Many businesses are suffering serious financial difficulties as a result of COVID-19, particularly those in the retail, hospitality and tourism sectors. For many of these businesses the one asset that will undoubtedly retain value, despite the pandemic, will be their
The discussion paper on the proposed changes to Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO) was debated by the Legislative Council’s Panel on Constitutional Affairs’ (the Panel) on 20 January. The proposals set out in LC Paper. No. CB(2) 512/19-20(03) (the Paper) are summarised in our earlier post.
On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA).
The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with groundbreaking new rights on the use of their personal information” and added, “It’s time we had control over the use of our personal data.”
On 18 June 2019, Facebook announced plans to launch a new blockchain enabled cryptocurrency called Libra.
On 29 July 2019, the European Court of Justice (ECJ) issued its judgement on Case C-40/17 (the “Fashion-ID” case). In its ruling, the ECJ held that operators of websites embedding Facebook’s “Like” button act as data controllers jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to the relevant websites. In relation to these processing activities, the website operators must inform their website visitors about the data processing activities for which they act as a joint controller with Facebook, must establish a lawful basis for these processing activities and, where applicable, must collect relevant consent from the website visitor.
The Wall Street Journal reported that Federal Trade Commission and Facebook reached a settlement to resolve Facebook’s privacy issues.
Following the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.
On 20 June, the UK’s Information Commissioner (the ICO) published a report setting out its views on adtech, specifically the use of personal data in “real time bidding”, and the key privacy compliance challenges arising from it.
On 15 April 2019, the ICO opened a public consultation on a draft code of practice titled Age Appropriate Design (the “Code”). The Code will remain open for public consultation until 31 May 2019.
The consultation document is described as a “code of practice for online services likely to be accessed by children.” However, its potential impact is in fact wider, and is perhaps better described as applying to all online services that are not demonstrably unlikely to be accessed by children, which it controversially defines as individuals under 18. For this reason, the Code in its current form will have implications for almost all providers and users of online services.
Big data companies like Google and Facebook are now facing increased scrutiny about the use of massive amounts of personal data in the digital ad marketplace.