As autonomous vehicle (AV) technology continues to grow in functionality and sophistication, it is only a matter of time before AVs become commercially available across Canada. The arrival of autonomous vehicles in Canada will raise a number of liability-related questions
2022
Draft European Commission EU-US Data Privacy Framework adequacy decision published
On 13 December, the European Commission launched the process to adopt an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF).
The draft decision – available here – addresses the concerns raised by the Court of Justice…
Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure
Norton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case…
New UK guidance on Transfer Risk Assessments
On 17 November 2022, the Information Commissioner’s Office (ICO) published an update to its guidance on international transfers (Transfers Guidance). This included specific guidance about transfer risk assessments or TRAs and a tool for undertaking…
BIPA and the record retention requirement
On November 30, 2022, an Illinois court of appeals ruled that Illinois’ biometrics privacy law—known as BIPA—requires that anyone subject to that law must develop a retention and destruction schedule when it possesses biometric data. In this case, the…
HHS: Online trackers without prior authorization and BAAs can violate HIPAA
HHS: Online trackers without prior authorization and BAAs can violate HIPAA
By Steve Roosa, Sue Ross, Dan Rosenzweig
On the evening of December 1, 2022, the U.S. Department of Health and Human Services (HHS) issued a 12-page Bulletin titled “…
The servant of two masters: ICO and OFCOM Joint Statement on Online Safety and Data Protection – coordination so service providers can comply with both
On 25 November 2022, the UK Information Commissioner’s Office (ICO) and the Office of Communications (OFCOM) (together, the Regulators) released a joint statement setting out their shared views on the interactions between online safety and…
Autonomous Vehicles – Canada’s Current Legal Framework: Cybersecurity Considerations (Part 2)
The emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks. AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this…
BIPA Year in Review: Where Are We Now and What’s Coming Next?
2022 has been a record year for Illinois Biometric Information Privacy Act (“BIPA”) litigation. Since its enactment in 2008, BIPA has been one of the most litigated privacy-related laws with some of the highest penalties. However, it wasn’t until last…
NYDFS proposes significant cybersecurity regulation amendments
On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year…