5 2 February 2008

News:

The Federal Trade Commission (FTC) has fined Industrious Kid, the operator of Imbee.com, a social networking site aimed at children aged 8-14, after finding that its data collection practices violated the Children's Online Privacy Protection Act (COPPA), a federal law applying to under 13s.

Employees of US-listed companies who blow the whistle on fraud can be protected under US laws, even if they are based overseas, a US Federal Court has ruled.

Privacy issues, protection from predators and marketing are key issues that will be addressed at a Special Briefing: Children & The Web, an E-Commerce Law & Policy briefing hosted at the London offices of Bird & Bird, on 14 March.

Features:

Breakfast time conversation at a data protection lawyer's household:

The Article 29 Working Party recently responded to a European Commission proposal for a Framework Decision on the use of Passenger Name Records (PNR) data for law enforcement purposes. Although the Working Party found that some of their privacy concerns expressed in an earlier consultation had been taken on board, many still remained. Peter Schaar, chairman of the Article 29 Working Party, sets out the concerns.

After 19 December 2007, there was a general misconception in Macedonia that the Law on Personal Data Protection (LPDP) entered into force. What happened on 19 December was that the transitional period (which lasted for two years) expired. The transitional period was intended to give the controllers of personal data collection enough time to adjust their personal data processing operations to the LPDP. But that did not mean that the LPDP had just entered into force. It actually entered into force a little less than three years ago, and the Directorate for Personal Data Protection (DPDP) was active the whole time carrying out inspections, responding to complaints by citizens, holding seminars for the controllers and doing its best to raise public awareness.

In the last issue of Data Protection Law & Policy, Stewart Room, a partner at Field Fisher Waterhouse LLP, outlined a chronology of UK data security issues that occurred during 2007 and what we have learned from them. In the second part of a series of articles, he outlines the different approaches to data security management and security risks, warning that unless care is taken, knee-jerk reactions to 2007's data breaches could prove incompatible with a holistic approach to data security management.

As organisations are increasingly outsourcing business functions to third parties, compliance with the Data Protection Act is becoming more complex. In the final part of Addleshaw Goddard LLP's three-part practical guide on the role of the data processor through the life cycle of the contractual relationship with the controller, Mark Gleeson and Cate Haywood examine the role and requirements of data processors, considering what happens when a processing contract is terminated.

The European Economic Social Committee (EESC), a consultative body which issues opinions to the larger EU institutions, has published an opinion on RFID technologies. The opinion recognises the potential of RFID technology to improve business processes in the EU, but stresses the vital importance of having the technology carefully controlled. Simon Griffiths of Reynolds Porter Chamberlain LLP sets out the findings.

A legal opinion issued by the public prosecutor of the Greek Supreme Court, which authorised the Ministry of Justice to pass an amendment facilitating the use of CCTV recordings in public order prosecutions, has prompted the head of the Hellenic Data Protection Authority and five of its members to resign. In this article, Popi Papantoniou and Elina Makri of Bahas, Gramatidis and Partners in Athens examine the incident, the amendment and its implications.