Archives: Regulatory

Subscribe to Regulatory RSS Feed

EDPB publishes opinions on draft decisions of Data Protection Authorities on the accreditation of certification bodies and code of conduct monitoring bodies

On 25 May 2020, the European Data Protection Board (EDPB) issued its opinions on draft decisions of certain national supervisory authorities on certification and code of conduct monitoring bodies’ accreditation requirements. This includes opinions on the draft decisions from supervisory authorities in: Finland, Germany, Ireland, and Italy, on the approval of the requirements for accreditation … Continue Reading

Important signals for national advertisers concerning FTC priorities and enforcement trends

In April, the Federal Trade Commission settled charges against Progressive Leasing, a company that markets virtual rent-to-own payment plans to retail stores nationwide. Unlike traditional rent-to-own companies, Progressive does not operate its own brick-and-mortar stores. Instead, Progressive markets its rent-to-own payment plans to consumers who shop at certain retail stores or websites, primarily those in … Continue Reading

Belgian DPA fines company €50,000 for appointing DPO with conflicting role

On 28 April 2020, the Belgian data protection authority (DPA) fined a company €50,000 for having appointed its head of compliance, risk and audit as its data protection officer (DPO). The DPA’s decision is only available in Dutch (here) and in French (here). What was the breach? The reason for the fine was not that the DPO had … Continue Reading

ICO finalises guidance on explaining decisions made with AI

Late last year, we reported that the Information Commissioner’s Office (ICO) had published draft guidance for assisting organisations with explaining decisions made about individuals using with AI. Organisations that process personal data using AI systems are required under the GDPR to provide an explanation of the logic involved, as well as the significance and the … Continue Reading

Singapore proposes significant changes to its data protection law

The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation. Key amendments proposed in the Bill include: Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher. Mandatory data … Continue Reading

Seventh Circuit’s ruling in beer king’s dispute trumpets a cautionary note for false advertising claims between competitors

The Seventh Circuit’s recent decision on May 1, 2020 in the hotly contested dispute between Molson Coors Beverage Company USA LLC (Molson Coors) (maker of Miller Lite and Coors Light beers) and Anheuser-Busch Companies LLC (Anheuser-Busch) (maker of Bud Light beers) sounds a cautionary note for future parties contemplating a false advertising claim – look … Continue Reading

EU Blockchain Observatory and Forum explores the convergence of blockchain, AI, and the IoT

The European Union Blockchain Observatory and Forum, on 21 April, published a report examining how blockchain can be combined with two other important emerging technologies – the Internet of Things (IoT) and artificial intelligence (AI) – to complement each other and build new kinds of platforms, products, and services. The report first looks at the … Continue Reading

EDPB’s new guidelines relieve concerns over processing health data for scientific research

The novel coronavirus pandemic has created an immediate and immense need for scientific research. Amid this urgency, the European Data Protection Board (EDPB), during its twenty-third plenary session held on April 21, adopted guidelines to shed light on legal questions concerning the use of health data (pursuant to article 4(15) of the General Data Protection … Continue Reading

Remember to consent in the time of COVID-19

In a world where we have been ordered to stay home and shelter in place to combat the spread of COVID-10 our children are now learning remotely. While it is fortunate that technology allows students to continue the school year at home, remote learning presents an obstacle where children’s privacy is concerned. In the United … Continue Reading

Amendments to D.C.’s data breach law create new data security and breach notification obligations for businesses

On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215.  Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents.  Below is a summary of the key changes of which businesses should be aware.… Continue Reading

California relaxes key telehealth regulatory requirements during COVID-19 emergency

On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal … Continue Reading

German government introduces new bill to amend Germany’s Hate Speech Act, establishing new requirements for social networks and video-sharing platforms

On April 1, 2020, Germany’s federal government published a new draft bill to amend the German Hate Speech Act (Netzwerkdurchsetzungsgesetz – “NetzDG”; see also our earlier blog of October 2, 2017). The draft bill (“Bill”) is available in German here. The Bill will introduce a number of improvements for users of social networks. It will … Continue Reading

FCC issues guidance on the TCPA’s “emergency purposes exception” based on the COVID-19 pandemic

The Telephone Consumer Protection Act (the TCPA) restricts telemarketing and the use of automated telephone equipment for phone calls, faxes, and text messages. The TCPA provides a private right of action and significant statutory penalties, and therefore is an area of significant risk for any company that communicates with its customers, particularly by phone or … Continue Reading

Final blow to the UPC project? German law ratifying UPCA is void

European countries have pursued the project of creating a Unitary Patent and a Unified Patent Court (UPC), since the early seventies. Success seemed within reach in 2013 when the international Agreement on a Unified Patent Court (UPCA) was concluded and subsequently ratified by several states. However, in 2017 the project came to a grinding halt … Continue Reading

U.S. Department of Health and Human Services issues final rules expected to transform how certain stakeholders share patient information

The U.S. Department of Health and Human Services (HHS) released companion interoperability and information blocking final rules that will significantly impact the way in which certain health care providers, health information technology (IT) developers, and health plans share patient information. For a discussion on major provisions of these rules, please read our post on our … Continue Reading

Singapore data protection law FAQ for employers

Since coming into effect in 2014, Singapore’s personal data protection law has been active enforcing the law since its passing. The law applies to all organizations operating in Singapore, regardless of their size and the nature of their business. Companies that employ personnel in Singapore must take note of how Singapore data protection law applies … Continue Reading

Vermont Attorney General brings first data broker enforcement action

On March 10, 2020, Vermont Attorney General T.J. Donovan initiated an enforcement action based on Vermont’s new data broker law against Clearview AI, Inc. Vermont’s data broker law, which became effective January 1, 2019, governs data brokers, which it defines as companies that collect and sell or license to third parties the personal information of … Continue Reading

Still working on it – draft CCPA regulations are modified a second time

Last week, on March 11, the California Department of Justice, Office of the Attorney General (AG) released its second set of revisions to its draft regulations under the California Consumer Privacy Act (CCPA). This second set of proposed revisions is based in part on comments received in response to an initial set of proposed revisions … Continue Reading

Georgia AG, FTC and US Chamber Institute for Legal Reform discuss “crazy quilt patchwork” of privacy laws in the US

On March 2, 2020, Reed Smith and the International Association of Privacy Professionals (IAPP) presented a panel discussion on 2020 privacy laws and trends featuring Attorney General Christopher Carr of Georgia; Linda Holleran Kopp of the Bureau of Consumer Protection, Division of Privacy and Identity Protection of the Federal Trade Commission (FTC); and Oriana Senatore, … Continue Reading

A legal outlook on the three most common barriers to upgrading archiving technology

Modern businesses have a more global reach than ever before. Technology has fundamentally changed the way employees work, communicate and collaborate. While global connectivity offers businesses opportunities, it also creates substantial challenges when it comes to archiving communications. Earlier this month, we co-hosted a thought leadership event in New York City with Smarsh, a multinational … Continue Reading

The growth of Adtech and how it falls into privacy laws’ crosshairs

The onslaught of privacy regulations has impacted every industry and, while it seems that no industry can be flat footed – from auto manufacturers to ecommerce platforms – one in particular has had to remain especially nimble: the advertising technology (Adtech) industry.  The Adtech industry has struggled with privacy regulations, including the CCPA, but it … Continue Reading

California legislature proposes ‘urgency statute’ to revise CCPA’s health care and research exemptions

As currently drafted, the California Consumer Privacy Act (“CCPA”) leaves many questions unresolved regarding how the law applies to data collected and used in the health care and life sciences industries, particularly in the research context. Clinical research sponsors and other industry participants have raised concerns about how the CCPA may impede care delivery and … Continue Reading

Wisconsin representative proposes “groundbreaking” data privacy law modeled after GDPR, including statutory penalties up to $20 million or 4 percent of total annual revenue

A trio of consumer data privacy bills modeled after Europe’s General Data Protection Regulation (GDPR) has been introduced in the Wisconsin State Assembly. The three bills, collectively dubbed the Wisconsin Data Privacy Act (WDPA), were sponsored by Republican State Representative Shannon Zimmerman, who is seeking to make Wisconsin “the most consumer-friendly state in our nation … Continue Reading

First decision on qualification of Bitcoins made by German tax court

On July 20, 2019 the German tax court for the federal states of Berlin and Brandenburg published the first decision of a German tax court on the qualification of “bitcoins” in a provisional legal protection procedure. The court confirmed that a bitcoin qualifies as an “asset” for German taxation and (tax) accounting purposes. At the … Continue Reading
LexBlog