Privacy & Data Protection

The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German version

Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)

Background

On 1 August 2022, the Court of Justice of the European Union (“CJEU”) issued a decision (“Decision”) clarifying how the indirect disclosure of sexual orientation data is protected as special category data under Article 9 of the EU General Data Protection Regulation (“GDPR”). “Special Category Data” is defined within Article 9(1) of the GDPR and includes (for example) a data subject’s racial or ethnic origin or data concerning a natural person’s sex life or sexual orientation. The processing of such sensitive personal data is expressly prohibited, unless the processing is exempted from the prohibition in the sense of Article 9(2) GDPR.

Continue Reading CJEU rules on interpretation of EU GDPR special categories of data

The 2022 National Association of Attorneys General (NAAG) Presidential Summit, held last week in Des Moines, Iowa, signaled a clear partnership between state AGs, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) to accomplish Iowa AG Tom Miller’s “fight back” presidential initiative: Consumer Protection 2.0: Tech Threats and Tools. Picking up from the 2021 kickoff of Miller’s NAAG initiative this past December, the NAAG Summit featured a variety of speakers from the federal, state, and private sectors, including, most notably, from the FTC and CFPB.

Continue Reading Guardians of the Consumer: State AGs team up with FTC and CFPB to protect consumers online – Consumer Protection 2.0: Tech, Threats, and Tools

With increased digitization of business processes and services affecting all industries and enterprises, the need for accessible digital tools continues to grow. Indeed, 26% of adults living in the United States have some type of disability, highlighting the crucial role accessibility tools serve in ensuring an inclusive digital environment.  Furthermore, in certain instances, the implementation of accessibility best practices may be legally required. We discuss these issues in our most recent Tech Law Talks podcast.

Continue Reading Digital Accessibility: Legal & Practical Issues to Consider

On 14 July 2022, the UK Information Commissioner’s Office (“ICO”) has launched a public consultation on its draft strategic three year plan, titled “ICO25”. The plan sets out a commitment to safeguard the information rights of the most vulnerable individuals with the aim of empowering people to confidently share their information to use today’s market products and services, with work particularly targeting:

  • children’s privacy;
  • AI-driven discrimination;
  • the use of algorithms within the benefits system; and
  • the impact of predatory marketing calls.


Continue Reading ICO25: ICO sets out its three year strategic plan

On 17 June 2022, in response to its consultation in 2021 on the same topic (which we wrote about here), the UK government published more detailed proposals to reform data protection laws in the UK. The response to the consultation can be found here. The intention of the reforms is to achieve greater personal data use enabling economic growth by removing barriers and reducing obstacles for organisations whilst maintaining high standards of personal data protection and EU adequacy.

Continue Reading Government releases proposals to reform UK data protection laws

In Q1 2022, the UK’s Information Commissioner’s Office (ICO) issued 26 enforcement actions. There were 15 monetary penalties issued, ranging between £2k – £200k, and 11 enforcement notices. The majority of the fines and enforcement notices related to unsolicited marketing activities, two related to data subject rights infringements, and one related to a failure to ensure adequate security around personal data. The last related to a ransomware attack and despite the controller being subjected to a malicious cybercrime, it was penalised for a failure to address known vulnerabilities and to prevent the ransomware attack in time.

Continue Reading ICO enforcement actions in Q1 2022

In the June edition of IAPP’s Privacy Advisor, Divonne Smoyer and Roger Gibboni talk to Indiana State Attorney General Todd Rokita on the possibility of Congress passing a federal privacy law, Indiana’s different approaches to data privacy and protection, and its recent announcement that the state was joining Washington, Texas, and D.C. in an

Four years ago, the General Data Protection Regulation (“GDPR”) came into force in the EU. Since then, the GDPR has had a domino effect, as many countries in the world have used it as a model to shape their own rules on the handling of personal data. Given the rapid changes in data protection legislation around the world, legal and compliance teams of multinational organisations are under pressure to keep up with such developments as they continuously adapt their compliance programs in response.

Continue Reading The fourth anniversary of the GDPR: How the GDPR has had a domino effect