Archives: Regulatory

Subscribe to Regulatory RSS Feed

Is the third time the charm for the Washington Privacy Act?

On September 9, Senator Reuven Carlyle (D-WA) presented an updated draft of the Washington Privacy Act (WPA), suggesting that the WPA will be up for consideration in Washington State’s 2021 legislative session. The next legislative session is scheduled to convene on January 11, 2021, at which point the fate of the WPA will again be in the … Continue Reading

Singapore’s amended Personal Data Protection Act to come into force before year end

The Personal Data Protection (Amendment) Bill (Bill) was introduced and read for the first time in Parliament on October 5, 2020 The Bill proposes significant changes to Singapore’s Personal Data Protection Act 2012 (PDPA). The amendments seek to keep Singapore’s data protection laws up to date with evolving technology developments, as well as global regulatory … Continue Reading

First official guidance on international data transfers post Schrems II – German data protection authority publishes checklist and action items on international data transfers

The German data protection authority of the federal state of Baden-Württemberg (LfDI BW) has issued detailed guidance (Guidance) on international data transfers this August and September. This is the first official guidance by a data protection authority following the decision of the Court of Justice of the European Union (CJEU) in the Schrems II case … Continue Reading

The Law Commission is looking at smart contracts and digital assets: Is the law ready?

Smart contracts and digital assets are becoming increasingly common in a variety of industries. Nevertheless, is the law ready for them? Following the publication of the Legal statement on the status of cryptoassets and smart contracts by the LawTech Delivery Panel, the Law Commission has launched two projects to analyse how English law can be reformed … Continue Reading

Federal judge dismisses data-related antitrust claims in hiQ Labs, Inc. v. LinkedIn Corp.

On September 9, a federal judge in California dismissed claims brought by hiQ Labs, Inc. (hiQ) against LinkedIn Corp. (LinkedIn) that alleged that LinkedIn’s attempts to prevent hiQ from accessing public information on its website violated various antitrust laws. In an opinion that will continue to fuel debate over the relationship between antitrust and privacy, … Continue Reading

Illinois Attorney General Kwame Raoul talks to Reed Smith about consumer privacy, biometrics, and data breaches

In a recent Q&A with Illinois Attorney General Kwame Raoul, the first term AG discusses potential changes to data breach laws in Illinois and whether his state could implement a privacy statue similar to the California Consumer Privacy Act (CCPA), the effectiveness of federal data breach legislation, and reasonable steps that businesses could take to … Continue Reading

New DIFC Data Protection Law on the way…Are you ready?

The Dubai International Financial Centre (DIFC) enacted the DIFC Data Protection Law No. 5 of 2020 (the DP Law) July 1, 2020. The DP Law has been designed primarily to bring DIFC’s data protection legal regime in line with international best practices in data privacy laws, in particular the General Data Protection Regulation (GDPR), which … Continue Reading

Customs surveillance of IP rights update from a French perspective

An Economic Operator Registration and Identification (EORI) number, which is used to identify each economic operator in relation to its dealings with EU Customs authorities, will become mandatory for the filing, modification and extension of applications for action, which allow Customs authorities to enforce the customs surveillance of intellectual property rights within the EU on … Continue Reading

Implications for your business due to U.S. Executive Order on WeChat

Michael R. Pompeo, the U.S. Secretary of State, announced the “Clean Network Program” which aims to ban the so-called “untrusted” carriers, applications, mobile application stores, cloud service providers, operators of undersea cables connecting the United States and the global internet on August 5, 2020. Companies that are involved in these businesses, or entities that transact … Continue Reading

Legal framework for influencers in Germany, the United Kingdom and the United States

The COVID-19 pandemic has hit the brand ambassador and influencer industry in different ways. Social media engagement is up. Screen times have increased. Advertising campaigns of brand ambassadors for organizations and influencers might have been adjusted. Self-quarantining audiences have different demands. With the strong trust from their followers, influencers on social media channels such as … Continue Reading

Monetary Authority of Singapore publishes a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector”

The Monetary Authority of Singapore (MAS) published a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector” (the CP) on July 21, 2020. The CP sets out proposals relating to the expansion of supervisory powers by the MAS in a range of important areas, including (among others) additional powers to take enforcement … Continue Reading

Highest German Court invalidates Section 113 of the German Telecommunications Act and abandons service providers’ obligation to grant authorities access to subscriber data

On May 27, 2020, the German Federal Constitutional Court invalidated section 113 of the German Telecommunications Act (TKG) and several accompanying federal law provisions for non-compliance with the German Constitution (case nos. 1 BvR 1873/13 and 1 BvR 2618/13). On July 17, 2020, the Federal Constitutional Court published the fully reasoned judgment as well as a press release outlining the … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2020 Edition)

The Summer 2020 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Access rights vs. data backup Cookie update: Planet49 and cookie walls Double opt-in required under GDPR Update on influencer advertisement German Supreme Court: … Continue Reading

CCPA enforcement letters sent; Supervising Deputy Attorney General offers insight

Although the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, the California Attorney General (AG) was not authorized to begin enforcement until July 1, 2020.  With the pandemic and the delay in finalizing the regulations, it was unclear how or when AG enforcement would begin.  Any such confusion can be dispelled, … Continue Reading

Changes coming to Singapore’s data protection law

It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA). On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA. The proposed changes are significant. Key … Continue Reading

Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong. In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 … Continue Reading

Cybersecurity Maturity Model Certification: New requirements in the near future

Beginning in November 2020, the Department of Defense (DoD) has confirmed that new solicitations will include the new Cybersecurity Maturity Model Certification (CMMC). Despite the impact of COVID-19, this confirmation indicates that the DoD is intent upon ensuring the protection of certain critical information and shoring up protection of its critical networks and supply chain. … Continue Reading

Singapore launches national e-commerce standard

On 12 June 2020, Enterprise Singapore and the Singapore Standards Council launched Technical Reference 76: the first-ever guidelines to set out a national standard for e-commerce transactions. The standard is aimed at boosting the digitalisation of SMEs, as well as the burgeoning e-commerce sector in Singapore. Technical Reference 76 serves as a practical reference for … Continue Reading

Encryption of emails containing personal data – the German supervisory authorities issue guidance

On 26 May 2020, the German Data Protection Authorities (German DPAs) issued guidelines on measures to protect personal data transferred via email (Guidelines; available in Germen here). The Guidelines outline requirements for procedures to send and receive emails that must be met by data controllers, data processors and public email service providers (Email Service Providers) … Continue Reading

The power of AI: How it can combat new issues raised by the novel coronavirus (COVID-19)

Artificial intelligence, or AI, has the ability to process large sets of data. The term “AI” describes algorithms that can be taught to identify patterns or predict outcomes. If the algorithm is primed with a teaching set of data, then it can evaluate new sets of data based on the desired outcome. AI has been … Continue Reading

EDPB publishes opinions on draft decisions of Data Protection Authorities on the accreditation of certification bodies and code of conduct monitoring bodies

On 25 May 2020, the European Data Protection Board (EDPB) issued its opinions on draft decisions of certain national supervisory authorities on certification and code of conduct monitoring bodies’ accreditation requirements. This includes opinions on the draft decisions from supervisory authorities in: Finland, Germany, Ireland, and Italy, on the approval of the requirements for accreditation … Continue Reading

Important signals for national advertisers concerning FTC priorities and enforcement trends

In April, the Federal Trade Commission settled charges against Progressive Leasing, a company that markets virtual rent-to-own payment plans to retail stores nationwide. Unlike traditional rent-to-own companies, Progressive does not operate its own brick-and-mortar stores. Instead, Progressive markets its rent-to-own payment plans to consumers who shop at certain retail stores or websites, primarily those in … Continue Reading

Belgian DPA fines company €50,000 for appointing DPO with conflicting role

On 28 April 2020, the Belgian data protection authority (DPA) fined a company €50,000 for having appointed its head of compliance, risk and audit as its data protection officer (DPO). The DPA’s decision is only available in Dutch (here) and in French (here). What was the breach? The reason for the fine was not that the DPO had … Continue Reading
LexBlog