Posted in Dispute resolution and litigation
The opinion includes whether consent is ‘freely given’ pursuant to the ePrivacy-Directive and GDPR and insight on what constitutes ‘informed consent.'… Continue reading
On January 3, 2019, the federal trial court in Manhattan issued a preliminary injunction, temporarily halting a new local law aimed at required disclosures by home-sharing platforms, such as Airbnb and HomeAway, to the city.… Continue reading
Posted in CCPA, Compliance and risk management
On January 25, 2019, the California Attorney General’s Office held a public forum in Los Angeles to solicit feedback on the California Consumer Privacy Act of 2018 (“CCPA”) as it prepares to draft regulations which must be adopted on or before July 1, 2020.… Continue reading
On January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC. It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. We focus here on four key aspects … Continue reading
The two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other … Continue reading
On November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading
Posted in Data breach
The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer. This decision is significant as it means a company can be held liable … Continue reading
Posted in GeneralWe are grateful to our clients and industry contacts for nominating us as cyber law firm of the year at the 2018 Insurance Insider Cyber Rankings Awards. The winner will be determined from the results of a wide-ranging survey of insurers and brokers and will be announced on September 21, 2018.… Continue reading
Posted in CCPA
This is the Data Protection Report’s third blog post in a series of CCPA blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on the CCPA’s broad definition of Personal Information. Stay tuned for additional blogs and information … Continue reading
Posted in Regulatory responseData protection laws in Asia continue to be introduced and updated. One of the most recent developments in South East Asia is in Thailand. On 22 May 2018, the Thai Cabinet approved in principle a revised draft of Thailand’s first personal data protection act (Draft Act). This Draft Act is currently under consideration by the … Continue reading
Posted in Dispute resolution and litigation
On March 16, 2018, the U.S. Court of Appeals for the District of Columbia Circuit issued its decision on the Federal Communications Commission (FCC) omnibus order of 2015, relating to challenges to four of the FCC’s determinations relating to cell phones. The appellate court upheld the FCC’s determinations that consumers can revoke consent to receive … Continue reading
Posted in Data breach, General, Regulatory responseOn January 10, 2017, the EU Commission published a package of documents on the EU’s data economy strategy, including e-privacy, data protection and the “European Data Economy.” The Commission documents, published in the context of the Commission’s digital single market (“DSM”) initiative announced in May 2015, illustrate again the strong links between the EU’s digital … Continue reading
The FCC announced last week that it reached a settlement with Verizon Wireless (“Verizon”) over its use of “supercookies.” More specifically, the FCC alleged that Verizon inserted unique identifiers into the headers of its customers’ HTTP requests to support its targeted advertising programs, and that customers had not consented to this practice. In this post, we … Continue reading
The Federal Trade Commission (FTC) has ordered nine companies to file Special Reports detailing how they assess their clients’ compliance with Payment Card Industry Data Security Standards (PCI DSS). Payment card issuing companies require businesses that process over one million card transactions per year to undergo PCI DSS compliance assessments, or audits, performed by PCI Qualified … Continue reading
In re: Google Inc. Cookie Placement Consumer Privacy Litigation, involves 24 consolidated lawsuits that were initially brought against several internet advertisers alleging violations of various state and federal privacy statutes, including the Computer Fraud and Abuse Act, the Wiretap Act and the Electronic Communications Privacy Act. In October of 2013, the District of Delaware dismissed … Continue reading
It is being reported that the EU and the US have reached an agreement in principle on the revised cross-border data transfer framework, commonly referred to as Safe Harbor 2.0. Both sides expect further progress on the specifics in November of this year. Some of the thornier issues, however,regarding US surveillance activities, that are critical to addressing the concerns … Continue reading
This month, California Governor Jerry Brown signed into law five new privacy bills that the Governor said are intended to strengthen data protections for the state’s residents. The laws, effective as of January 1, 2016, implement California’s Electronic Communications Privacy Act and amend the state’s breach notification statute, among other things. In this post, our Data Protection, Privacy … Continue reading
Posted in GeneralThe following is the statement of WP29 on the Schrems decision. It is a short opinion that we replicated here in full. We note that WP29 appears to suggest that model clauses and BCRs remain viable through at least January 2016, which is when WP29 would like to see the US and EU agree to a … Continue reading
Posted in Compliance and risk management
The European Court of Justice (ECJ) ruled on Case C-362/14 (the Schrems case) earlier today, 6 October 2015. In its ruling, the ECJ – among other things – held that the EU Commission’s “US Safe Harbor” decision is invalid.… Continue reading
Posted in Regulatory response
The European Court of Justice (ECJ) is expected to rule on Case C-362/14 (the “Schrems” case) on October 6, 2015. In deciding whether to reject or adopt its Advocate General’s recommendation to invalidate the US-EU Safe Harbor, the ECJ finds itself between the proverbial rock and a hard place. Rejecting the Safe Harbor would lead to uncertainty in the ongoing … Continue reading
Posted in Compliance and risk management, General
On September 22, 2015, the European Court of Justice (“ECJ”) Advocate General issued an advisory Opinion in Case C-362/14 (the “Schrems” case). A key recommendation was for the ECJ to declare the EU/US Safe Harbor Agreement invalid. It remains to be seen whether the ECJ will follow this recommendation. The controversial nature of the Safe … Continue reading
Posted in Compliance and risk management, Data breachOn the heels of the enactment of the Dutch breach notice law, the Dutch Data Protection Authority (CBP) published a consultation document with draft guidelines on the breach notice obligation of data controllers in the Netherlands. Under the law, data controllers are required to provide notice of data breaches to the CBP and, under certain circumstances, to … Continue reading
