Archives: Regulatory

Subscribe to Regulatory RSS Feed

Rise of AI poses new regulatory challenges

Companies that employ algorithms, machine learning and artificial intelligence (AI) in their day-to-day business may face increased attention from federal antitrust and consumer protection regulators in the future. On November 13–14,  the Federal Trade Commission (FTC) addressed this topic in their hearings on “Competition and Consumer Protection in the 21st Century.” The panelists, an assembly … Continue Reading

UK government introduces Data Retention and Acquisition Regulations 2018

The Data Retention and Acquisition Regulations 2018 (the regulations) entered into force on 31 October 2018. The regulations concern the retention of communications data by telecommunications and postal operators and the acquisition of communications data by public authorities. “Communications data” means data concerning a communication transmission, but not the content of the communication. For example, … Continue Reading

Federal Court deals SEC a setback in Blockvest ICO litigation

On November 28, 2018, the U.S. Securities and Exchange Commission’s (SEC) request for a preliminary injunction against Defendants Blockvest, LLC (Blockvest) and Blockvest’s founder and chairman Reginald Buddy Ringgold, III (Ringgold) was denied by United States District Court for the Southern District of California. Blockvest and Ringgold were offering and selling unregistered securities in the … Continue Reading

Regulating the tech giants

“2018 was the year that people have woken up to the importance of privacy and have begun to bite back at big tech”. This was the view expressed by James Dipple-Johnstone, Deputy Commissioner (Operations) at the UK Information Commissioner’s Officer (ICO), during his recent speech at the Institute of Directors in London. The speech focused … Continue Reading

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

SEC settles two ICO enforcement actions

The U.S. Securities and Exchange Commission (SEC) recently settled two initial coin offering (ICO) enforcement actions grounded on the sale of unregistered securities. The two settlements, one with CarrierEQ Inc. (or AirFox) and the other with Paragon Coin Inc., are the first time the SEC has imposed civil penalties on companies solely for offering digital … Continue Reading

German State Media Authorities issue new guidance paper on marking adverts on social media

Recently, the German media regulators, the State Media Authorities (Landesmedienanstalten), issued a joint guidance paper on marking adverts on social media, which is available in German language here (Leitfaden der Medienanstalten, Werbekennzeichnung bei Social Media-Angeboten; “Guidance Paper”). The Guidance Paper replaces the State Media Authorities’ earlier FAQs. It is intended to help organisations and individuals … Continue Reading

ICC updates marketing and advertising code to account for the digital world

The International Chamber of Commerce (ICC) has revised its code of conduct for advertising and marketing (the ICC code) to keep up with the “rapid evolution of technology and technologically-enhanced marketing communications and techniques”. The revised ICC code considers emerging digital marketing and advertising practices, in order to set a “gold standard for modern rule-making … Continue Reading

Highlighting the “SEC” in cybersecurity: Continued regulatory focus on preparedness and response

In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The … Continue Reading

ICO publishes security guidance on encryption and passwords

Earlier this month, the Information Commissioner’s Office (ICO) published security guidance in its guide to the General Data Protection Regulation (GDPR). The guidance focuses specifically on encryption and passwords. It suggests points to be considered during implementation and offers some helpful “dos and don’ts”. Encryption Article 32 of the GDPR specifies encryption as an example of … Continue Reading

Tesco Bank fined £16.4 million for cyber-security failings

The UK Financial Conduct Authority (FCA) announced at the start of last month that it had fined Tesco Bank £16.4 million for a cyber-attack that occurred two years ago. In November 2016, 8,261 personal current accounts at Tesco Bank were compromised. Attackers obtained customers’ debit card details and entered into thousands of unauthorised transactions. This … Continue Reading

The dawn of crypto-asset regulation

Last month (September 2018), the House of Commons Treasury Committee issued a report on its inquiry into the regulation of crypto-assets. The inquiry examined, amongst other subjects, the role of digital currencies in the UK; the impact of distributed ledger (blockchain) technology; and how these should be regulated. The report recommends improvements to consumer and … Continue Reading

Singapore data protection commission fines carpooling service and LAN gaming centre

Two businesses have been fined a total of S$13,000 for breaching Singapore’s data protection law. GrabCar Facts The first decision involved a carpooling service operated by GrabCar through an app. Twenty drivers had their accounts suspended for flouting usage rules for the platform. They were allowed to submit an appeal, by filling a Google form … Continue Reading

An interview with North Carolina AG Josh Stein

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading

Southeast Asian nations to form regional framework for cybersecurity cooperation

The Association of Southeast Asian Nations (ASEAN) announced last week that it will create a rules-based framework for its 10 member states to cooperate on cybersecurity matters. The 10 ASEAN members are Singapore (which is the chair for ASEAN this year), Malaysia, Indonesia, the Philippines, Thailand, Vietnam, Brunei, Myanmar, Laos and Cambodia. Singapore is expected … Continue Reading

September 4, 2018: NYDFS Cybersecurity Regulation Compliance date arrives

As of today, Covered Entities are expected to be compliant with additional provisions under the New York State Department of Financial Services (NYDFS) cybersecurity regulation. A “Covered Entity” is any individual or non-governmental entity “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, … Continue Reading

AGs emphasize consumer protection and privacy expertise in FTC comments

The Federal Trade Commission (FTC) will be holding a series of hearings this fall on “Competition and Consumer Protection in the 21st Century,” with the goal of reflecting on the agency’s powers, and state attorneys general (AGs) want to make sure their voices are heard. A bipartisan group of 29 state AGs filed comments with … Continue Reading

Proposed amendments to the ePrivacy Regulation

On 10 July 2018, the Council of the European Union has published a draft of revisions to the proposed ePrivacy Regulation (ePR). The ePR is likely to come into force in 2019. The ePR will repeal and replace the Privacy and Electronic Communications Directive 2002/58/EC. The ePR will align Europe’s ePrivacy regime more closely with … Continue Reading

EU to create a cybersecurity certification framework

To enhance cyber resilience, the EU is building a certification framework for information and communication technology (ICT) products, services and processes. On 8 June 2018, the Council agreed a Proposal (known as the Cybersecurity Act) to prepare for negotiations with the European Parliament to finalise the text. One of the effects of the Proposal is … Continue Reading

ICO publishes its 2017/2018 Annual Report

The Information Commissioner’s Office (‘ICO’) has published its 2017/2018 Annual Report, covering the 12 months leading up to 31 March 2018. The report is the ICO’s annual report to Parliament as required by the Data Protection Act 1998 (‘DPA’), and outlines the achievements and work of the ICO. Among the findings reported are the number … Continue Reading

ICO issues guidance on hiring and supporting DPOs

The UK Information Commissioner’s Office (ICO) has issued a resource for organizations to utilise when hiring and structuring the roles of data protection officers (DPO) under the General Data Protection Regulation (GDPR). This blog summarises several key elements of these resources. DPO checklist The checklist contains four sections which include: Appointing a DPO – across … Continue Reading

EU’s GDPR applied to promotion marketing

The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules … Continue Reading

Data Protection Act 2018 comes into force

On 23 May 2018, the Data Protection Act 2018 (DPA) received royal assent and became UK law. The DPA implements the EU’s General Data Protection Regulation (GDPR), while providing for certain permitted derogations, additions and UK-specific provisions. The DPA: Repeals and replaces the previous Data Protection Act 1998 (the 1998 Act) as the primary piece … Continue Reading
LexBlog