Archives: Regulatory

Subscribe to Regulatory RSS Feed

Comprehensive data privacy legislation introduced in Massachusetts – includes private right of action without a need to prove harm

By Mark Quist on Posted in Privacy & Data Protection, Regulatory
Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading

German supervisory authority audited 40 websites on the use of tracking tools – and none of them was compliant

By Dr. Philipp Süss, Dr. Thomas Fischl, Dr. Andreas Splittgerber and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Bavarian Data Protection Authority (‘Bavarian DPA’) audited major Bavarian websites for their use of tracking tools on Safer Internet Day. It calls its findings “desolate”. None of the tracking tools were implemented in a compliant manner. Audit by the Bavarian DPA Tracking and the requirements for using cookies have been a highly debated topic … Continue Reading

Singapore announces series of initiatives to boost cybersecurity in the telecoms sector

By Charmian Aw on Posted in Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
Singapore has set up a new Telecom Cybersecurity Strategic Committee (TCSC) to develop a plan to tackle ‘next-generation cyber threats’ in the telecommunications sector. The committee is expected to publish a strategy report and outline a roadmap for telecommunications operators to develop cybersecurity capabilities later in 2019. The report and roadmap will include recommendations for … Continue Reading

First sanction decision rendered by the CNIL under the GDPR: GDPR awareness 2.0 has begun

By Daniel Kadar and Laetitia Gaillard on Posted in Big Data, Cookies, Tracking & Online Behavioral Advertising, Global Data Transfers, Privacy & Data Protection, Regulatory
In an interview dated February 2018,[1] Isabelle Falque-Pierrotin, at the Head of the French data protection authority (CNIL), stated that the CNIL would adopt a flexible and pragmatic approach from May 2018 onwards when controlling compliance with data protection requirements. The first decision of sanction rendered by the CNIL on Monday January 21, 2019, which … Continue Reading

Data brokers begin 2019 with new Vermont law

By Jason Gordon and Jillian Petrera on Posted in Regulatory
A new Vermont law enforcing data security and annual disclosure obligations on data brokerage companies (e.g., Acxiom, Experian, Epsilon) came into effect on January 1, 2019.  Data brokers are required to register annually with the Vermont Attorney General and pay an annual registration fee.  Annually, data brokers must release information regarding practices related to the … Continue Reading

London as the capital of FinTech

By Howard Womersley Smith on Posted in Privacy & Data Protection, Regulatory
London has historically been considered the centre of European financial services. Now it is also viewed as the capital of financial technology (FinTech). However, with the likelihood of a no-deal Brexit becoming ever more real, and increasing attempts to lure FinTech firms to the continent, London’s title is under threat. London provides a haven where … Continue Reading

Rise of AI poses new regulatory challenges

By Jennifer Driscoll, John P. Feldman and Karl Herrmann on Posted in Regulatory
Companies that employ algorithms, machine learning and artificial intelligence (AI) in their day-to-day business may face increased attention from federal antitrust and consumer protection regulators in the future. On November 13–14,  the Federal Trade Commission (FTC) addressed this topic in their hearings on “Competition and Consumer Protection in the 21st Century.” The panelists, an assembly … Continue Reading

UK government introduces Data Retention and Acquisition Regulations 2018

By Cynthia O’Donoghue and Katalina Bateman on Posted in Regulatory
The Data Retention and Acquisition Regulations 2018 (the regulations) entered into force on 31 October 2018. The regulations concern the retention of communications data by telecommunications and postal operators and the acquisition of communications data by public authorities. “Communications data” means data concerning a communication transmission, but not the content of the communication. For example, … Continue Reading

Federal Court deals SEC a setback in Blockvest ICO litigation

By C. Neil Gray, Herbert Kozlov and Jessica R. Stumacher on Posted in Regulatory
On November 28, 2018, the U.S. Securities and Exchange Commission’s (SEC) request for a preliminary injunction against Defendants Blockvest, LLC (Blockvest) and Blockvest’s founder and chairman Reginald Buddy Ringgold, III (Ringgold) was denied by United States District Court for the Southern District of California. Blockvest and Ringgold were offering and selling unregistered securities in the … Continue Reading

Regulating the tech giants

By Cynthia O’Donoghue and Eleanor Brooks on Posted in Regulatory
“2018 was the year that people have woken up to the importance of privacy and have begun to bite back at big tech”. This was the view expressed by James Dipple-Johnstone, Deputy Commissioner (Operations) at the UK Information Commissioner’s Officer (ICO), during his recent speech at the Institute of Directors in London. The speech focused … Continue Reading

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

By Samuel F. Cullari and Jim Barbuto on Posted in Privacy & Data Protection, Regulatory
On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

SEC settles two ICO enforcement actions

By C. Neil Gray, Herbert Kozlov and Maxwell J. Eichenberger on Posted in Regulatory
The U.S. Securities and Exchange Commission (SEC) recently settled two initial coin offering (ICO) enforcement actions grounded on the sale of unregistered securities. The two settlements, one with CarrierEQ Inc. (or AirFox) and the other with Paragon Coin Inc., are the first time the SEC has imposed civil penalties on companies solely for offering digital … Continue Reading

German State Media Authorities issue new guidance paper on marking adverts on social media

By Dr. Philipp Süss, Dr. Alexander Hardinghaus and Ramona Kimmich on Posted in Cookies, Tracking & Online Behavioral Advertising, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
Recently, the German media regulators, the State Media Authorities (Landesmedienanstalten), issued a joint guidance paper on marking adverts on social media, which is available in German language here (Leitfaden der Medienanstalten, Werbekennzeichnung bei Social Media-Angeboten; “Guidance Paper”). The Guidance Paper replaces the State Media Authorities’ earlier FAQs. It is intended to help organisations and individuals … Continue Reading

ICC updates marketing and advertising code to account for the digital world

By Cynthia O’Donoghue, Howard Womersley Smith and Karen Lee Lust on Posted in Regulatory
The International Chamber of Commerce (ICC) has revised its code of conduct for advertising and marketing (the ICC code) to keep up with the “rapid evolution of technology and technologically-enhanced marketing communications and techniques”. The revised ICC code considers emerging digital marketing and advertising practices, in order to set a “gold standard for modern rule-making … Continue Reading

Highlighting the “SEC” in cybersecurity: Continued regulatory focus on preparedness and response

By Jennifer Achilles and Jim Barbuto on Posted in Data & Cyber Security, Regulatory
In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The … Continue Reading

ICO publishes security guidance on encryption and passwords

By Cynthia O’Donoghue and Eleanor Brooks on Posted in Regulatory
Earlier this month, the Information Commissioner’s Office (ICO) published security guidance in its guide to the General Data Protection Regulation (GDPR). The guidance focuses specifically on encryption and passwords. It suggests points to be considered during implementation and offers some helpful “dos and don’ts”. Encryption Article 32 of the GDPR specifies encryption as an example of … Continue Reading

Tesco Bank fined £16.4 million for cyber-security failings

By Howard Womersley Smith on Posted in Regulatory
The UK Financial Conduct Authority (FCA) announced at the start of last month that it had fined Tesco Bank £16.4 million for a cyber-attack that occurred two years ago. In November 2016, 8,261 personal current accounts at Tesco Bank were compromised. Attackers obtained customers’ debit card details and entered into thousands of unauthorised transactions. This … Continue Reading

The dawn of crypto-asset regulation

By Howard Womersley Smith on Posted in Regulatory
Last month (September 2018), the House of Commons Treasury Committee issued a report on its inquiry into the regulation of crypto-assets. The inquiry examined, amongst other subjects, the role of digital currencies in the UK; the impact of distributed ledger (blockchain) technology; and how these should be regulated. The report recommends improvements to consumer and … Continue Reading

Singapore data protection commission fines carpooling service and LAN gaming centre

By Charmian Aw on Posted in Privacy & Data Protection, Regulatory
Two businesses have been fined a total of S$13,000 for breaching Singapore’s data protection law. GrabCar Facts The first decision involved a carpooling service operated by GrabCar through an app. Twenty drivers had their accounts suspended for flouting usage rules for the platform. They were allowed to submit an appeal, by filling a Google form … Continue Reading

An interview with North Carolina AG Josh Stein

By Divonne Smoyer and Kimberly Chow on Posted in Privacy & Data Protection, Regulatory
Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading

Southeast Asian nations to form regional framework for cybersecurity cooperation

By Charmian Aw and Xiaoyan Zhang on Posted in Regulatory
The Association of Southeast Asian Nations (ASEAN) announced last week that it will create a rules-based framework for its 10 member states to cooperate on cybersecurity matters. The 10 ASEAN members are Singapore (which is the chair for ASEAN this year), Malaysia, Indonesia, the Philippines, Thailand, Vietnam, Brunei, Myanmar, Laos and Cambodia. Singapore is expected … Continue Reading

September 4, 2018: NYDFS Cybersecurity Regulation Compliance date arrives

By Kelley Chittenden on Posted in Regulatory
As of today, Covered Entities are expected to be compliant with additional provisions under the New York State Department of Financial Services (NYDFS) cybersecurity regulation. A “Covered Entity” is any individual or non-governmental entity “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, … Continue Reading
LexBlog