Archives: Regulatory

Subscribe to Regulatory RSS Feed

Risks and considerations when storing crypto-assets

Following the sudden death of its co-founder and CEO, Gerald Cotten, in December 2018, Quadriga, Canada’s largest cryptocurrency exchange, is unable to gain access to about $145 million of bitcoin and other digital assets. Quadriga reports that Cotton stored the digital assets in a “cold wallet” on his encrypted laptop and repeated attempts by his … Continue Reading

Comprehensive data privacy legislation introduced in Massachusetts – includes private right of action without a need to prove harm

Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading

German supervisory authority audited 40 websites on the use of tracking tools – and none of them was compliant

The Bavarian Data Protection Authority (‘Bavarian DPA’) audited major Bavarian websites for their use of tracking tools on Safer Internet Day. It calls its findings “desolate”. None of the tracking tools were implemented in a compliant manner. Audit by the Bavarian DPA Tracking and the requirements for using cookies have been a highly debated topic … Continue Reading

Singapore announces series of initiatives to boost cybersecurity in the telecoms sector

Singapore has set up a new Telecom Cybersecurity Strategic Committee (TCSC) to develop a plan to tackle ‘next-generation cyber threats’ in the telecommunications sector. The committee is expected to publish a strategy report and outline a roadmap for telecommunications operators to develop cybersecurity capabilities later in 2019. The report and roadmap will include recommendations for … Continue Reading

First sanction decision rendered by the CNIL under the GDPR: GDPR awareness 2.0 has begun

In an interview dated February 2018,[1] Isabelle Falque-Pierrotin, at the Head of the French data protection authority (CNIL), stated that the CNIL would adopt a flexible and pragmatic approach from May 2018 onwards when controlling compliance with data protection requirements. The first decision of sanction rendered by the CNIL on Monday January 21, 2019, which … Continue Reading

Data brokers begin 2019 with new Vermont law

A new Vermont law enforcing data security and annual disclosure obligations on data brokerage companies (e.g., Acxiom, Experian, Epsilon) came into effect on January 1, 2019.  Data brokers are required to register annually with the Vermont Attorney General and pay an annual registration fee.  Annually, data brokers must release information regarding practices related to the … Continue Reading

London as the capital of FinTech

London has historically been considered the centre of European financial services. Now it is also viewed as the capital of financial technology (FinTech). However, with the likelihood of a no-deal Brexit becoming ever more real, and increasing attempts to lure FinTech firms to the continent, London’s title is under threat. London provides a haven where … Continue Reading

Rise of AI poses new regulatory challenges

Companies that employ algorithms, machine learning and artificial intelligence (AI) in their day-to-day business may face increased attention from federal antitrust and consumer protection regulators in the future. On November 13–14,  the Federal Trade Commission (FTC) addressed this topic in their hearings on “Competition and Consumer Protection in the 21st Century.” The panelists, an assembly … Continue Reading

UK government introduces Data Retention and Acquisition Regulations 2018

The Data Retention and Acquisition Regulations 2018 (the regulations) entered into force on 31 October 2018. The regulations concern the retention of communications data by telecommunications and postal operators and the acquisition of communications data by public authorities. “Communications data” means data concerning a communication transmission, but not the content of the communication. For example, … Continue Reading

Federal Court deals SEC a setback in Blockvest ICO litigation

On November 28, 2018, the U.S. Securities and Exchange Commission’s (SEC) request for a preliminary injunction against Defendants Blockvest, LLC (Blockvest) and Blockvest’s founder and chairman Reginald Buddy Ringgold, III (Ringgold) was denied by United States District Court for the Southern District of California. Blockvest and Ringgold were offering and selling unregistered securities in the … Continue Reading

Regulating the tech giants

“2018 was the year that people have woken up to the importance of privacy and have begun to bite back at big tech”. This was the view expressed by James Dipple-Johnstone, Deputy Commissioner (Operations) at the UK Information Commissioner’s Officer (ICO), during his recent speech at the Institute of Directors in London. The speech focused … Continue Reading

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

SEC settles two ICO enforcement actions

The U.S. Securities and Exchange Commission (SEC) recently settled two initial coin offering (ICO) enforcement actions grounded on the sale of unregistered securities. The two settlements, one with CarrierEQ Inc. (or AirFox) and the other with Paragon Coin Inc., are the first time the SEC has imposed civil penalties on companies solely for offering digital … Continue Reading

German State Media Authorities issue new guidance paper on marking adverts on social media

Recently, the German media regulators, the State Media Authorities (Landesmedienanstalten), issued a joint guidance paper on marking adverts on social media, which is available in German language here (Leitfaden der Medienanstalten, Werbekennzeichnung bei Social Media-Angeboten; “Guidance Paper”). The Guidance Paper replaces the State Media Authorities’ earlier FAQs. It is intended to help organisations and individuals … Continue Reading

ICC updates marketing and advertising code to account for the digital world

The International Chamber of Commerce (ICC) has revised its code of conduct for advertising and marketing (the ICC code) to keep up with the “rapid evolution of technology and technologically-enhanced marketing communications and techniques”. The revised ICC code considers emerging digital marketing and advertising practices, in order to set a “gold standard for modern rule-making … Continue Reading

Highlighting the “SEC” in cybersecurity: Continued regulatory focus on preparedness and response

In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The … Continue Reading

ICO publishes security guidance on encryption and passwords

Earlier this month, the Information Commissioner’s Office (ICO) published security guidance in its guide to the General Data Protection Regulation (GDPR). The guidance focuses specifically on encryption and passwords. It suggests points to be considered during implementation and offers some helpful “dos and don’ts”. Encryption Article 32 of the GDPR specifies encryption as an example of … Continue Reading

Tesco Bank fined £16.4 million for cyber-security failings

The UK Financial Conduct Authority (FCA) announced at the start of last month that it had fined Tesco Bank £16.4 million for a cyber-attack that occurred two years ago. In November 2016, 8,261 personal current accounts at Tesco Bank were compromised. Attackers obtained customers’ debit card details and entered into thousands of unauthorised transactions. This … Continue Reading

The dawn of crypto-asset regulation

Last month (September 2018), the House of Commons Treasury Committee issued a report on its inquiry into the regulation of crypto-assets. The inquiry examined, amongst other subjects, the role of digital currencies in the UK; the impact of distributed ledger (blockchain) technology; and how these should be regulated. The report recommends improvements to consumer and … Continue Reading

Singapore data protection commission fines carpooling service and LAN gaming centre

Two businesses have been fined a total of S$13,000 for breaching Singapore’s data protection law. GrabCar Facts The first decision involved a carpooling service operated by GrabCar through an app. Twenty drivers had their accounts suspended for flouting usage rules for the platform. They were allowed to submit an appeal, by filling a Google form … Continue Reading

An interview with North Carolina AG Josh Stein

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading

Southeast Asian nations to form regional framework for cybersecurity cooperation

The Association of Southeast Asian Nations (ASEAN) announced last week that it will create a rules-based framework for its 10 member states to cooperate on cybersecurity matters. The 10 ASEAN members are Singapore (which is the chair for ASEAN this year), Malaysia, Indonesia, the Philippines, Thailand, Vietnam, Brunei, Myanmar, Laos and Cambodia. Singapore is expected … Continue Reading
LexBlog