Archives: Privacy & Data Protection

Subscribe to Privacy & Data Protection RSS Feed

It’s time to reassess cookie compliance in France

Companies have been challenged with respect to their cookie policies and their implementation due to the entry into force of the GDPR earlier than the proposed ePrivacy Regulation  Given the delay in the adoption of an EU-wide regulation on e-privacy, national data protection authorities have taken the initiative in publishing guidelines on cookies requirements. The … Continue Reading

California Attorney General issues revised draft regulations with key changes for regulated businesses

The public spoke and the California Attorney General (AG) listened.  Nearly four months after releasing initial proposed CCPA regulations, the California AG has issued a revised draft addressing many of the comments and concerns of both industry and privacy attorneys.  Although the structure and fundamental principles have not changed, the revisions will impact most CCPA … Continue Reading

2020 could be a monumental year for adtech

With the California Consumer Privacy Act (CCPA) coming into effect on January 1 and the announcement on 14 January from Google that it will be phasing out third party cookies within the next two years, it seems that 2020 will be a significant year for the adtech industry as industry players react with solutions and … Continue Reading

Uncertainty persists in biometric litigation

Companies facing class action litigation stemming from Illinois’ Biometric Privacy Act, 740 ILCS 14/1 et seq. (BIPA), will not get conclusive guidance from the U.S. Supreme Court on the issue of Article III standing. Despite the substantial increase in BIPA class actions filed between 2018 and 2019, and amici briefs imploring the Supreme Court to … Continue Reading

What’s next with Brexit, data protection and data transfers?

Following the UK Conservatives Party’s landslide victory in December 2019, there were immediate implications for the UK’s Withdrawal from the European Union, which resulted in the UK withdrawing from the EU on 31 January 2020. With the European Parliament’s approval of the Withdrawal Agreement, the UK is now in a transition period until 31 December … Continue Reading

Novel coronavirus outbreak throws up data privacy questions for businesses in China, Hong Kong and Singapore

The World Health Organization (WHO) declared on January 30, 2020, that the outbreak of 2019 nCoV (novel coronavirus) is a “Public Health Emergency of International Concern.” Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public health … Continue Reading

Maryland Attorney General Brian Frosh talks to Reed Smith about privacy and consumer protection

Reed Smith IP, Tech & Data attorneys Divonne Smoyer and Alexis Cocco conducted an in-depth Q&A with Maryland Attorney General Brian Frosh. During the interview, he discusses his priorities for data privacy and security for Maryland, including his hopes for future legislation in both Maryland and federally. AG Frosh is currently in his second term … Continue Reading

Cyber crime now poses increasing threat to the cannabis industry

According to a report issued last week, tens of thousands of cannabis dispensary customers’ personal data has been exposed following a data breach of a sales system that at least three (and likely more) cannabis dispensaries may have used to manage their sales to customers. Our recent client alert highlights the increasing threat that cyber … Continue Reading

Bipartisan proposals, FTC review signal likely changes to COPPA

With newly proposed legislation, the House has joined the Senate in introducing bipartisan legislation making changes to the Children’s Online Privacy Protection Act (COPPA). This pending legislation, when combined with the Federal Trade Commission’s (FTC) ongoing COPPA review and workshop, foreshadows expanded COPPA protections, especially for teenagers between 13 and 15 years of age. In … Continue Reading

Five more steps to handling claims in 2020

A top goal for 2020 is to review and negotiate your directors and officers (D&O) (and other) insurance policies to make sure they are as favorable as possible from a coverage and pricing perspective. (See Make a few small yet substantial plans: five steps to managing directors’ and officers’ liability insurance and other risks in 2020.) … Continue Reading

New year, new laws: Washington re-introduces comprehensive privacy act among flurry of 2020 consumer privacy bills

Washington state’s lawmakers started the 2020 legislative session with a renewed focus on consumer privacy through the introduction of ten privacy-related bills across the state House and Senate on January 13. Chief among these proposals was the comprehensive Washington Privacy Act (WPA), a new version of which was re-introduced in the Senate after the previous … Continue Reading

Proposed CCPA amendment would provide significant clarity to health care and life sciences companies

Despite intensive lobbying from industry groups, multiple amendments before its effective date, and extensive proposed regulations from the California attorney general, the California Consumer Privacy Act (CCPA) went into effect earlier this month with still many questions left unanswered: What compromises will be made regarding employee and business-to-business data? Will there be further insight into … Continue Reading

New Illinois employment law signals increased state focus on artificial intelligence in 2020

With the Artificial Intelligence Video Interview Act (effective January 1, 2020), or “AI Video Act,” Illinois has passed a groundbreaking new law regulating the use of artificial intelligence (“AI”) in video recruitment practices. Background Employers increasingly seek tech-enabled tools to facilitate the hiring, evaluation, retention and development of their workforces. However, as the implementation of … Continue Reading

The EDPB on ‘Data Protection by Design and by Default’

On 13 November 2019, the European Data Protection Board (EDPB) adopted the guidelines on Data Protection by Design and Default (DPbDD) for public consultation (link here) until 16 January 2020, providing an in-depth analysis of the components that make up DPbDD under GDPR article 25. We highlight below some of the key definitions. Background DPbDD … Continue Reading

EDPS, data protection and scientific research

This week the EU’s independent data protection authority (DPA), the European Data Protection Supervisor (EDPS), published a preliminary opinion on data protection and scientific research subject to the General Data Protection Regulation 679/2016 (GDPR) and Regulation 1725/2018 governing data protection in EU institutions (Preliminary Opinion). Regulation 1725/2018 is very similar to the GDPR’s provisions in … Continue Reading

Biometric privacy: The year in review and looking toward 2020

2019 signalled significant growth in both regulatory focus and litigation involving biometric privacy. The passage of the California Consumer Privacy Act (CCPA), the addition of biometrics to numerous state data breach notification laws (including New York), and continued class action lawsuits emanating from Illinois’ Biometric Information Privacy Act (BIPA) made biometrics a trend line in … Continue Reading

Evaluation of the GDPR – The German supervisory authorities weigh in

The German Data Protection Authorities (German DPAs) released a “Report on the Experience Gained in the Implementation of the GDPR”, which was adopted at their conference on November 6, 2019 (Report; available in German here and English here). In this blog, we summarize the key issues that the German DPAs have raised in the Report. … Continue Reading

New year, new risks

According to experts, most New Year’s resolutions fail because sweeping change is difficult. Rather, the best results come from taking small steps. Here are five small steps to take to make sure your directors’ and officers’ (D&O) coverage can tackle potential cyber risks. Review your coverage program from last year. Endorsements, policy provisions, and pricing … Continue Reading

An FAQ guide to data breach notifications in Singapore

Singapore’s Personal Data Protection Commission (PDPC) has announced that data breach notification will soon become mandatory in Singapore. However, not all breaches need to be reported. We have prepared this guide to aid businesses in understanding when, to whom and how to notify should they encounter a data breach. As further guidance and details on … Continue Reading

ENISA releases report detailing security guidelines for Internet of Things

On 19 November 2019, the European Union Agency for Network and Information Security (ENISA) released its report ‘Good practices for security of Internet of Things (IoT)’ (Report), providing a comprehensive analysis of security concerns surrounding IoT, secure Software Development Life Cycle (sSDLC) principles, and setting out best practices. Below, we highlight some of the key … Continue Reading

Advocate General gives opinion on Schrems II: an early Christmas present?

Today, the Advocate General Henrik Saugmandsgaard Øe (AG) published his opinion on a case brought by privacy rights activist, Max Schrems (C-311/18, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems) (Schrems II). The case concerns the validity of the standard contractual clauses (SCCs). The Court of Justice of the European Union (CJEU) press release … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Winter 2019 Edition)

The Winter 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: ECJ decision on the use of cookies (“Planet49”) does not provide clarity ECJ: Global take-down duties of hosting providers ECJ on the territorial … Continue Reading
LexBlog