Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

On February 21, 2024, President Biden signed an Executive Order and issued several federal rules aimed at improving the cybersecurity of U.S. ports and maritime supply chains. The measures introduce new cybersecurity requirements and standards for stakeholders of the U.S. Marine Transportation System (MTS) and increase the authority of the U.S. Coast Guard in its … Continue reading

The right of access to personal data: a more extensive view?

This article first appeared in PLC Magazine in the January / February 2024 issue of PLC Magazine. The right of access to personal data looks set to be a key focus area for data protection regulators for 2024 in both the EU and the UK. The European Data Protection Board (EDPB) announced that its 2024 co-ordinated … Continue reading

Significant amendments to the Singapore Cyber Security Act set to have implications for the cybersecurity landscape

On 15 December 2023, the Cyber Security Agency of Singapore (CSA) released the draft Cybersecurity (Amendment) Bill (Draft Bill), which seeks to amend the Cyber Security Act 2018 (CS Act), for public consultation. The public consultation concluded on 15 January 2024. The consultation paper and the Draft Bill can be accessed here. The proposed changes … Continue reading

Two FTC complaints that over-retention of personal data violates Section 5

On January 18, 2024, the U.S. Federal Trade Commission announced a complaint and proposed consent order with InMarket Media, LLC, a digital marketing platform and data aggregator.  Less than two weeks later, on February 1, the FTC announced a complaint and proposed consent order with software licensor and data provider Blackbaud, Inc.  In both cases, … Continue reading

CNIL publishes a draft TIA guide

The Court of Justice of the European Union (CJEU)’s Schrems II decision[1] clarified strict rules for personal data transfers outside of the European Union.  The European Data Protection Board (EDPB) followed up with recommendations[2] setting out its expectations on what the Schrems II decision meant for carrying out a data transfer impact assessment (TIA) for … Continue reading

Singapore proposes Governance Framework for Generative AI

On 16 January 2024, Singapore’s Infocomm Media Development Authority (IMDA), in collaboration with the AI Verify Foundation, announced a public consultation on its draft Model AI Governance Framework for Generative AI (Draft GenAI Governance Framework), showing the areas where future policy interventions relating to generative AI may take place and options for such intervention. The … Continue reading

NYDFS issues significant guidance on insurers using AI or external data

On January 17, 2024 the New York Department of Financial Services (“NYDFS”) published a Proposed Insurance Circular Letter (“Proposed Circular”) regarding the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing. This Proposed Circular does not create or change any legislation, but once finalized, will … Continue reading

International Data Privacy Day: Unpacking recent significant ECJ decisions

A flurry of significant European Court of Justice judgments relating to data protection were published in the final few months of 2023. In celebration of International Data Privacy Day, in this 1 hour webinar our European data protection specialists will unpack the following four important judgments, looking at what was decided by the Court and … Continue reading

The EU AI Act: What obligations will apply to your business?

Political agreement was achieved at the beginning of December in relation to the EU’s AI Act (AIA) – the first major step in the regulation of artificial intelligence. Although the final texts are not yet available, the key elements are clear, with the “risk-based” approach at the heart of the AIA. Working from the last … Continue reading

$8 million penalty to NYDFS – and another case of over-retention

2024 was not a happy new year for Genesis Global Trading, Inc. (“GGT”).  On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its … Continue reading
LexBlog