. • GREATER TRANSPARENCY: Companies should increase the transparency of their data practices. Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices
  • 8. OBAMA ERA - 2 Privacy Bill of Rights • Principal Element – Concise and Easily Understandable Disclosures • (a) In General. Each covered entity shall provide individuals in concise and easily understandable language, accurate, clear, timely, and conspicuous notice about the covered entity’s privacy and security practices. Such notice shall be reasonable in light of context. Covered entities shall provide convenient and reasonable access to such notice, and any updates or modifications to such notice, to individuals about whom it processes personal data. • (b) Contents of Notice. The notice required by subsection (a) shall include but is not limited to (1) the data collected; (2) the purpose it is collected for; (3) the persons to whom it is disclosed; (4) how long the data is retained; (5) how a consumer may access his data and revoke consent; 6) where to send complaints; and (7) data security measures. • Additional Elements: • Consumer Control Covered entities would be required to allow consumers to exercise control over what data is collected about them and how it is used; • Respect for Context Covered entities collect and use data in ways that are consistent with the context in which consumers provide such data. Would require internal reviews of privacy and security practices for data collected outside of such contexts. • Security Covered entities would be required to identify reasonable risks and implement safeguards designed to protect against breach, theft, loss, etc. of personal data. • Access and Accuracy Covered entities would be required to grant individuals access to, or an accurate representation of, data collected about them upon request. The consumer would have the right to correct or amend the data.
  • 9. OBAMA ERA - 3 EU Developments • 2014 – Edward Snowden revelations re NSA data collection. • 2015 - EU Court of Justice invalidates Safe Harbor program • 2016 – US-EU Agree to Privacy Shield • 2016 – EU approves General Data Protection Regulation – effective 2018
  • 10. TRUMP ERA Privacy Happens • May 2018 – EU GDPR goes into effect • June 2018 – California passes Consumer Privacy Act. • Industry seeks Federal solution to preempt California law.