On February 26, 2019, the Federal Trade Commission’s (FTC) Bureau of Competition announced a new Technology Task Force, which will monitor anticompetitive conduct in U.S. technology markets “to ensure consumers benefit from free and fair competition.” With the consumer protection agency already a chief arbiter of privacy enforcement in the tech sector, the new task … Continue Reading
On 26 February 2019, the European Data Protection Supervisor (EDPS), Giovanni Buttarelli, published his first annual report since the General Data Protection Regulation (GDPR) came into force last year. This is a short overview of some of the key themes in the EDPS’s annual report: Overview of 2018: GDPR: This is the first annual report of … Continue Reading
On 11 March 2019, the Personal Data Protection Commission of Singapore (PDPC) issued a set of advisory guidelines for management corporations of strata title plans (MCSTs), which were developed in consultation with Singapore’s Building and Construction Authority. The guidelines provide guidance to MCSTs on complying with Singapore’s Personal Data Protection Act (PDPA), and some key … Continue Reading
BREAKING: California Attorney General Xavier Becerra (AG) announced a proposed series of amendments to the California Consumer Privacy Act (CCPA) that would: Expand consumers’ private right of action to include all alleged violations of their rights under the CCPA; Eliminate businesses’ 30-day opportunity to “cure” alleged violations prior to being subject to civil enforcement by … Continue Reading
On 25 February 2019, Minister for Communications and Information announced that Singapore is considering, as part of an ongoing review of the Personal Data Protection Act (PDPA), introducing a data portability requirement that would confer greater control and rights by data subjects over the movement of their personal data across service providers. In connection with … Continue Reading
Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (BIPA) stands out among state biometrics statutes nationwide in that it includes a private right of action for anyone “aggrieved” by a private entity’s failure to comply with BIPA’s compliance requirements. The Illinois Supreme Court recently ruled that a plaintiff may assert that they are … Continue Reading
On 12 February 2019, the European Data Protection Board (EDPB) met for its seventh plenary session. You can see our blog on the full session here. At this session, the EDPB adopted two information notes. The information notes offer guidance on data protection issues in the event of a no-deal Brexit, namely: data transfers generally … Continue Reading
The European Data Protection Board (EDPB) met for its seventh plenary session on 12 February 2019. The session covered many areas of discussion, outlined in the agenda. The four main areas covered, and highlighted in the EDPB’s press release, were: 1. Work programme: The EDPB adopted a two-year work programme, covering 2019-2020. The work programme … Continue Reading
The President has made artificial intelligence technology a policy priority. On February 11, 2019, the President issued an Executive Order to direct most federal executive agencies to promote and protect American advancements in artificial intelligence while working with private industry. The order recognized that public trust in artificial intelligence is an important factor in the … Continue Reading
Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading
On 22 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against COURTS (Singapore) Pte Ltd (Courts), a consumer electronics and furniture retailer in Singapore. The facts of the case were as follows: A complaint was brought by an individual who discovered that his contact number and address were disclosed in an … Continue Reading
On 14 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against Singapore Health Services Pte. Ltd. (SingHealth) and Integrated Health Information Systems Pte. Ltd. (IHiS) for what has been coined the “worst breach of personal data in Singapore’s history”. The unprecedented cyber attack on SingHealth’s patient database system led to the … Continue Reading
On January 3, 2019, Singapore’s Personal Data Protection Commission issued two grounds of decision against Bud Cosmetics and AIG Asia Pacific Insurance Pte Ltd & Toppan Forms (S) Pte Ltd. Bud Cosmetics The facts of this case were as follows: Bud Cosmetics is an organic and natural skincare retailer with retail outlets in Singapore and … Continue Reading
On 13 December 2018, the Singapore data protection commission issued four separate decisions against the following organisations, for breaches of the protection obligation under section 24 of the Personal Data Protection Act 2012 (PDPA): Funding Societies Pte Ltd WTS Automotive Services Pte Ltd Institute of Singapore Chartered Accountants SLF Green Maid Agency Funding Societies The … Continue Reading
Companies that employ algorithms, machine learning and artificial intelligence (AI) in their day-to-day business may face increased attention from federal antitrust and consumer protection regulators in the future. On November 13–14, the Federal Trade Commission (FTC) addressed this topic in their hearings on “Competition and Consumer Protection in the 21st Century.” The panelists, an assembly … Continue Reading
The European Data Protection Board (EDPB) met for its fifth plenary session on 4 and 5 December 2018. The EDPB published a press release, highlighting the three main areas of discussion: EU-Japan draft adequacy decision. The EDPB adopted an opinion on the European Commission’s draft adequacy decision. In adopting its opinion, the EDPB focused on the … Continue Reading
On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading
On November 28, 2018, Singapore’s Personal Data Protection Commission (commission) issued its grounds of decision against Big Bubble Centre (respondent), a sole-proprietorship in the scuba-diving business. The facts of the case were as follows: The complainant was an individual who had worked for the respondent and claimed that he was not paid wages for such … Continue Reading
The European Data Protection Board (EDPB) met for its fourth plenary session on 16 November 2018. The session covered many areas of discussion, outlined in the session’s agenda. The EDPB published a press release, highlighting the three main areas of discussion. EU-Japan draft adequacy decision. The EDPB discussed the draft adequacy decision, which it received … Continue Reading
On 8 November, 2018, Singapore’s Personal Data Protection Commission (PDPC) issued its response to feedback received on a public consultation paper. In that consultation paper, the PDPC had proposed to: merge the Do Not Call provisions in the Personal Data Protection Act 2012 of Singapore (PDPA) and Spam Control Act into a single legislation to … Continue Reading
On 26 September 2018 the Information Commissioner’s Office (ICO) began formal enforcement action against 34 organisations that have failed to pay their data protection fees. Notices of intent have been served on both private and public sector organisations, including the NHS, government organisations, and businesses in recruitment, finance and accountancy. They have until 17 October … Continue Reading
The Federal Trade Commission (FTC) will be holding a series of hearings this fall on “Competition and Consumer Protection in the 21st Century,” with the goal of reflecting on the agency’s powers, and state attorneys general (AGs) want to make sure their voices are heard. A bipartisan group of 29 state AGs filed comments with … Continue Reading
The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules … Continue Reading
The Article 29 Working Party (WP29) adopted, on 11 April 2018, finalized guidelines on transparency (the Guidelines) under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), following its public consultation. Technology Law Dispatch looked at the draft guidance on transparency earlier this year, so this blog focuses on the key issues and what is … Continue Reading
