Galexia

  About Us - Galexia News

Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016

Related Galexia services and solutions

Long history of journal contributions

Galexia has a long history of making significant contributions to law journals and law publications, with Galexia staff providing both content and editorial oversight. Galexia team members have contributed numerous articles and chapters to law publications, particularly in the area of privacy law and electronic commerce law. Some highlights include

  • Galexia Directors Chris Connolly and Peter van Dijk were the founding editors of the Internet Law Bulletin in 1998 and maintained close ties to the Bulletin until 2009. This was the first law journal of its type and still published by LexisNexis. 
  • Chris Connolly, with assistance from Galexia researchers, is the author of the Electronic Contracts Law chapter in the Thomson Reuters Laws of Australia.
  • Galexia directors Chris Connolly and Peter van Dijk are the authors of a chapter in the new book Enforcing Privacy - Regulatory, Legal and Technical Approaches (published by Springer, April 2016).
  • Chris Connolly wrote two chapters in The United Nations Convention on the Use of Electronic Communications in International Contracts (Kluwer 2008)
  • Chris Connolly joined the Editorial Board of the Data Protection Leader (October 2016)
    The Data Protection Leader (formerly known as the Data Protection Law and Policy Journal) is a global journal and one of the leading monthly publications on privacy, data protection and cyber-security. The monthly law publication covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data.

Related Galexia news and articles about the ‘Data Protection Leader’


[ Galexia Dots ]

Data Protection Leader, Volume 13, Issue 11 (November 2016) - Regulators fight back against privacy fraud

Chris Connolly, Director at Galexia, summarises the key lessons to be learnt from recent enforcement action involving ‘privacy fraud.’

Privacy fraud has traditionally been viewed as a niche issue, but in recent years it has emerged as a mainstream privacy compliance matter, and now attracts significant attention from data protection regulators. It typically occurs where a company claims it belongs to a specific privacy compliance?scheme or that it has been certified?in a privacy trustmark scheme. The?claim is designed to assure consumers that it meets a high level for privacy assurance, or that its practices have been assessed and certified by a?trusted third party. In a growing number of instances, these claims are false.?Data protection experts have been aware of this problem for many years. Consumer protection regulators, trust- mark operators and consumer advocates spend a significant amount of time and resources contacting companies and asking them to remove false claims. Consumer protection regulators (including some data protection regulators) can threaten to use their legal powers in relation to ‘misleading and deceptive’ conduct. Trustmark operators can threaten to use their trademark protection powers to seek the removal of false claims. Consumer advocates?can threaten to refer the company to?the relevant regulator or to the media.
The vast majority of this work takes place ‘behind the scenes’ and it is?only in recent years that formal, public enforcement action has been taken on privacy fraud. Since 2009, there have been 39 public enforcement actions related to privacy fraud, with the bulk of them occurring in the last three years.
...

Read the complete article » - including

  • The Ashley Madison case - Privacy fraud may be so significant that it invalidates consent?
  • False Safe Harbor claims - Privacy fraud may occur where a?false claim is the result of ‘lapsed’ membership of a privacy scheme (various Safe Harbor cases 2009-2015);
  • Trustmark scheme false claims - Privacy fraud may extend to the privacy trustmarks schemes themselves (TRUSTe 2015);
  • APEC CBPRs false claims - Privacy fraud may occur where?a company falsely claims it is a member of a scheme it has never applied to join (some Safe Harbor cases in 2009 and 2015, and the APEC CBPRs cases 2016);

Read Volume 13, Issue 11 (November 2016) »