Skip to main content
You are here: News

News

The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.

Array

FTC Approves Teva Petition to Reopen and Modify Decision and Order in Case Involving Watson Pharmaceuticals Inc.’s Acquisition of Actavis Inc.

The Federal Trade Commission has approved an application by Teva to reopen and modify its decision and order in connection with the 2012 merger of Watson Pharmaceuticals, Inc. and Actavis Inc.

The Commission had alleged that the merger might lessen future competition for a number of generic drugs, including the generic version of the abuse-resistant opioid painkiller sold under the brand name Embeda. The 2012 decision and order required Watson and Actavis to supply Embeda to Pfizer Inc. for a period not to exceed four years after Pfizer’s relaunch of Embeda, which occurred in January 2015. The decision and order also required Watson and Actavis to assist in the transfer of technology for manufacturing Embeda to Pfizer or a third party. In 2016, Teva acquired Actavis’s rights and obligations under the Embeda supply agreement.

Teva seeks to extend, at Pfizer’s request, the Embeda supply agreement for an additional period because Pfizer has not yet completed the technology transfer for Embeda manufacturing to a third party. Without Teva’s supply of Embeda, Pfizer will be unable to supply patients with Embeda after December 2018.

The Commission vote to approve the application was 4-0-1, with Commissioner Christine S. Wilson recused. (FTC File No. 1210132; the staff contact is Elizabeth Piotrowski, Bureau of Competition, 202-326-2623.)

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
18 Dec 2018, 11:00pm AEDT

FTC Obtains Court Order Barring U.S. and Canadian Scammers from Marketing, Selling Internet-related Services and Misrepresenting Their Relationship with Consumers

Defendants ordered to pay more than $4.6 million

At the Federal Trade Commission’s request, a U.S. district court in Illinois has handed down a final judgment and order requiring nine related Canadian and U.S. defendants to pay more than $4.6 million for tricking small businesses into paying for Internet directory listings, search engine optimization services, or website design and hosting services they never ordered.

The FTC announced the case against the Premium Business Pages defendants in June 2018, as part of the multi-agency “Operation Main Street” law enforcement initiative directed to scams targeting small businesses.

The default judgment and order, issued by the U.S. District Court for the Northern District of Illinois, Eastern Division, also permanently bans the two individual and seven corporate defendants from advertising, marketing,  or selling any Internet directory listings, search engine optimization services, or website design and hosting services.

The order further prohibits the defendants from misrepresenting, among other things, that they have a preexisting relationship with consumers, that they have ordered their services, or that they owe money to the defendants.

Finally, the order bars the defendants from seeking to collect money on any outstanding accounts that are still open, or transferring any of these account to anyone else for collection, and imposes record-keeping and reporting provisions to ensure their compliance with its terms.

Case History

The FTC’s complaint charged the defendants with making unsolicited calls to small businesses since 2013 to induce them to pay for unordered Internet directory listings, search engine optimization services, or website design and hosting services. The defendants allegedly targeted businesses using several names, including Premium Business Pages, Ameteck Group, The Local Business Pages, and Data Net Technologies.

When first contacting businesses, the defendants claimed to be calling to collect on a past-due invoice for one of their services. In reality, the small businesses contacted never ordered or agreed to buy anything from the defendants and were never sent a bill. In many cases, the defendants’ telemarketers threatened that the business’s accounts would be turned over to “collections” or would be “red flagged.”

In some cases, even after a business paid money it did not owe, the defendants called back weeks later, sometimes claiming to be a different company demanding payment for other “outstanding invoices,” or claiming that the first payment was only the first installment.

Shortly after the FTC filed the complaint, the judge granted the agency’s request for a temporary restraining order against the defendants, halting their allegedly illegal conduct pending trial. A complete list of the individual and corporate defendants in this case can be found in the recently entered court order.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
18 Dec 2018, 11:00pm AEDT

Berlin Group comes to Queenstown

Privacy and data protection commissioners from around the globe gathered in Queenstown on 29-30 November for the 64th meeting of the International Working Group on Data Protection in Telecommunications (IWGDPT).

In all, 38 delegates from 18 jurisdictions participated in the IWGDPT meeting. New Zealand was represented by the Government Chief Privacy Officer, Russell Cooke, and three from our office, including Privacy Commissioner John Edwards.

The IWGDPT – called the ‘Berlin Group’ for brevity - was initiated in 1983 by the Berlin Commissioner for Data Protection and Freedom of Information and includes regulators from around the world.  Since the beginning of the 90s the group has focused on the protection of privacy on the internet.

The Queenstown sessions included discussions on artificial intelligence (AI), location tracking, smart devices for children, and protecting the privacy of children in online services. There were also conversations about web tracking, blockchain, international privacy standardisation and the role of the right to data portability.

Data portability

Our office contributed a paper exploring the emerging right to data portability. Data portability can be defined as a right that allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows someone to move, copy or transfer their personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.

So far only the European Union with its General Data Protection Regulation (GDPR) has adopted data portability as a general privacy principle. This raised issues that were worth exploring further. Should other regions or countries consider adopting such a right? How would such a right sit with existing privacy rights? What would the advantages or disadvantages be for consumers or controllers? What issues are created for business or consumers by this right existing in one region but not others?

An underlying objective of privacy and data protection laws is often said to be to support individual autonomy by giving individuals a measure of control over the personal information held about them.

But a key aspect that needs to be explored further is interoperability between data protection jurisdictions. For instance, what will be the relationship between the GDPR regime and other jurisdictions without data portability law, and how this can be optimised for consumers?

In New Zealand, our office is advocating for data portability as a right to be included in the Privacy Act which is currently being reformed. You can read more about that here.

Privacy and artificial intelligence

The Norway Data Protection Authority is the rapporteur for the working paper on artificial intelligence. The intensive use of data involved in many forms of AI, and some of the new data processing opportunities it brings, challenge fundamental data protection principles. Another Berlin Group paper highlighted the most relevant challenges regarding privacy and the processing of personal data in AI.

The discussion centred on unlawful bias and discrimination, and lack of transparency and intelligibility. If AI systems operate like black boxes, they are outside the scope of meaningful scrutiny and accountability. If organisations are unwilling or unable to explain the decisions made by artificial intelligence powered systems, the individual will have no way of knowing whether the decisions were accurate, fair, or even about them.

It will also be difficult for an individual to challenge or contest the decision. To protect individual rights, people must be provided both the logic of the processing and an explanation of the automated decision-making. Further, a lack of transparency and intelligibility in AI systems will also make it difficult for regulators to investigate, audit and inspect the systems.

The presentation outlined how data protection and privacy regulators need to possess sufficient knowledge, expertise and resources to give guidance and to investigate possible breaches of relevant data protection or privacy regulation.

Data protection and privacy regulators also need to strengthen public awareness by providing guidance to relevant stakeholders. This could include promoting the use of privacy by design principles with AI-based services developers, providers and users, while also strengthening their supervisory activities.

Location tracking

A working paper by the Italian Data Protection Commission examined the data protection and privacy risks associated with large scale collection of location data in the public interest and gave recommendations on how to mitigate these risks.

The paper and following discussion noted the trend toward including predictive capacity was likely to continue, and the number of tracking applications was set to increase. This was already evident in the many devices that we carry and wear, and the increasing number of connected appliances and objects that register our location history.

If no safeguards were in place, the main risk is of a strong bias: that of our being guided (or forced) into doing certain things and going certain places based on a service provider’s assumptions about our needs and the best way to meet them. The paper noted that this approach would reduce or eliminate opportunities for us to make free and serendipitous discoveries.

Significant privacy risks included the reuse of data for purposes beyond the original scope and a growing erosion of trust in the organisations that collect the data. If left unchecked, people could increasingly develop an uncomfortable sense of surveillance in their digital and real lives. This chilling effect could deter us taking part in some activities or using some products, and potentially providing elements for stalking, blackmailing, and thefts.

The paper recommended regulators promote data processing transparency by the organisations that use location tracking. One way is to mandate best practices, such as periodic checks and audits. Regulators had a role in promoting trust in the use of devices and apps through the scrutiny of certification schemes and codes of conduct.

In conclusion

The working papers on location tracking and artificial intelligence were adopted and will be published next year, after amendments generated by the meeting discussion have been made.

These regular meetings are also characterised by representations from industry players. In Queenstown, the Berlin Group commissioners were addressed by Google’s Global Privacy Counsel, Peter Fleischer, and Facebook’s Director of Privacy Policy, Laura Juanes. Both industry spokespeople were questioned by the delegates about privacy concerns and issues.

More information about the International Working Group on Data Protection in Telecommunications can be found here (in German and English). Published working papers can be found here.

Image credit: Queenstown from Bob's Peak - by Lawrence Murray via Wikimedia.

 

Office of the Privacy Commissioner, New Zealand
Source: Blog
18 Dec 2018, 1:16pm AEDT

Administrative Law Judge Upholds FTC’s Complaint Allegations that Merger of Major Titanium Dioxide Companies would have Harmed Competition

In an Initial Decision announced today, Chief Administrative Law Judge D. Michael Chappell upheld allegations in a Federal Trade Commission complaint challenging the merger of Tronox Limited and Cristal, two top suppliers of chloride process titanium dioxide (“TiO2”), a white pigment used in a wide variety of products, including paint, industrial coatings, plastic, and paper.

“The evidence proves that the planned Acquisition may substantially lessen competition in the relevant market for the sale of chloride TiO2 in North America in violation of Section 7 of the Clayton Act and Section 5 of the FTC Act,” Judge Chappell wrote in the decision. He concluded that the planned Acquisition would create a highly concentrated market and increase the likelihood of coordinated conduct among the remaining firms.

“Respondents have failed to rebut this proof, including by failing to demonstrate that entry or expansion would be timely, likely, and sufficient to counteract the likely anticompetitive effects of the Acquisition, or to demonstrate cognizable synergies or efficiencies that might justify the likely anticompetitive effects of the Acquisition,” Judge Chappell wrote.

An order Judge Chappell included with the Dec. 7, 2018 Initial Decision would require the respondents to terminate the Proposed Acquisition Agreement and cease taking any direct or indirect actions to consummate it; to return all confidential information to each other; and to certify final compliance within 15 days of the order becoming final.

According to the FTC’s Administrative Complaint, Tronox Limited’s proposed acquisition of competitor Cristal, for $1.67 billion and a 24 percent stake in the combined entity, would violate the antitrust laws by significantly reducing competition in the North American market (comprised of the United States and Canada) for chloride process titanium dioxide. The FTC alleged that the acquisition, if consummated, would increase the risk of coordinated action among the remaining competitors, and increase the risk of future anticompetitive output reductions by Tronox.

The Appeals Process. Because the Federal Trade Commission has sought preliminary relief to prevent consummation of the proposed acquisition in federal court, Commission Rule 3.52(a) provides that the Judge’s Initial Decision is subject to automatic review by the full Commission. On September 12, 2018, the United States District Court for the District of Columbia issued a Memorandum Opinion and Order granting the Commission’s Motion For Preliminary Injunction.

Federal Trade Commission, United States
Source: Press Release Feed
17 Dec 2018, 11:00pm AEDT

Privacy in the news (7-13 December 2018)

Welcome to our weekly round-up of privacy stories in the news media.

Govt worker snooped on neighbour's file 73 times

A government employee in a dispute with his neighbour snooped on him 73 times after accessing his neighbour's sensitive records. He also changed the man's file to add allegations of "improper conduct". A summary of the case was revealed recently in the annual report of the Privacy Commissioner. Read more here.

Quora hacked: 100 million users’ data exposed

Quora has announced that one of their systems was hacked and has led to the exposure of approximately 100 million user's data to an unauthorised third-party. Read more here.

Google, Facebook to push hard against regulatory body proposal

Google and Facebook are expected to push back hard against proposals in Australia to set up a new authority that would monitor how they use their market power and the algorithms that drive the placement of news and advertising content. The two tech companies are currently studying a 400-page report released by the Australian Competition and Consumer Commission. Read more here.

Microsoft adopts principles to stop misuse of facial recognition technology

Microsoft has announced ethical principles for the use of its facial recognition technology, saying it would bar such technology from being used to engage in unlawful discrimination and would encourage customers to be transparent when deploying such services. Read more here. Read more here.

First GDPR sanction in Germany fines flirty chat platform €20,000

Following a hack that resulted in leaking about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-Württemberg Data Protection Authority. Read more here.

Mobike faces probe by Berlin data protection regulator

China’s Mobike is under investigation by data regulators in Germany over suspicions that the fast-growing bike-sharing group might be in breach of European data law. Read more here.

The controversial law that's set Aussie's tech industry on fire

Comment by Juha Saarinen: Techies in and outside Australia watched and listened aghast last week when Labor first slammed the Assistance and Access Bill for being poor law, and then waved it through the Federal Parliament. From now on Australian government agencies can issue notices to tech companies requiring them to remove encryption and secure authentication on devices and services. Read more here.

The privacy risks of compiling mobility data

A new study by MIT researchers finds that the growing practice of compiling massive, anonymised datasets about people’s movement patterns is a double-edged sword: While it can provide deep insights into human behavior for research, it could also put people’s private data at risk. Read more here.

Your apps know where you were last night

As smartphones have become ubiquitous and technology more accurate, an industry of snooping on people’s daily habits has spread and grown more intrusive. Dozens of companies are using smartphone locations to help advertisers and even hedge funds. They say it’s anonymous, but the data shows how personal it is. Read more here.

Image credit: Hairy woodpecker - John J Audubon's Birds of America

 

Office of the Privacy Commissioner, New Zealand
Source: Blog
14 Dec 2018, 9:41am AEDT

Reasons why we might not investigate

If you believe that an agency has interfered with your privacy, you have the right to complain to our Office. However, as a responsible regulator we need to screen complaints. Investigations can consume time and resources for all parties and will open a respondent agency to the possibility of litigation in the Human Rights Review Tribunal.

There are common reasons why we won’t investigate a complaint, so I will discuss some of the questions you need to ask yourself before submitting one.

Tell the agency

Have you gone to the agency first? You should put your concerns in writing to the agency before coming to us (although we recognise that sometimes this might not be appropriate). This will give an agency the opportunity to explain and maybe ease your concerns or resolve your complaint. Many agencies will be genuinely disappointed they’ve made a mistake and will be keen to find out and fix it for you. Give them that chance!

Jurisdiction

Do we have jurisdiction? Often a lot of upsetting things may have happened, and you may feel like your privacy has been breached, but we can only look at possible breaches of the privacy principles. Sometimes there is another regulator or agency that will have the powers or expertise to help you more effectively. 

Time elapsed

Have you waited too long to complain? If the privacy issue occurred over a year ago, and you’ve only decided to complain now, we may decline. This is because the older a complaint is, the more difficult and impractical it is to investigate. There are also the challenges of fading memories and change of staff and processes. It is also harder to determine how much harm has been suffered, especially if someone knew for some time, and yet did not decide to act.

Alternative remedies

Are there adequate alternative remedies available? It’s not really fair for an agency to have to repeatedly litigate the same issue over and over. If the matters you are complaining about can be remedied elsewhere, for example through court proceedings that are already underway, then you shouldn’t be “double dipping”. If legal proceedings have concluded and you are disappointed with the result, then rather than re-litigating the matter as a privacy complaint, you should consider appealing.

Evidence

Can you provide more evidence? The results of our investigations are determined by the information available to us. In addition, we may not be able to accept a complaint if there is no evidence that a breach occurred.

Domestic affairs

Is this a personal or family matter? We can’t look at the domestic actions of people in their personal lives, unless their actions were “highly offensive to the reasonable person”.

We will explain

If we decline your complaint, we will explain why. If you don’t understand or agree, let us know. Every complaint is different and unique, and we will be happy to change our mind if further evidence, context or clarifications persuade us. If you are still not satisfied with our decision, you can complain about our decision not to investigate to the Office of the Ombudsman.  

Image credit: Evidence of organised light by Jared Tarbell via Flickr

Office of the Privacy Commissioner, New Zealand
Source: Blog
13 Dec 2018, 1:37pm AEDT

Privacy Commissioner Receives Credit Data Breach Notification

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
28 Nov 2018, 11:00am AEDT

Audit report finds shortfalls in City of White Rock’s FOI processes

Information and Privacy Commissioner Michael McEvoy has found it takes the City of White Rock too long to respond to access requests. The findings were published in Audit & Compliance Report F18-02: City of White Rock Duty to Assist.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
23 Nov 2018, 7:00am AEDT

Don't fall for it! Be vigilant this Black Friday

Black Friday and Cyber Monday are among the biggest shopping events of the year. But they also present some of the greatest opportunities for potential thieves and scammers.

Before tapping in your credit card details to grab an online bargain, check these tips for protecting your personal information, and don’t fall for a deal that’s too good to be true.

Office of the Australian Information Commissioner
Source: News - OAIC
23 Nov 2018, 3:51am AEDT

Commissioner to release findings of City of White Rock audit

On Thursday, November 22 2018 at 9:30 am, Information and Privacy Commissioner Michael McEvoy will release the results of an audit into the management of access requests by the City of White Rock.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
22 Nov 2018, 7:00am AEDT

My Health Record opt-out period has been extended to 31 January 2019

The Minister for Health has announced the My Health Record opt-out period has been extended until 31 January 2019.

Office of the Australian Information Commissioner
Source: News - OAIC
15 Nov 2018, 4:07am AEDT

Cathay Pacific Airways Limited Data Breach Incident PCPD: Fair Enforcement of the Law

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
5 Nov 2018, 11:00am AEDT

Australian Financial Complaints Authority recognised as an External Dispute Resolution scheme under the Privacy Act

The Australian Information Commissioner has recognised the Australian Financial Complaints Authority (AFCA) as an external dispute resolution (EDR) scheme under s 35A of the Privacy Act 1988 (Cth).

Office of the Australian Information Commissioner
Source: News - OAIC
31 Oct 2018, 5:13am AEDT

New guidance available for cannabis retailers in the private sector

BC Information and Privacy Commissioner Michael McEvoy released a guidance document today to ensure cannabis retailers and purchasers understand their rights and obligations under the Personal Information Protection Act (PIPA).

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
17 Oct 2018, 7:00am AEDT