International E-news - May 2011



  1. Obama administration proposes US federal data breach law
  2. EU consults on cloud computing
  3. Disney subsidiary to pay $3 million COPPA fine in the USA
  4. Canadian bill fails, Commissioner calls for substantial fines

1. Obama administration proposes US federal data breach law

In an attempt to simplify the patchwork of the existing 47 US state laws on data breach, the White House issued its Cyber-security Legislative Proposal on 12 May.

The proposal also includes elements to protect the administration from cyber threats, and would require the Department of Homeland Security (DHS) to implement its cyber-security program in accordance with privacy and civil liberties procedures.

The next issue of PL&B’s International Report will include an article about developments on EU data breach notification.  

Note! 20% discount off PL&B UK and International Report subscriptions with registration to our 24th Annual International Conference 11-13 July. 

2. EU consults on cloud computing

The European Commission’s public consultation, which runs until 31 August, seeks to gather stakeholders’ views on several issues, including data protection and liability questions, in particular in cross-border situations.

The Commission asks whether the cloud services that are currently on offer are clear in terms of users’ and providers’ rights and responsibilities. Importantly, it asks whether there are updates to the current EU DP Directive that could further facilitate cloud computing whilst preserving the current level of data protection. Also, the Commission wants to know whether individual Member States have DP rules or other legislation that prevent companies from using cloud services.

The responses will provide valuable feedback for the Commission's work on a European Cloud Computing Strategy, as well as the revision of the DP Directive.

PL&B’s 24th Annual International Conference, 11-13 July in Cambridge, includes presentations on ‘Managing privacy and security in cloud computing arrangements’ with speakers from cloud computing providers, Google and Dell and comments from the United Kingdom Information Commissioners’ new Technology Policy Adviser, Simon Rice.

3. Disney subsidiary to pay $3 million COPPA fine in the USA

The largest ever Children’s Online Privacy Protection Act (COPPA) related civil penalty has been imposed by the US Federal Trade Commission on operators of Online "Virtual Worlds" for illegally collecting and disclosing children's personal data.

Information was collected from hundreds of thousands of children under age 13 without their parents’ prior consent. COPPA also requires that website operators post a privacy policy that is clear, understandable, and complete. The FTC alleged that the operators, Playdom and company executive, Howard Marks, failed to meet these requirements. The FTC alleges that they collected children’s ages and email addresses during registration and then enabled children to publicly post their full names, email addresses, instant messenger IDs, and location, among other information, on personal profile pages and in online community forums.

Playdom has been a subsidiary of Disney Enterprises, Inc. since August 2010. Disney issued the following statement: “This matter involved an FTC investigation of the practices of Acclaim Games, Inc., which was acquired by Playdom prior to Disney’s acquisition of Playdom. Disney is pleased that Playdom has now resolved this matter amicably with the FTC.”

It has been proposed that US plans for the Do-Not-Track scheme would be extended to children.

4. Canadian bill fails, Commissioner calls for substantial fines

Following the dissolution of Parliament, Bill C-29, which would have amended Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), has failed to become a law. The Bill would have introduced a mandatory breach notification requirement. Privacy Commissioner, Jennifer Stoddart, has since called for substantial fines against major corporations that fail to adequately protect personal information.

Stoddart said on 4 May: “Too many companies are collecting more personal information than they are able to effectively protect…. It seems to me that it’s time to begin imposing fines – significant, attention-getting fines – on companies when poor privacy and security practices lead to breaches.’’

Stoddart said that the new session of Parliament creates the opportunity to strengthen the legislation to give the Privacy Commissioner the power to impose substantial fines in appropriate cases.

Privacy Laws & Business 24th Annual International Conference, 11-13 July in Cambridge, UK, includes a session on how privacy impact assessment works in Canada.  

For further details on the Privacy Laws & Business International Newsletter, please click here.

Copyright Privacy Laws & Business 2011