The European Union Agency for Cybersecurity (ENISA) has been supporting the European Union (EU) Member States in developing, implementing and evaluating their cyber security strategies. Since 2012 and as part of this support, ENISA has been developing tools, studies and guidelines to help EU Member States build on their national cyber security strategies. The latest … Continue Reading
Last week (28 November 2019), the European Banking Authority (EBA) released the final version of its report entitled ‘EBA Guidelines on ICT and security risk management’ (the Guidelines) (link here) on the mitigation and management of financial institutions’ (FIs) information and communication technology (ICT) and security risks. We highlight below some of the key takeaways. … Continue Reading
On 14 November 2019, the Information Commissioner’s Office (ICO) published guidance (link here for organisations that process special category personal data (the Guidance). Previously, organisations tended to focus only on GDPR article 9 processing bases when processing special category personal data. Following this update from the ICO, organisations are reminded that they must have both … Continue Reading
On 19 November 2019, the Basel Committee on Banking Supervision (BCBS) published its report on open banking and its implications for banks and banking supervision. The report builds on the BCBS’ previous findings on open banking and application programming interfaces (APIs) in its 2018 report (“Sound practices on the implications of FinTech developments for banks … Continue Reading
On 12 November 2019, at its 15th plenary meeting, the European Data Protection Board (EDPB) adopted final guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines) following public consultation. We have previously considered the draft guidelines on our blog. The first of the two blogs considered the extra-territorial scope of … Continue Reading
The Lower Saxony Data Protection Authority (Lower Saxony DPA) has audited 50 large and medium-sized organizations on their implementation of the requirements of the GDPR since June 2018. On November 5, 2019, the Lower Saxony DPA released a report summarizing its findings (Report; available in German here). Summary of findings in the Report We previously reported … Continue Reading
On 4 November 2019, Singapore’s Parliament published a draft amendment to the Banking Act. Under the amendment, all banks will be required to evaluate the ability of their service providers (whether these be a branch or office, or an external party) to: (a) safeguard the confidentiality and integrity, and ensure the availability, of the banks’ … Continue Reading
On 23 October 2019, the European Commission (the Commission) released its report on the third annual review of the functioning of the EU–U.S. Privacy Shield (Privacy Shield). The report summarises various improvements in the functioning of the framework, and further ‘concrete steps’ that need to be taken to ensure its continued effectiveness. Background The Commission’s … Continue Reading
In March 2019, the Information Commissioner’s Office (ICO) released a Call for Input on developing the ICO’s framework for artificial intelligence (AI). The ICO simultaneously launched its AI Auditing Framework blog to provide updates on the development of the framework and encourage organisations to engage on this topic with the ICO. On 23 October 2019, … Continue Reading
In July 2019, the UK’s Financial Conduct Authority (FCA) held a week-long Global Anti-Money Laundering and Financial Crime TechSprint (FCA TechSprint) event. The FCA TechSprint looked at ways to effectively combat financial crime and money laundering within the financial services industry. On 16 October 2019, the Information Commissioner’s Office (ICO) released a blog (here) that … Continue Reading
Given the vast challenges California’s sweeping new privacy law, the California Consumer Privacy Act (CCPA), poses for digital marketing, the Interactive Advertising Bureau (IAB) released for public comment a draft of its proposed Compliance Framework for Publishers & Technology Companies (the Framework) on October 22. “Selling” and CCPA challenges for digital. Those who have been … Continue Reading
On October 10th, the Attorney General of California, Xavier Becerra, delivered the highly anticipated text of the proposed California Consumer Privacy Act (CCPA) regulations. However, untouched and unexplained were the Health Insurance Portability and Accountability Act, California Medical Information Act, and clinical research exemptions. The industry has and will continue to grapple with these exemptions, which … Continue Reading
Over the past several years, legislators from coast to coast have increasingly made data privacy and cybersecurity top priorities. The result has been a spike in the number and stringency of laws that impose proactive and reactive responsibilities – covering, for instance, data security and breach notifications – on companies that collect personal information, whether … Continue Reading
The General Data Protection Regulation (GDPR) has prompted a series of legislative proposals in Latin American countries to update data protection regulations, many of which reflect the higher standards of the GDPR. With a large number of European and U.S. companies operating in the region, we look at some of the latest developments below. Argentina … Continue Reading
The European Data Protection Board (EDPB) met for its fourteenth plenary session on 8 and 9 October 2019. One of the key developments was the adoption of the final version of its guidelines on the contractual lawful basis for the processing of personal data in the context of online services under Article 6(1)(b) of the … Continue Reading
After a month of rumors, uncertainty, and German data protection authorities being nontransparent, the German conference of data protection authorities (Datenschutzkonferenz, DSK) published the concept for calculating administrative fines for data protection violations (Concept, available here) on October 16, 2019. The Concept sets out a standardized approach regarding the calculation of administrative fines in accordance … Continue Reading
The Office of Administrative Law approved an adjustment to the covered electronic waste (CEW) recycling fee for covered electronic devices (CED) on October 8, 2019. When a California consumer buys a CED – generally, any video display device with a screen larger than four inches – from a retailer, a CEW recycling fee is assessed. … Continue Reading
On October 10, 2019, California Attorney General Xavier Becerra issued proposed regulations implementing and interpreting the California Consumer Privacy Act (CCPA). The draft regulations address privacy policies, consumer notices, practices for handling consumer requests, ways to verify consumer requests, requirements regarding minors, and rules governing nondiscrimination practices. The regulations are currently in draft form, with … Continue Reading
The long-running e-Privacy Regulation saga continues. On 18 September 2019, the Council of the European Union (the Council) released proposed amendments to the draft regulation. We take a look at some of the proposals. Proposals The draft e-Privacy Regulation will replace the current Directive 2002/58/EC to “reinforce trust and security in the Digital Single Market”. … Continue Reading
Another potentially groundbreaking California ballot initiative has been announced, just as companies began to digest and incorporate the amendments to the California Consumer Privacy Act (CCPA) into their compliance plans and learned the draft CCPA regulations will be issued by the California Attorney General in October. Last week, the primary advocate for and co-architect of … Continue Reading
On 9 September 2019, the German Federal Ministry of Economic Cooperation and Development (Bundesministerium für wirtschaftliche Zusammenarbeit und Entwicklung – BMZ) introduced a new, state-regulated environmental label for “Green Button” (Grüner Knopf) certified textiles with a press release, available here. The BMZ also launched the official Green Button website, which is available in German at http://www.gruener-knopf.de/. … Continue Reading
Late last week, the California legislature approved five bills intended to clarify the scope and required compliance obligations of the California Consumer Privacy Act (CCPA or the Act). Organizations now have just over three months to determine whether they need to comply with the newly amended CCPA, assess what their obligations are, and implement the … Continue Reading
The Summer 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: ECJ and GDPR: Another decision hitting social media activities by companies EDPB does not opt for changes to EU standard contractual clauses EU … Continue Reading
Robocalls: everyone receives one or two, but more likely dozens. While some are helpful, most are annoying, and the worst can result in financial fraud. While the FCC and Congress have been taking steps toward addressing the issue, state attorneys general (AGs) have taken the first major action to end unwanted robocalls. On August 22, AGs … Continue Reading
