Archives: Regulatory

Subscribe to Regulatory RSS Feed

Government releases proposals to reform UK data protection laws

By Cynthia O’Donoghue, Sarah O'Brien and Asélle Ibraimova on Posted in Big Data, Data & Cyber Security, Global Data Transfers, Information Governance, Privacy & Data Protection, Regulatory
On 17 June 2022, in response to its consultation in 2021 on the same topic (which we wrote about here), the UK government published more detailed proposals to reform data protection laws in the UK. The response to the consultation can be found here. The intention of the reforms is to achieve greater personal data … Continue Reading

ICO enforcement actions in Q1 2022

By Asélle Ibraimova and Angelika Bialowas on Posted in Privacy & Data Protection, Regulatory
In Q1 2022, the UK’s Information Commissioner’s Office (ICO) issued 26 enforcement actions. There were 15 monetary penalties issued, ranging between £2k – £200k, and 11 enforcement notices. The majority of the fines and enforcement notices related to unsolicited marketing activities, two related to data subject rights infringements, and one related to a failure to … Continue Reading

Only Sheriff in Town? Not so fast: National Association of Attorneys General announces the formation of the Center on Cyber and Technology.

By Divonne Smoyer, Roger Gibboni and Karim Alhassan on Posted in Regulatory
With the continued rapid growth of both technological innovations and the market power of the companies spurring these innovations, calls for greater regulation and enforcement of companies in the technology sector are only growing louder. However, the same question continues to be asked – “how can governments regulate businesses they don’t fully understand?”… Continue Reading

UK regulators publish two discussion papers on algorithmic systems

By Cynthia O’Donoghue, Sarah O'Brien and Yunzhe Zhang on Posted in Privacy & Data Protection, Regulatory
On 28 April 2022, the UK Digital Regulation Cooperation Forum (DRCF) published two discussion papers on the benefits and harms of algorithms and on the landscape of algorithmic auditing and the role of regulators, respectively. About DRCF The DRCF consists of four UK regulators: the Competition and Markets Authority, Ofcom, the Information Commissioner’s Office and … Continue Reading

SEC proposes cybersecurity rules for registered funds and investment advisers

By Gerard Stegmaier, Howard Womersley Smith, Kile Marks and Eric Manski on Posted in Data & Cyber Security, Regulatory
The Securities and Exchange Commission (SEC) is proposing new rules to require registered funds (RFs) and investment advisers (RIAs) to implement comprehensive cybersecurity programs. Under the proposed rules, the SEC seeks to accomplish four main objectives, requiring RFs and RIAs to: Maintain and implement cybersecurity policies and procedures; Adopt new recordkeeping standards; Report significant cybersecurity … Continue Reading

Additional cybersecurity measure proposed for CIP Reliability Standards

By Colette Honorable, Debra Ann Palmer, Bart Huffman, Wendell Bartnick and Christian Blair on Posted in Privacy & Data Protection, Regulatory
In response to recent cybersecurity incidents, the Federal Energy Regulatory Commission (FERC) has announced a Notice of Proposed Rulemaking (NOPR) that would task the North American Electric Reliability Corporation (NERC) to impose additional cybersecurity requirements on high-, medium-, and, potentially, low-impact bulk electric systems in its Critical Infrastructure Protection (CIP) Reliability Standards.… Continue Reading

German court prohibits U.S. data transfers in “Cookiebot” decision: Why this decision is special and should alert, but not upset your organization

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, In the Courts, Privacy & Data Protection, Regulatory
On December 1, 2021, in a much-noted decision, the Administrative Court of Wiesbaden (AC Wiesbaden) handed down a preliminary injunction dealing with international data transfers (case 6 L 738/21.WI, available in German here). In the specific case, there was no data transfer mechanism in place and thus the court ordered the defendant to stop using … Continue Reading

FTC significantly amends GLBA Safeguards Rule

By Gerard Stegmaier and Mark Quist on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
The Federal Trade Commission (FTC or Commission) has issued a final rule clarifying its data security requirements for certain covered financial institutions. The new rule, which amends the Safeguards Rule originally promulgated in 2002 under the Gramm-Leach-Bliley Act (GLBA), outlines specific criteria to be incorporated as part of GLBA-covered financial institutions’ information security programs. The … Continue Reading

FTC signals impending enforcement of its Health Breach Notification Rule

By Gerard Stegmaier, Wendell Bartnick, Haylie Treas, Catherine David and Ellen Pighini on Posted in Privacy & Data Protection, Regulatory
Last week, the Federal Trade Commission (FTC) announced in a Statement of the Commission On Breaches by Health Apps and Other Connected Devices (Policy Statement) that the FTC will begin enforcement of its Health Breach Notification Rule (Rule) issued in 2009. The Rule was issued by the FTC to regulate certain businesses that handle health … Continue Reading

Ohio Attorney General Yost discusses consumer protection and privacy laws

By Divonne Smoyer and Kile Marks on Posted in Privacy & Data Protection, Regulatory
In a recent Q&A with Ohio Attorney General (AG) Dave Yost published in the IAPP Privacy Advisor, the first term AG discusses how he continued Ohio’s role as a vigorous enforcer of consumer protection and privacy laws, with a lengthy track record of looking out for the needs of the government, business and consumers equally. … Continue Reading

California AG marks the one-year anniversary of the CCPA’s enforcement with new activities

By Sarah Bruno, Robert Newman, Gerard Stegmaier, Mark Quist, Casey Perrino and Hubert Zanczak on Posted in Privacy & Data Protection, Regulatory
In preparation for the California Privacy Rights Act (CPRA), effective January 1, 2023, the California AG Rob Bonta has been actively enforcing the California Consumer Privacy Act (CCPA) and providing updated guidance for consumers and businesses. The AG recently held a press conference to discuss enforcement proceedings brought by his office over the last year … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2021 Edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, In the Courts, Intellectual Property, Privacy & Data Protection, Regulatory
The Summer 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Update on international data transfers State Labour Court of Baden-Württemberg: No claim for damages for transferring personal data to the United States on … Continue Reading

When are Reach Measurement Cookies exempt from the consent requirement?

By Dr. Andreas Splittgerber, Daniel Kadar, Laetitia Gaillard, Sven Schonhofen and Stéphanie Abdesselam on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection, Regulatory
After Germany became the last EU member state to transpose Article 5(3) of the Directive 2002/58/EC, amended by Directive 2009/136/EC (ePrivacy Directive) into national law, the use of cookies in the EU must meet one of the following requirements: The user’s consent, or The cookie must be strictly necessary in order to provide the service … Continue Reading

Here we go again – Unified Patent Court back on track

By Anette Gaertner, Alexander Klett, Thierry Lautier, Jonathan Radcliffe and Marianne Schaffner on Posted in Intellectual Property, Regulatory
The German Constitutional Court issued a landmark decision with implications for many companies doing business in Europe on July 9, 2021. For decades, the European Commission and EU member states strived to create a pan-European Unified Patent Court (UPC). After overcoming many hurdles, any sensible commentator will be cautious in making statements about the future … Continue Reading

Tune in for the latest updates on our Tech Law Talks podcast

By Sarah Bruno, Therese Craparo, Anthony Diana, Jason Gordon, Cynthia O’Donoghue, Dr. Andreas Splittgerber, Catherine Castaldo and Asélle Ibraimova on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends, from product and technology development to operational and compliance issues that practitioners encounter every day. What’s new in data protection in the EU It has been a busy few weeks in the EU for all things data … Continue Reading

EU: New hate speech rules for social networks in the European Union

By Dr. Andreas Splittgerber and Caroline Walz on Posted in Privacy & Data Protection, Regulatory
There is news for social media network providers operating in the European Union regarding prevention of hate speech and crimes:  Austria enacted a law against hate and crime on social networks, the Communication Platform Act (KoPl-G). Following the German Network Enforcement Act (NetzDG), both laws are intended to make the deletion procedure simpler, more transparent … Continue Reading

Significant privacy enforcement and rulemaking authority granted to Attorney General under Colorado’s Privacy Law

By Sarah Bruno, Karen Lee Lust, Divonne Smoyer, Wendell Bartnick and Hubert Zanczak on Posted in Privacy & Data Protection, Regulatory
Colorado’s recently passed privacy act, the Colorado Privacy Act (CPA), is scheduled to take effect on July 1, 2023, if signed into law by Governor Jared Polis. While the CPA is a comprehensive privacy act which provides certain rights to consumers regarding their personal data, it does not include a private right of action. It … Continue Reading

German federal parliament updates Patents Act

By Anette Gaertner and Alexander Klett on Posted in Intellectual Property, Regulatory
Germany is among the world’s leading patent jurisdictions. However, several years after the implementation of the EU Enforcement Directive, the government felt that the Patents Act (PatG) needed updating. Following lengthy consultations and many changes, the reform bill passed the German federal parliament (Bundestag) very early this morning (June 11, 2021). The second chamber of … Continue Reading

U.S. Department of Labor issues cybersecurity guidance for protecting ERISA-covered plan data

By Bart Huffman, Jenni Krengel, Wendell Bartnick and Haylie Treas on Posted in Data & Cyber Security, Regulatory
The U.S. Department of Labor (DOL) announced in April new cybersecurity guidance (the Guidance) for protecting ERISA-covered plan data from internal and external cybersecurity threats. This Guidance is the first of its kind from the DOL and supplements DOL regulations that govern electronic records and disclosures to plan participants and beneficiaries. The Guidance recognizes that … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Spring 2021 Edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in In the Courts, Intellectual Property, Privacy & Data Protection, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Spring 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: New cookie rules in Germany will apply as of December 1, 2021 German data protection authorities conduct coordinated audits on international data transfers … Continue Reading

Get the latest updates on our Tech Law Talks podcast

By Sarah Bruno, Anthony Diana, LiLing Poh, Dr. Andreas Splittgerber, Catherine Castaldo, Ramona Kimmich, Christian Leuthner and Trevor Satnick on Posted in Cookies, Tracking & Online Behavioral Advertising, Data & Cyber Security, Privacy & Data Protection, Regulatory
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day. On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data risk … Continue Reading

Executive Order for cybersecurity creates new requirements for government contractors

By Leigh T. Hansson, Gregor Pryor, Gerard Stegmaier, Liza Craig, William Kirkwood and Joshuah Turner on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
In response to a number of recent high-profile cyber attacks aimed at federal agencies, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity (EO) on May 12, 2021. The EO which created a new Cyber Safety Review Board to review major cyber incidents and requires information and communications technology (ICT) service providers entering into contracts … Continue Reading

NICE AI: A health data opportunity

By Cynthia O’Donoghue on Posted in Privacy & Data Protection, Regulatory
The UK National Institute for Health and Care Excellence (NICE), along with the Care Quality Commission (CQC), Health Research Authority (HRA) and Medicines and Healthcare products Regulatory Agency (MHRA) have partnered to promote the use of artificial intelligence (AI) in health and care. The agencies are calling this initiative the “Multi-Agency Advisory Service for AI … Continue Reading
LexBlog