ICO launches a call for views on the “pay or okay” model

Earlier this week the ICO launched a call for views on the “pay or okay” business model. By way of recap, this model gives users of online services the choice to either consent to personalised advertising using their data or to pay a fee to access an ad-free version of the service. In its blog … Continue reading

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Approximately at the same time as the Executive Order that we described in Part 1 was issued, the Attorney General (AG) unofficially released 90 pages of Advanced Notice of Proposed Rulemaking (ANPRM), which will become official once published in the Federal Register.  The AG has proposed several regulations, and has solicited public comments on over … Continue reading

Executive Order on access to Americans’ bulk sensitive data – Part 1

On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern.  The 17-page Executive Order pointed out that “countries of concern” could use bulk sensitive data in a variety of ways that could adversely affect U.S. national security, … Continue reading

UK government’s response to AI White Paper consultation: next steps for implementing the principles

The authors acknowledge the assistance of Salma Khatab, paralegal, in researching and preparing some aspects of this blog The UK Department for Science, Innovation, and Technology (DSIT) has published its response to its consultation on its white paper, ‘A pro innovation approach to AI regulation’ (the Response). The Response outlines key investment initiatives and regulatory … Continue reading

ASEAN releases Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses and AI Governance Guide 

On 1 and 2 February 2024, at the fourth 4th ASEAN Digital Ministers Meeting (ADGMIN) in Singapore, ASEAN[1] unveiled: We summarise and discuss both the Joint Guide and the ASEAN AI Governance Guide below. Joint MCC – SCC Guide To recap, the first part of the Joint MCC – SCC Guide (the Reference Guide) was … Continue reading

Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

On February 21, 2024, President Biden signed an Executive Order and issued several federal rules aimed at improving the cybersecurity of U.S. ports and maritime supply chains. The measures introduce new cybersecurity requirements and standards for stakeholders of the U.S. Marine Transportation System (MTS) and increase the authority of the U.S. Coast Guard in its … Continue reading

The right of access to personal data: a more extensive view?

This article first appeared in PLC Magazine in the January / February 2024 issue of PLC Magazine. The right of access to personal data looks set to be a key focus area for data protection regulators for 2024 in both the EU and the UK. The European Data Protection Board (EDPB) announced that its 2024 co-ordinated … Continue reading

Significant amendments to the Singapore Cyber Security Act set to have implications for the cybersecurity landscape

On 15 December 2023, the Cyber Security Agency of Singapore (CSA) released the draft Cybersecurity (Amendment) Bill (Draft Bill), which seeks to amend the Cyber Security Act 2018 (CS Act), for public consultation. The public consultation concluded on 15 January 2024. The consultation paper and the Draft Bill can be accessed here. The proposed changes … Continue reading

Two FTC complaints that over-retention of personal data violates Section 5

On January 18, 2024, the U.S. Federal Trade Commission announced a complaint and proposed consent order with InMarket Media, LLC, a digital marketing platform and data aggregator.  Less than two weeks later, on February 1, the FTC announced a complaint and proposed consent order with software licensor and data provider Blackbaud, Inc.  In both cases, … Continue reading

CNIL publishes a draft TIA guide

The Court of Justice of the European Union (CJEU)’s Schrems II decision[1] clarified strict rules for personal data transfers outside of the European Union.  The European Data Protection Board (EDPB) followed up with recommendations[2] setting out its expectations on what the Schrems II decision meant for carrying out a data transfer impact assessment (TIA) for … Continue reading
LexBlog