Archives: Regulatory

Subscribe to Regulatory RSS Feed

Children first: the ICO’s code for design standards in online services for children is one step closer to completion

Earlier this year, the Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online services (Code). The consultation closed on 31 May 2019 but the ICO has recently released an update on its progress in producing the Code. The finalised Code will be informed … Continue Reading

Berlin DPA announced high GDPR fines

Recently, the Berlin Data Protection Authority (Berlin DPA) announced that it would issue a high administrative fine for violations of the General Data Protection Regulation 2016/679 (GDPR). The announcement is available in German on the website of the City of Berlin. The fine will likely be a double-digit million amount of euros. The Berlin DPA … Continue Reading

New York enacts new security and identity theft protection laws in response to recent data breaches

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (S.5575B/A.5635), which significantly increases obligations for businesses handling private data to notify affected consumers upon experiencing a security breach. Additionally, Governor Cuomo signed the Identity Theft Prevention and Mitigating Services Act (A.2374/S.3582), requiring … Continue Reading

$5 billion Federal Trade Commission settlement with Facebook represents largest privacy enforcement penalty ever

The Federal Trade Commission’s (FTC) recent $5 billion settlement with Facebook is unprecedented in multiple respects: The $5 billion penalty represents the largest privacy and data security settlement in history – it is almost 20 times larger than the recent Equifax Inc. settlement and dwarfs recent EU data protection enforcement actions. As part of the … Continue Reading

U.S. Chamber of Commerce assembles key stakeholders to discuss data privacy

The U.S. Chamber of Commerce (the “Chamber”) recently hosted a data privacy summit, “#DataDoneRight”, which brought together a group of industry professionals, government stakeholders, and privacy thought leaders to talk about data privacy. The Chamber, which has proposed federal privacy legislation, engaged a wide variety of speakers, covering multiple viewpoints, to demonstrate the need for … Continue Reading

GA AG Carr talks data privacy at U.S. Chamber of Commerce

The U.S. Chamber of Commerce last week gathered a diverse, bipartisan group of policymakers, regulators, industry representatives and thought leaders to discuss all things data privacy at #DataDoneRight, its 2019 privacy summit. Topics included the California Consumer Privacy Act, the possibility of federal privacy legislation and working with privacy regulators, and the summit featured a … Continue Reading

Sense or censorship – the sequel. The Information Commissioner responds to the government’s online harms white paper

Avid readers of this blog (and we trust there are many of you!) will recall that the UK government recently published a white paper. The white paper sets out the UK government’s approach to regulating the internet to tackle online harms. The Information Commissioner’s Office (ICO) has just published the Information Commissioner’s (Commissioner) full response to … Continue Reading

State AGs continue to consider new ways to protect data privacy

As states’ “top cops,” one of the primary responsibilities of state attorneys general (AGs) is consumer protection, and more and more AGs are focusing on how to protect consumer data privacy. Discussions at the recent Conference of Western Attorneys General (“CWAG”) Annual Meeting in Santa Barbara reflect this focus and demonstrate that state enforcers are … Continue Reading

Not quite everything everywhere – ICO fines EE £100,000 for unsolicited text messages

The Information Commissioner’s Office (ICO) announced a £100,000 fine imposed on the telecoms company, EE Limited (EE), for breaching the Privacy and Electronic Communications Regulations 2003 (PECR). The timing of the breach meant that the General Data Protection Regulation 2016/679 (GDPR) was not applicable. What happened? EE sent customers a text message encouraging them to … Continue Reading

German Parliament voted ‘Yes’ to Second GDPR Implementation Act

In a late night session on 28 June 2019, the German Parliament (Bundestag) passed the Second GDPR Implementation Act (2. Datenschutz-Anpassungs-und-Umsetzungsgesetz EU – 2. DSAnpUG-EU; the Act). The Act is available online in German here and here. For more information on the First German GDPR Implementation Act read our blog here. The Act will amend 154 German … Continue Reading

GDPR on its first birthday – people know what it is but aren’t sure what it does

Never one to miss a bandwagon, the European Commission has published three documents to mark the first year of GDPR: a Eurobarometer survey on data protection (Eurobarometer Survey); a multi-stakeholder expert group (MEG Report); and guidance on the free flow of non-personal data within the EU (reported on here). We set out some of the … Continue Reading

Not just any data, this is smart data – UK government consultation

Earlier this month, the UK government launched its Smart Data Consultation (Consultation). The Consultation follows the publication of the terms of reference which launched the smart data review late last year, and seeks input on proposals to: enable data-driven innovation in consumer markets; use data and technology to help vulnerable consumers; and ensure consumers and … Continue Reading

FTC and state law enforcement officials step up efforts against illegal telemarketing

The Federal Trade Commission (FTC) announced a joint state-and-federal initiative, “Operation Call It Quits,” which targets illegal telemarketing practices that violate the FTC’s Telemarketing Sales Rule (TSR). The TSR, which applies to interstate telephonic marketing communications intended to “induce the purchase of goods or services or a charitable contribution,” makes it illegal to engage in “abusive” acts and … Continue Reading

The ICO’s take on explaining AI

The Information Commissioner’s Office (ICO) and the Alan Turing Institute have recently released an interim report (Report) outlining their approach to best practices in explaining artificial intelligence (AI) to users. The Report is of particular relevance to operators of AI systems who may be considering their duties under the General Data Protection Regulation 2016/679 (GDPR). In … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Spring 2019 Edition)

The Spring 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on cookies and tracking tools, Facebook fan pages, fines under GDPR, influencer marketing, email encryption, platform provider obligations, framing, the new German Trade Secrets Act, and more. The newsletter also includes multiple … Continue Reading

EDPB completes guidelines on codes of conduct, certification and accreditation of certification bodies

At its eleventh plenary session on 4 June 2019 in Brussels, the European Data Protection Board (EDPB) adopted final versions of (1) the Guidelines 1/2019 on codes of conduct and monitoring bodies under Regulation 2016/679, (2) annex 2 to the Guidelines on certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 … Continue Reading

First sanction decision rendered by the CNIL regarding data breaches worth almost 1 per cent of the company’s yearly turnover: the era of tolerance seems to be over

By a new decision of sanction rendered on 28 May 2019, the French data protection authority Commission nationale de l’informatique et des libertés (CNIL) imposed a €400,000 fine on French property management company Sergic for failure to comply with its obligation to maintain the security of and to limit the storage of personal data. This … Continue Reading

60% of British adults and 80% of young teenagers suffered harm online in the last 12 months – the UK debate about the need to regulate the internet continues apace

Britain’s data protection and broadcasting regulators, the Information Commissioner’s Office and Ofcom, have published a joint Report looking into internet users’ concerns about online harms. The British government’s recently published White Paper, which outlined its approach for regulating the internet to tackle online harms, was informed by this Report. Methodology Over 3,000 interviews were conducted … Continue Reading

Regulating UK digital services – the British government shares its thoughts

The UK government recently published its response (Government Response) to a House of Lords committee report (Committee Report) discussing prospective regulation of digital services facilitated by the internet. The Government Response largely accepts the key recommendations of the Committee Report, and finds the Committee Report is closely aligned with the government’s preferred approach. The Government … Continue Reading

UK Jurisdiction Taskforce consultation on cryptoassets, distributed ledger technology and smart contracts

The UK Jurisdiction Taskforce (UKJT) recently published a consultation paper requesting submissions from stakeholders working with, or interested in, cryptoassets, distributed ledger technology (DLT) and smart contracts. Submissions will inform a legal statement by UKJT which will aim to settle questions on the legal status of cryptoassets and smart contracts. UKJT is drawn from industry, … Continue Reading

One year of GDPR – lessons learned by the ICO

The Information Commissioner’s Office (ICO) has published its update reflecting on its GDPR experience over the past year and its upcoming priorities to stay relevant, foster innovation and maintain its position as an “influential regulator on the national and international stage”. Supporting the public, DPOs, SMEs and other organisations The first year of the GDPR … Continue Reading

FCA and PRA jointly fine Raphaels Bank for outsourcing failure

R. Raphael & Sons plc (Raphaels) has received fines totalling £1,887,252 from the FCA and PRA for repeated failings in relation to inadequate systems and controls supporting the oversight and governance of its outsourcing arrangements. Raphaels outsourced certain functions that supported payment services for its prepaid and charge card programmes in the UK and Europe … Continue Reading
LexBlog