Archive: July 2018

1
Eureka! California Just Adopted a Strong Consumer Privacy Law
2
Facebook fined £500,000 over Cambridge Analytica scandal
3
OAIC’s controversial decision broadens scope for the disclosure of personal information

Eureka! California Just Adopted a Strong Consumer Privacy Law

By Susan P Altman

While the rest of us were still recovering from the May 25 effective date of the EU’s General Data Protection Regulation (GDPR), California, the most populous and largest economy of any of the United States, confidently adopted a broad consumer privacy law. The California Consumer Privacy Act of 2018 (CCPA) was enacted June 28 and becomes operative on January 1, 2020. Unlike existing industry-specific U.S. privacy laws, the CCPA has a broad overall scope, more like the GDPR. It ensures California residents the right to know what information about them is being collected and sold or disclosed, to reject the sale of their personal information, to access the information, and to receive equal service and price, even if they exercise their privacy rights.

Unlike the GDPR, the CCPA does not extend to extra-territorial coverage. The CCPA applies only to for-profit businesses doing business in California and sets certain thresholds for business activity and size, thereby protecting most of the Silicon Valley start-up community from the cost of compliance. The CCPA protects the rights of “consumers,” who are natural persons residing in California, and generally does not apply to California residents while they are outside of California.

A business that is required to comply with CCPA will need to update its website, and include a conspicuous link on the homepage to a page titled, “Do Not Sell My Personal Information.” In addition, the website must describe the consumer’s privacy rights and annually update its privacy policy to reflect current practices. Consumers will be able to opt-out of collection practices; although children (or their parents) must opt-in. Consumers must be able to contact businesses regarding their collected information. Amendments and corrections to the CCPA are expected.

 

Facebook fined £500,000 over Cambridge Analytica scandal

By Cameron Abbott and Sarah Goegan

The UK Information Commissioner’s Office (ICO) has issued a notice of intent to levy a £500,000 fine against Facebook for breaches of the UK’s Data Protection Act 1998. The ICO found that Facebook failed to protect its users’ data and be transparent about how that data was being harvested. This failure, ICO said, did not enable users to understand how and why they may be targeted by a political party or campaign.

The fine comes as part of a larger investigation by ICO into misuse of data in political campaigns, and responds to the highly publicised allegations that Cambridge Analytica used data obtained from Facebook to target voters in the 2016 US presidential election.

Read More

OAIC’s controversial decision broadens scope for the disclosure of personal information

By Warwick Andersen, Rob Pulham and Georgia Mills

In 2017 Andie Fox, a recipient of Centrelink benefits, wrote a highly critical opinion piece on Centrelink’s debt recovery system, alleging that she was being pursued for a non-existent debt.  In response Centrelink provided Ms Fox’s personal information, previous communications and claims history to a journalist who published an article claiming that Centrelink had been ‘unfairly castigated’ by Fox.  The OAIC commenced an investigation into the release and has controversially confirmed Centrelink’s disclosure as permitted under the Privacy Act.

Read More

Copyright © 2018, K&L Gates LLP. All Rights Reserved.