The European Data Protection Board recently requested comments on its data protection “by design and default” guidelines. Comments are due by mid-January of next year. The Guidelines provide clarity about how to address GDPR’s requirement that companies take “appropriate” technical and organizational steps to protect personal information and individuals. Part of the law’s requirements, according to the guidelines, is that companies can show that the measures they took are effective.
Continue Reading New European Data Protection Board Guidance on Data Protection by Design and by Default

The preliminary Staff Report issued by the FTC earlier this month is the most aggressive effort by the FTC to date on the issue of online and mobile privacy generally. The preliminary Staff Report proposes a “do not track” mechanism along with an overall online privacy framework that would rigidly regulate how information is collected both online and through mobile devices, how it can be used, and how it must be stored. Deviating from the distinction between “personally-identifiable information” and “non-personally-identifiable information” that has formed the foundation for other privacy regulations and legislation, the framework proposed in the preliminary Staff Report maintains that such dichotomy is no longer relevant. Because this is arguably a profound change in the existing state of regulation in this area, the preliminary Staff Report is being circulated for comment before it becomes final. This article provides a basic outline of the proposed framework for those who may not already be familiar with the preliminary Staff Report.
Continue Reading The Federal Trade Commission’s Proposed Framework For Consumer Privacy Protection – The Basics