The European Commission is considering amending the existing rules for the financial sector regarding digital operational resilience, with a view to unifying and strengthening the legal framework in this area. The proposed change to legislation would amend the existing Network and Information Security (NIS) Directive and create a new regulation on digital operational resilience, known … Continue Reading
On April 21, 2021, a draft proposed European regulation on artificial intelligence (AI) (Regulation) was released following the European Commission’s white paper “On Artificial Intelligence – A European approach to excellence and trust”, published in February 2020. The regulation shows that the European Union is seeking to establish a legal framework for AI by laying … Continue Reading
In a ruling on April 22, 2021, the United States Supreme Court unanimously held that § 13(b) of the Federal Trade Commission Act (the Act) does not authorize the Federal Trade Commission (FTC) to seek, or a court to award, equitable monetary relief such as restitution or disgorgement. The FTC previously used § 13(b) as a … Continue Reading
In a recent Q&A conducted by Divonne Smoyer and Karen Lee Lust with Connecticut Attorney General (AG) William Tong published in the IAPP Privacy Advisor, the AG discusses how he has continued Connecticut’s role as a privacy leader among the states, partnering with the U.S. Federal Trade Commission on data privacy-related matters and other compliance … Continue Reading
A new proposed federal rule, “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers,” could impose accelerated notification requirements on banking organizations and their service providers when notification incidents (as defined in the proposed rule) occur. The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal … Continue Reading
On March 29, 2021, the Financial Conduct Authority (FCA) published final rules that will create a new operational resilience framework for banks, building societies, solvency II firms, recognized investment exchanges, enhanced scope senior managers and certification regime firms, and those authorized or registered under the Payment Services Regulations 2017 or Electronic Money Regulations 2011. The … Continue Reading
On March 12, 2021, the French Council of State (Conseil d’Etat), the highest French administrative court, handed down a ruling (ordonnance des référés) allowing Doctolib, a company in charge of booking COVID-19 vaccination appointments, to rely on a U.S.-based health data host. In the present case, the servers of Doctolib – whose platform had been … Continue Reading
The German Federal Cabinet adopted the Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz – TTDSG, available here) on February 10, 2021. The TTDSG, among other things, provides new rules on cookies and similar technologies (Cookies), introducing only two categories of Cookies: (1) strictly necessary Cookies and (2) consent-based Cookies. The legal basis of legitimate interests … Continue Reading
In this episode, Sarah Bruno and LiLing Poh discuss recent trends as organizations invest more in technology through the acquisition of new platforms or programs, or by working with a vendor to bring a product to market. Exploring a case study involving a global pharmaceutical company on the rollout of a health-related digital app, they … Continue Reading
The Virginia legislature, which adjourned its annual legislative session last week, passed the second state-level consumer data privacy law in the nation. The Virginia Consumer Data Protection Act (CDPA) was signed into law by Virginia Governor Ralph Northam on March 2, 2021, and will go into effect January 1, 2023. Virginia joins California as the … Continue Reading
The Winter 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Strengthening fair competition – changes to the law against unfair competition Cologne Regional Court on the broad concept of the right to access … Continue Reading
Virginia’s governor, Ralph Northam, signed the Virginia Consumer Data Protection Act (CDPA) into law on March 2, 2021. The CDPA is set to take effect on January 1, 2023, and is the second most comprehensive consumer privacy law to be enacted in the United States behind the California Consumer Privacy Act (CCPA), recently amended by … Continue Reading
When the Maryland General Assembly overrode a gubernatorial veto on Friday, February 12, 2021, it became the first state in the U.S. to place a tax on digital advertising services. Much remains to be seen as both chambers of Maryland’s General Assembly consider amendments to the new law and challenges make their way through the … Continue Reading
In a recent Q&A with Tennessee Attorney General (AG) Herbert Slatery, the eight-year term AG discusses how he makes consumer protection, including privacy and cybersecurity issues, a top priority for Tennessee citizens and businesses. AG Slatery shares his thoughts on privacy on a multi-state state level, the prospect of standards of enforcement for technology companies, … Continue Reading
The Singapore government introduced a bill into parliament to amend the Electronic Transactions Act (ETA) (Cap. 88) (ETA) on January 4, 2021. The amendments set out in the Electronic Transactions (Amendment) Bill will be of relevance to the trade and commodities finance and fintech sectors as their primary object is to achieve recognition and equivalence … Continue Reading
In a recent Q&A with Colorado Attorney General (AG) Phil Weiser, the first term AG discusses how he makes data privacy and cybersecurity accessible and interesting to his Colorado constituents. AG Weiser also explains the role of Colorado’s interdisciplinary Data Privacy and Security Impact Team and how its implementation has benefitted the state. Lastly, AG … Continue Reading
The Fall 2020 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: 1. Data transfers following Schrems II 2. German Supreme Court: Relationship between the GDPR and the German Act on the Protection of Copyrights … Continue Reading
The protection afforded by attorney-client privilege brings about a candid conversation between lawyers and clients. Privilege can attach to communications covering a variety of topics, from responding to a data subject access request (DSAR) to handling a security incident or managing complex and time consuming investigations on a multinational scale. Different privilege rules may apply … Continue Reading
The Interstate Treaty on Media (Medienstaatsvertrag – MStV) has finally been ratified by all 16 German federal states and can now enter into force. On 28 October 2020, the Parliament of Mecklenburg-Vorpommern – the last German federal state to ratify the MStV – adopted the Act ratifying the MStV. Ratification of the MStV by all … Continue Reading
In a recent Q&A with Nevada Attorney General (AG) Aaron Ford, the first term AG discusses Nevada’s new data privacy law (Senate Bill 220), which provides consumers with a right to opt out of the sale of their data. AG Ford also outlines his perspective on federal privacy law and his office’s data breach enforcement … Continue Reading
On September 9, Senator Reuven Carlyle (D-WA) presented an updated draft of the Washington Privacy Act (WPA), suggesting that the WPA will be up for consideration in Washington State’s 2021 legislative session. The next legislative session is scheduled to convene on January 11, 2021, at which point the fate of the WPA will again be in the … Continue Reading
The Personal Data Protection (Amendment) Bill (Bill) was introduced and read for the first time in Parliament on October 5, 2020 The Bill proposes significant changes to Singapore’s Personal Data Protection Act 2012 (PDPA). The amendments seek to keep Singapore’s data protection laws up to date with evolving technology developments, as well as global regulatory … Continue Reading
The German data protection authority of the federal state of Baden-Württemberg (LfDI BW) has issued detailed guidance (Guidance) on international data transfers this August and September. This is the first official guidance by a data protection authority following the decision of the Court of Justice of the European Union (CJEU) in the Schrems II case … Continue Reading
Smart contracts and digital assets are becoming increasingly common in a variety of industries. Nevertheless, is the law ready for them? Following the publication of the Legal statement on the status of cryptoassets and smart contracts by the LawTech Delivery Panel, the Law Commission has launched two projects to analyse how English law can be reformed … Continue Reading