Standard Post with Image

Uber presents 2017 transparency report

On July 6, 2018 Uber published a report providing a “comprehensive overview of information that was provided to state and local regulators and law enforcement agencies in the U.S. and Canada between January and December 2017”. The report helps to understand the volume of information requests that Uber receives from law enforcement agencies related to criminal investigations involving certain trips riders or drivers. The amount of data produced by Uber has fluctuated from 68 % to 90 % in response to requests from  U.S. law enforcement agencies.

Find the transparency report here
Standard Post with Image

South Wales firm fined for absence of consent for promotional text messages

The practice of sending promotional text messages to 274.423 people without their consent led the UK Information Commissioner’s Office to issue a £60.000 fine against South Wales firm STS Commercial Limited of Bridgend Lsd. The spam text messages promoted payday loans and were sent by the company between November 2016 and January 2017. The Commissioner’s investigation revealed that the control on third-party consent had been insufficient.

A link to the Information Commissioner’s Office news is available here:
Standard Post with Image

Carpenter v. U.S.

Cell phone users have a legitimate expectation of privacy in historical cell tower location data held by the user’s wireless company and a government search of those records is protected by the Fourth Amendment. In Carpenter v. United States, 2018 WL 3073916, *9 (June 22, 2018), the Supreme Court held that the government’s acquisition of Timothy Carpenter’s cell-site location information (CSLI) from his wireless company without a search warrant was a Fourth Amendment search. As such, the government was required to obtain a search warrant supported by probable cause. Carpenter was convicted of a string of robberies based upon seven days of location information obtained by prosecutors from his wireless company. Mr. Carpenter appealed the conviction, arguing that the CSLI collection required a warrant under the Fourth Amendment. A divided Supreme Court, in a 5-4 opinion, agreed.

Find the Frost Brown Todd's legal update on the matter here.
Standard Post with Image

ICANN's data request does not comply with the GDPR, domain name registration, legitimate purposes

The Internet Corporation for Assigned Names and Numbers (ICANN), an organization in charge of managing the internet’s Domain Name System, is in the spotlight because of a recent conflict with the European Data Protection Board. The reason is that ICANN demands registrars to submit information on domain name registrants, including personal data on admin and technical personnel.  EDPB chair Andrea Jelinek has declared that registrants should not be “required to provide personal data on individual employees (or third parties)”. An additional conflict is ICANN’s retention of personal data processed in the context of WHOIS, which are held for a period of two years beyond the duration of the domain name registration. While ICANN has declared that personal data had been processed for the legitimate purposes of consumer protection and investigation of cybercrime, Jelinek insists that the organization should understand the importance of creating a GDPR-compliant system.

Find Jelinek’s letter here
Standard Post with Image

Consent order following Equifax 2017 data breach

In response to the 2017 data breach that exposed the personal information of about 143 million consumers, Equifax has now entered into a consent order with 8 national banking regulators. The order includes previsions such as the obligation to develop a written risk assessment and to create a formal and documented internal audit program to evaluate IT controls. Furthermore, the order requires Equifax to strengthen its board of directors’ control over the company’s information security program and includes the provision that Equifax must submit to  multi-state regulatory agencies that might be competent in these regards a list of all remediation projects implemented, as well as written reports on the actual progress toward complying with the provisions of the order.

The order is available here