The 2022 National Association of Attorneys General (NAAG) Presidential Summit, held last week in Des Moines, Iowa, signaled a clear partnership between state AGs, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) to accomplish Iowa AG Tom Miller’s “fight back” presidential initiative: Consumer Protection 2.0: Tech Threats and Tools. Picking up … Continue Reading
With increased digitization of business processes and services affecting all industries and enterprises, the need for accessible digital tools continues to grow. Indeed, 26% of adults living in the United States have some type of disability, highlighting the crucial role accessibility tools serve in ensuring an inclusive digital environment. Furthermore, in certain instances, the implementation … Continue Reading
On 14 July 2022, the UK Information Commissioner’s Office (“ICO”) has launched a public consultation on its draft strategic three year plan, titled “ICO25”. The plan sets out a commitment to safeguard the information rights of the most vulnerable individuals with the aim of empowering people to confidently share their information to use today’s market … Continue Reading
On 17 June 2022, in response to its consultation in 2021 on the same topic (which we wrote about here), the UK government published more detailed proposals to reform data protection laws in the UK. The response to the consultation can be found here. The intention of the reforms is to achieve greater personal data … Continue Reading
In Q1 2022, the UK’s Information Commissioner’s Office (ICO) issued 26 enforcement actions. There were 15 monetary penalties issued, ranging between £2k – £200k, and 11 enforcement notices. The majority of the fines and enforcement notices related to unsolicited marketing activities, two related to data subject rights infringements, and one related to a failure to … Continue Reading
In the June edition of IAPP’s Privacy Advisor, Divonne Smoyer and Roger Gibboni talk to Indiana State Attorney General Todd Rokita on the possibility of Congress passing a federal privacy law, Indiana’s different approaches to data privacy and protection, and its recent announcement that the state was joining Washington, Texas, and D.C. in an enforcement … Continue Reading
Four years ago, the General Data Protection Regulation (“GDPR”) came into force in the EU. Since then, the GDPR has had a domino effect, as many countries in the world have used it as a model to shape their own rules on the handling of personal data. Given the rapid changes in data protection legislation … Continue Reading
On 28 April 2022, the UK Digital Regulation Cooperation Forum (DRCF) published two discussion papers on the benefits and harms of algorithms and on the landscape of algorithmic auditing and the role of regulators, respectively. About DRCF The DRCF consists of four UK regulators: the Competition and Markets Authority, Ofcom, the Information Commissioner’s Office and … Continue Reading
On 4 May 2022, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation (available here) to request views from the tech industry on potential interventions to enhance security and privacy requirements for firms running app stores and developers making apps.… Continue Reading
On 22 March 2022, the European Commission (“EC”) adopted two new proposals for a Cybersecurity Regulation and an Information Security Regulation (available here and here). These regulations aim to set common priorities and frameworks in order to further strengthen inter-institutional co-operation, minimise risk exposure and further strengthen the EU security culture.… Continue Reading
On March 8th, the Children’s Advertising Review Unit (“CARU”), a FTC-approved safe harbor organization that monitors compliance with the Children’s Online Privacy Protection Act (“COPPA”), announced it had found TickTalkTickTalk––a children’s smart watchmaker and one of CARU’s member organizations—in violation of COPPA and CARU’s privacy guidelines.… Continue Reading
As you might know, the new EU SCCs were published last year. The UK has now issued new templates for data transfers that can be used from 21 March 2022. With the UK templates confirmed and available, many multinational organisations with presence in the EU and the UK are gearing up to transition their contracts … Continue Reading
In the latest edition of the IAPP Privacy Advisor, Divonne Smoyer and Roger Gibboni talk with Iowa Attorney General (AG) Tom Miller on the latest issues surrounding emerging technology, data privacy and consumer protection. As the longest serving state AG in U.S. history and the President of the National Association of Attorneys General, AG Miller … Continue Reading
The Winter 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version… Continue Reading
The UK’s data protection regulator, the Information Commissioner’s Office (‘ICO’), has released draft guidance on the research provisions within the UK’s General Data Protection Regulation (‘UK GDPR’) and Data Protection Act (‘DPA’). The guidance is out for public consultation until 22 April 2022.… Continue Reading
Maryland and California look to join the list of states that not only regulate biometric data but provide consumers with the opportunity to seek hefty statutory damages and attorney’s fees from offending businesses. Similar to Illinois’ oft-litigated Biometric Information Privacy Act (“BIPA”), both bills would also (i) require written consent prior to the collection of … Continue Reading
Two Chinese information security laws, the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”), are creating difficulties for parties involved in litigation in the United States seeking discovery materials stored in China. Both the DSL and the PIPL require data processors to obtain approval from the Chinese government before transferring any data … Continue Reading
In January 2022, several decisions by the French data protection regulator (“CNIL”) were published regarding the implementation of French cookie requirements, sending out a strong signal to website operators targeting French users. On 6 January 2022, the CNIL issued fines totalling 150 million euros and 60 million euros, to Google and Facebook respectively, for violations … Continue Reading
On 7 February 2022, the UK Information Commissioner’s Office (ICO) announced that it had launched a consultation on Chapter 3 of its draft guidance on anonymisation, pseudonymisation, and privacy enhancing technologies (PET).… Continue Reading
The Attorney General Alliance and the Colorado Department of Law’s recent symposium “Colorado Privacy Act: Rights, Obligations, and Next Steps” demonstrates a continued commitment by various state attorneys general to influence and enforce data privacy policies. The panel discussions focused on the Colorado Privacy Act (CPA), one of only three comprehensive data privacy laws in … Continue Reading
In response to recent cybersecurity incidents, the Federal Energy Regulatory Commission (FERC) has announced a Notice of Proposed Rulemaking (NOPR) that would task the North American Electric Reliability Corporation (NERC) to impose additional cybersecurity requirements on high-, medium-, and, potentially, low-impact bulk electric systems in its Critical Infrastructure Protection (CIP) Reliability Standards.… Continue Reading
In a judgment handed down by the UK Court of Appeal on 21 December 2021 ([2021] EWCA Civ 1952, available here), Walter Soriano, the claimant, was granted his cross-appeal, giving him permission to serve Forensic News LLC and four other defendants in the United States with proceedings under the General Data Protection Regulation (GDPR). The … Continue Reading
There’s no doubt 2022 will be a big year for data privacy compliance with three new laws going into effect in 2023. On January 1, 2023, the California Privacy Rights Act (CPRA) will replace and amend California’s most recent, comprehensive data privacy law, the California Consumer Privacy Act (CCPA), and Virginia’s first extensive privacy law, … Continue Reading
Following a consultation in January 2021, the European Data Protection Board (EDPB) has published its finalised guidelines on examples of personal data breaches and whether they are notifiable. These guidelines supplement previous guidance on personal data breach notification: the Opinion on Personal Data Breach Notification (Opinion 03/2014) and the general Guidelines on Personal Data Breach … Continue Reading