Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading
The European Data Protection Board (EDPB) recently adopted its opinion on the interplay between the Clinical Trials Regulation 536/2014 (CTR) and the General Data Protection Regulation 2016/679 (GDPR) (the opinion). The opinion was given at the request of the European Commission. The CTR seeks to harmonise the rules for conducting clinical trials throughout the European … Continue Reading
The update to the existing Massachusetts data breach notification statute (set to go into effect on April 11, 2019) introduces novel requirements for notices to both affected individuals and regulators and requires credit monitoring services to be offered in some instances for at least 18 months. The legislation updates the statute in a number of … Continue Reading
In late 2018, the Federal Energy Regulatory Commission (FERC) published a final rule updating and adding to the Critical Infrastructure Protection (CIP) Reliability Standards, which are intended to help protect the bulk electric system (BES) in North America against cybersecurity risks. The final rule: Creates a new Supply Chain Risk Management Reliability Standard (CIP-013-1) Updates … Continue Reading
On 23 January 2019, the European Commission adopted an adequacy decision for Japan, with immediate effect. The decision certifies Japan as having a comparable level of data protection to that of the European Union. On the same day, Japan adopted an equivalent decision regarding the EU’s data protection regime. This is the first example of … Continue Reading
In an interview dated February 2018,[1] Isabelle Falque-Pierrotin, at the Head of the French data protection authority (CNIL), stated that the CNIL would adopt a flexible and pragmatic approach from May 2018 onwards when controlling compliance with data protection requirements. The first decision of sanction rendered by the CNIL on Monday January 21, 2019, which … Continue Reading
Earlier this month, the Information Commissioner’s Office (ICO) brought a criminal prosecution against the parent company of Cambridge Analytica, SCL Elections, for failing to comply with an enforcement notice issued by the ICO. SCL was fined £15,000 and ordered to pay costs. The criminal prosecution may not sound surprising – after all, SCL had failed … Continue Reading
On 22 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against COURTS (Singapore) Pte Ltd (Courts), a consumer electronics and furniture retailer in Singapore. The facts of the case were as follows: A complaint was brought by an individual who discovered that his contact number and address were disclosed in an … Continue Reading
On 14 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against Singapore Health Services Pte. Ltd. (SingHealth) and Integrated Health Information Systems Pte. Ltd. (IHiS) for what has been coined the “worst breach of personal data in Singapore’s history”. The unprecedented cyber attack on SingHealth’s patient database system led to the … Continue Reading
The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 have been laid before the UK Parliament. The regulations are introduced under the European Union (Withdrawal) Act 2018. The Withdrawal Act grants powers to correct deficiencies in UK legislation that will arise as a result of Brexit. The regulations introduce a large … Continue Reading
On January 3, 2019, Singapore’s Personal Data Protection Commission issued two grounds of decision against Bud Cosmetics and AIG Asia Pacific Insurance Pte Ltd & Toppan Forms (S) Pte Ltd. Bud Cosmetics The facts of this case were as follows: Bud Cosmetics is an organic and natural skincare retailer with retail outlets in Singapore and … Continue Reading
In April 2018 the European Commission (Commission) published its Communication on the digital transformation of health and care in the Digital Single Market (Communication). The Commission outlined the need for reforms to health care systems and the development of innovative digital solutions. On 6 December 2018, the European Economic and Social Committee (EESC) published its … Continue Reading
London has historically been considered the centre of European financial services. Now it is also viewed as the capital of financial technology (FinTech). However, with the likelihood of a no-deal Brexit becoming ever more real, and increasing attempts to lure FinTech firms to the continent, London’s title is under threat. London provides a haven where … Continue Reading
Following our previous blog on the upcoming second annual review of the EU-U.S. Privacy Shield, the European Commission published its report on 19 December 2018. In its report, the Commission concludes that the level of protection for personal data transferred under the Privacy Shield from the European Union to the United States continues to be … Continue Reading
On 10 December 2018, the European Parliament, the Council of the European Union, and the European Commission reached agreement on the cybersecurity proposal put forward by the Commission. The aim of the Commission’s proposal is to build strong cybersecurity standards in the EU, allowing the EU to become a global leader in cybersecurity. The proposal … Continue Reading
The Information Commissioner’s Office (ICO) and the UK Department for Culture, Media and Sport (DCMS) have each issued no-deal Brexit data protection guidance. EU/UK personal data transfers The UK government has committed to incorporating the General Data Protection Regulation (GDPR) into domestic UK law when the UK leaves the EU. This means there will not … Continue Reading
On 13 December 2018, the Singapore data protection commission issued four separate decisions against the following organisations, for breaches of the protection obligation under section 24 of the Personal Data Protection Act 2012 (PDPA): Funding Societies Pte Ltd WTS Automotive Services Pte Ltd Institute of Singapore Chartered Accountants SLF Green Maid Agency Funding Societies The … Continue Reading
The Joint Committee on Human Rights has launched an inquiry into the right to privacy under Article 8 of the European Convention on Human Rights (ECHR) and the “Digital Revolution”. The inquiry will examine whether further safeguards to regulate the collection, use, tracking, retention and disclosure of personal data by private companies are required to … Continue Reading
The European Data Protection Board (EDPB) met for its fifth plenary session on 4 and 5 December 2018. The EDPB published a press release, highlighting the three main areas of discussion: EU-Japan draft adequacy decision. The EDPB adopted an opinion on the European Commission’s draft adequacy decision. In adopting its opinion, the EDPB focused on the … Continue Reading
On 16 November 2018, the European Data Protection Board (EDPB) adopted draft guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines). Last week we published a blog on these guidelines, focusing on when the GDPR applies to non-European Union (EU) controllers and processors. This week, we focus on when non-EU … Continue Reading
Tuesday, December 4, is officially “E-Discovery Day” and Reed Smith is doing its part to participate. Join us as we host a free one–hour webinar: “Discovery crossfire: Debating the controversial issues in E-Discovery.” The program, scheduled for 12-1 p.m. ET, will feature debates on five controversial e-discovery issues: Obligations of employers to search employee personal … Continue Reading
The UK government has issued the Privacy and Electronic Communications Regulations (Amendment) 2018 (ePrivacy Regs), which comes into force on 17 December 2018. The ePrivacy Regs amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and modify the application of the Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 and the … Continue Reading
On 16 November 2018, the European Data Protection Board (EDPB) adopted draft guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines). This is the first of two blogs on the guidelines. This blog considers the extra-territorial scope of the GDPR. Next week, we will consider the need for non-European Union … Continue Reading
On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading
