Authors: Heidi Waem and Simon Verschaeve Recently, the European Center for Digital Rights (better known as noyb), founded by privacy activist Max Schrems, announced a new initiative that focuses on compliance of cookie banners in Europe. Alongside the launch of the campaign, noyb reported that it issued more than 500 draft complaints to the owners …
EU: Second wave of noyb complaints targets cookie banners Read More »
Authors: Carolyn Bigg, Venus Cheung and Fangfang Song Increased scrutiny over connected car and automobile industry data from Chinese regulators, including push towards data localisation The Chinese cybersecurity authorities have published new draft rules clarifying data and cyber compliance obligations for the automobile industry, including a push towards most personal information and important data being …
Authors: Carolyn Bigg, Venus Cheung and Fangfang Song Second drafts of the new overarching national personal data protection and data security laws have just been published, and give a clearer picture of the impending new national frameworks in China. 1. Draft Personal Information Protection Law The Draft Personal Information Protection Law (“Draft PIPL”) will – …
Every year, the French supervisory authority (the “CNIL”) publishes its key priorities for upcoming dawn-raids. In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. 1. Websites cybersecurity Website security incidents are among the most common non-compliances identified by the CNIL during its …
The CNIL’s key priorities for upcoming dawn-raids in 2021 Read More »
Authors: Carol A.F. Umhoefer and Alaa Salaheldin Global companies face increased pressure to adopt strong cyber risk mitigation measures in today’s rapidly evolving cyber threat-heavy business environment. According to security company PurpleSec LLC, in 2020 alone, cybercrime is reported to have increased by up to 600% as a result of new incentives and opportunities for …
US: Cyber Risk: Facing Off Against Employee Monitoring Requirements Read More »
On 28 July 2020, the French Supervisory Authority (the “CNIL”) sanctioned the online shoes retail company, SPARTOO SAS, by a €250,000 fine and an injunction to comply with GDPR within 3 months under penalty for various non-compliances with the GDPR of the personal data processing related to clients, prospects and employees[1]. I. Factual background and …
By Kate Lucente, Jim Halpert, Lael Bellamy The California Attorney General has posted the final proposed CCPA Regulations, which were submitted to the California Office of Administrative Law (OAL) on June 1, 2020. The final proposed regulations are virtually unchanged from the prior version, posted on March 11. (You can review our analysis of the prior …
Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be covered under COPPA. …
FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business Read More »
Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and …
New Mexico becomes 48th state to enact a data breach law, plus US state-level updates Read More »
Written by Sydney White and Jim Halpert This week the US House of Representatives passed a Congressional Review Act (CRA) resolution of disapproval of the US Federal Communications Commission (FCC) broadband privacy rules that were approved by the FCC in a straight partisan vote at the end of the Obama Administration, but have not yet …
Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean? Read More »
Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used as a …
By Giulio Coraggio Personal data, including big data, is a valuable asset for businesses, but how to maximise its exploitation at the age of the EU Privacy Regulation? The decision of the ECJ on personal data The European Court of Justice (ECJ) issued a landmark decision on the definition of personal data which very well summarised in …
How to get the best out of data at the age of the EU Privacy Regulation Read More »
Written by Kelly Friedman, Tamara Hunter and Jim Halpert The Canadian Radio-Television and Telecommunications Commission (CRTC) has issued its first Compliance and Enforcement Decision for violation of Canada’s anti-spam legislation (CASL). Until now, CRTC CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the Enforcement Branch and the company. But this decision, …
Written by Sydney White Today the Federal Communications Commission (FCC) approved new privacy rules for mobile and fixed broadband ISPs by a vote of 3-2. The rules seek to harmonize the requirements for ISPs with current FCC CPNI rules that restrict usage of customer data by telecommunications carriers. The rules are broader than FTC privacy standards. In …
Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal …
On 8 September 2016, Advocate General Bot released his opinion on the “Camera di Commercio Industria, Artigianato e Agricoltura di Lecce v. Salvatore Manni” c-398/15 (“Manni Case“). If confirmed by the European Court of Justice, the opinion will no doubt shed further light on the construction of the right to be forgotten. Background The original …
EU: The right to be forgotten and the role of the Companies Registry Read More »
On May 11, 2016, the German coalition government agreed to amend the Telemedia Act, which sets the framework for Internet usage across Germany, in order to limit fault liability for Wi-Fi providers. The new regulation states that Wi-Fi providers will not be held liable for the illegal activities of persons using the service. This means …
GERMANY: Amended Liability Laws to Promote Public Wi-Fi Read More »
By Kate Lucente Following on from yesterday’s announcement regarding the political agreement of the EU-US Privacy Shield, to replace the Safe Harbor program, European data protection authorities met today to be briefed on this. Their view at present seems to be cautiously optimistic. The group, called the Article 29 Working Party, welcomed the political agreement …
WP29 Says to Continue Using MCs and BCRs to transfer EU Data to US Read More »
On 6 November 2015, the European Commission issued guidance in the form of a Communication on the transfer of personal data from the EU to the US following the Schrems Judgment at the beginning of October (for information on the Judgment, see DLA Piper’s Privacy Matters blog post). The following points are stressed in the Communication: Alternative bases …
On October 6th, in a ground-breaking Decision, the Court of Justice of the European Union (CJEU) declared the US Safe Harbor scheme to be invalid, as well as confirming that individuals have the right to challenge any similar schemes that may be established by the European Commission through their national data protection authorities. The US Safe Harbor …
Ground-breaking European Court Decision – US Safe Harbor declared invalid Read More »
