Ecommerce
Subscribe to Ecommerce's Posts

Privacy and Data Protection: 2014 Year in Review

In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission confirmed its expanded reach in the United States, and Canada’s far-reaching anti-spam legislation takes full effect imminently. As European authorities grappled with the draft data protection regulation and the “right to be forgotten,” the African Union adopted the Convention on Cybersecurity and Personal Data, and China improved the security of individuals’ information in several key areas. Meanwhile, Latin America’s patchwork of data privacy laws continues to evolve as foreign business increases.

This report furnishes in-house counsel and others responsible for privacy and data protection with an overview of key action points based on these and other 2014 developments, along with advance notice of potential trends in 2015. McDermott will continue to report on future updates, so check back with us regularly.

Read the full report here.




Join Us at BAA’s Marketing Law Conference for a Panel Discussion on Developments in Mobile Marketing

For those Of Digital Interest readers attending the Brand Activation Association’s (BAA) 36th Annual Marketing Law Conference, please join McDermott partner – and Of Digital Interest editor – Julia Jacobson as she moderates a panel titled “New and Unexpected: Developments in Mobile Marketing – Mobile Tracking, Apps and Mobile Payments.” She will be joined by Ira Schlussel of HelloWorld, Inc., Paul Twarog of Google Inc. and co-moderator Terese Arenth. The panel session starts at 3:20 pm on Thursday, November 6.  We hope to see you there.




Processing Personal Data in Russia? Consider These Changes to Russian Law and How They May Impact Your Business

Changes Impacting Businesses that Process Personal Data in Russia

On July 21, 2014, a new law Federal Law № 242-FZ was adopted in Russia (Database Law) introducing amendments to the existing Federal Law “On personal data” and to the existing Federal Law “On information, information technologies and protection of information.”  The new Database Law requires companies to store and process personal data of Russian nationals in databases located in Russia.  At a minimum, the practical effect of this new Database Law is that companies operating in Russia that collect, receive, store or transmit (“process”) personal data of natural persons in Russia will be required to place servers in Russia if they plan to continue doing business in that market.  This would include, for example, retailers, restaurants, cloud service providers, social networks and those companies operating in the transportation, banking and health care spheres.  Importantly, while Database Law is not scheduled to come into force until September 1, 2016, a new bill was just introduced on September 1, 2014 to move up that date to January 1, 2015.  The transition period is designed to give companies time to adjust to the new Database Law and decide whether to build up local infrastructure in Russia, find a partner having such infrastructure in Russia, or cease processing information of Russian nationals.  If the bill filed on September 1 becomes law, however, that transition period will be substantially shortened and businesses operating in Russia will need to act fast to comply by January 1.

Some mass media in Russia have interpreted provisions of the Database Law as banning the processing of Russian nationals’ personal data abroad.  However, this is not written explicitly into the law and until such opinion is confirmed by the competent Russian authorities, this will continue to be an open question.  There is hope that the lawmakers’ intent was to give a much needed boost to the Russian IT and telecom industry, rather than to prohibit the processing of personal data abroad.  If this hope is confirmed, then so long as companies operating in Russia ensure that they process personal data of Russian nationals in databases physically located in Russia, they also should be able to process this information abroad, subject to compliance with cross-border transfer requirements.  

The other novelty of this new Database Law is that it grants the Russian data protection authority (DPA) the power to block access to information resources that are processing information in breach of Russian laws.  Importantly, the Database Law provides that the blocking authority applies irrespective of the location of the offending company or whether they are registered in Russia.  However, the DPA can initiate the procedure to block access only if there is a respective court judgment.  Based on the court judgment the DPA then will be able to require a hosting provider to undertake steps to eliminate the infringements.  For example, the hosting provider must inform the owner of the information resource that it must eliminate the infringement, or the hosting [...]

Continue Reading




Privacy and Data Protection: 2013 Year in Review

Privacy and data protection continue to be an exploding area of focus for regulators in the United States and beyond. This report gives in-house counsel and others responsible for privacy and data protection an overview of some of the major developments in this area in 2013 around the globe, as well as a prediction of what is to come in 2014.

Read the full report here.




Consumer Data Privacy Update for Marketers, Part 2: New Telemarketing/Text Message Marketing Rules Effective October 16, 2013

The Federal Communications Commission (FCC)’s Report and Order 12-21 (Order 12-21), issued in February 2012, describes revised telemarketing rules that became effective during the past 12 months.

The FCC’s telemarketing rules are issued under the Telephone Consumer Protection Act (TCPA) and apply to a telephone call to a residential landline or wireless number or a text message that is initiated for advertising or telemarketing purposes and uses an “automatic telephone dialer system” (ATDS) or an “artificial or prerecorded” voice message.

The three major changes implemented during the past year are:

(i) Abandoned calls rule effective November 16, 2012: Telemarketers must ensure that no more than three percent of calls answered by a person are “abandoned” (i.e., not answered by the telemarketer within two (2) seconds after the called person answers) during a 30-day calling campaign period;

(ii) Opt-out mechanism effective January 14, 2013: Artificial or prerecorded telemarketing messages must include an automated, interactive mechanism that enables the called person to opt out of receiving future prerecorded messages; and

(iii) Prior express written consent rule effective October 16, 2013: “Prior express written consent” (as described below) of the called person is required[i] for:

  • telemarketing calls to a wireless telephone number when an artificial or prerecorded message or ATDS is used;
  • telemarketing text messages sent using an ATDS; or
  • telemarketing calls to a residential landline telephone number using an artificial or prerecorded message.

“Prior express written consent” means a written agreement signed by the called person that clearly authorizes delivery of advertising or telemarketing messages using an ATDS or an artificial or prerecorded voice message and clearly states that agreeing is not a condition of buying any product or service.  A written agreement may be “signed” electronically using any method recognized under the federal Electronic Signatures in Global and National Commerce Act (E-SIGN Act) or applicable state contract law.  The E-SIGN Act recognizes a signature as an “electronic sound, symbol or process” that is “attached or logically associated with” an agreement and “adopted by a person with the intent to sign.”

Although industry standards have required express opt-in consent for recurring text messaging programs prior to implementation of the FCC’s prior express written consent rule, consent obtained under the old regulatory framework is not sufficient under the new FCC consent rule because (among other requirements) the “agreement” to which the consumer consents (i) must include reference to use of automated technology and (ii) “must be obtained without requiring, directly or indirectly, that the agreement be executed as a condition of purchasing any good or service.”

Action Step for Marketers: Obtain New Opt-in Consent for Telemarketing and Mobile Marketing

Obtaining new opt-in consent consistent with the requirements of the new FCC consent rule is best practice because the sender bears the burden of proving that it has obtained prior express written consent that meets the FCC standards.  Relatedly, implementation of a record-keeping system through which evidence of compliant consent is retained for at least three years (i.e., the statute [...]

Continue Reading




STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law