Please click here to access the source post from our Global Regulatory Enforcement Law Blog.

In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR). Recently

The Information Commissioner’s Office (ICO) has published a report on reprimands issued in the second quarter of the year, from April to June 2023. The recent reprimands by ICO shed light on areas of data protection where organizations across the public and private sectors have fallen foul of the UK GDPR and are instructive as to how organisations can improve their practices. Our blog focuses on three key lessons gleaned from these reprimands.Continue Reading Three lessons from ICO’s quarterly enforcement report

The UK Department for Culture, Media and Sport published draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Draft Security Regulations). These regulations fall under the Product Security and Telecommunications Infrastructure Act 2022 (PSTIA) which come into effect on 29 April 2024 and which you can read about in our earlier blog. Part 1 of the PSTIA establishes a regulatory framework that imposes security requirements on manufacturers, importers, and distributors of these products. The Draft Security Regulations outline the specific security requirements for manufacturers.Continue Reading Navigating the Path to Compliance: Takeaways from the New Draft Security Regulations for Connected Devices

With increased digitization of business processes and services affecting all industries and enterprises, the need for accessible digital tools continues to grow. Indeed, 26% of adults living in the United States have some type of disability, highlighting the crucial role accessibility tools serve in ensuring an inclusive digital environment.  Furthermore, in certain instances, the implementation of accessibility best practices may be legally required. We discuss these issues in our most recent Tech Law Talks podcast.Continue Reading Digital Accessibility: Legal & Practical Issues to Consider

In a recent Q&A with Colorado Attorney General (AG) Phil Weiser, the first term AG discusses how he makes data privacy and cybersecurity accessible and interesting to his Colorado constituents. AG Weiser also explains the role of Colorado’s interdisciplinary Data Privacy and Security Impact Team and how its implementation has benefitted the state. Lastly, AG

Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong.

In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 pandemic. The April 2, 2020 promotion post stated: “Dear Teachers: We want to say thank you. During quarantine we see you working harder than ever to educate our children. To show our gratitude, Draper James would like to give teachers a free dress.”

The Instagram post went on to provide further details of the promotion, including that to “apply”, teachers needed to fill out a form  with their name and work email addresses, a photo of their school IDs, the grade level and subjects they teach, as well as their school name and state. In exchange for providing what the teachers alleged to be “sensitive personal, employment information,” teachers thought they would receive a free dress from the brand. While the Instagram post did caveat in a parenthetical that the offer was “valid while supplies last – winners will be notified on Tuesday April 7th” the post did not disclose that only 250 teachers would receive a free dress. The lawsuit claims that the “vague illusory comment” was insufficient to place a reasonable consumer on notice that that this was a sweepstakes or that the brand would “only be making an unreasonably limited number of products available under this offer.”
Continue Reading Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

As businesses and individuals across the globe struggle to adapt to a new normal of remote work and social distancing due to the COVID-19 (a/k/a novel coronavirus) pandemic, they should also be aware of a number of U.S. data privacy and data security implications arising from these changes. In addition, businesses must be cognizant of

According to experts, most New Year’s resolutions fail because sweeping change is difficult. Rather, the best results come from taking small steps. Here are five small steps to take to make sure your directors’ and officers’ (D&O) coverage can tackle potential cyber risks.

  1. Review your coverage program from last year. Endorsements, policy provisions, and pricing

On April 18, 2019, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) requesting comments on proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-012-1. As written, CIP-012-1 will require responsible entities to implement controls to protect communication links and data transmissions in an effort to mitigate cybersecurity risks to communications between