Tag Archives: privacy

No, we haven’t forgotten about Brexit: UKTF publishes a draft agreement for the future EU-UK partnership

On 18 March, the Task Force for Relations with the United Kingdom (UKTF) of the European Commission published its Draft Text of the Agreement on the New Partnership with the United Kingdom (Draft Agreement). It translates the negotiating directives, approved by Member States, into a legal text, in line with the Political Declaration agreed between … Continue Reading

Singapore proposes significant changes to its data protection law

The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation. Key amendments proposed in the Bill include: Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher. Mandatory data … Continue Reading

Amendments to D.C.’s data breach law create new data security and breach notification obligations for businesses

On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215.  Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents.  Below is a summary of the key changes of which businesses should be aware.… Continue Reading

California relaxes key telehealth regulatory requirements during COVID-19 emergency

On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal … Continue Reading

Vermont Attorney General brings first data broker enforcement action

On March 10, 2020, Vermont Attorney General T.J. Donovan initiated an enforcement action based on Vermont’s new data broker law against Clearview AI, Inc. Vermont’s data broker law, which became effective January 1, 2019, governs data brokers, which it defines as companies that collect and sell or license to third parties the personal information of … Continue Reading

Still working on it – draft CCPA regulations are modified a second time

Last week, on March 11, the California Department of Justice, Office of the Attorney General (AG) released its second set of revisions to its draft regulations under the California Consumer Privacy Act (CCPA). This second set of proposed revisions is based in part on comments received in response to an initial set of proposed revisions … Continue Reading

Georgia AG, FTC and US Chamber Institute for Legal Reform discuss “crazy quilt patchwork” of privacy laws in the US

On March 2, 2020, Reed Smith and the International Association of Privacy Professionals (IAPP) presented a panel discussion on 2020 privacy laws and trends featuring Attorney General Christopher Carr of Georgia; Linda Holleran Kopp of the Bureau of Consumer Protection, Division of Privacy and Identity Protection of the Federal Trade Commission (FTC); and Oriana Senatore, … Continue Reading

CCPA litigation is here: putative class action filed for alleged notice and collection violations

Although the California Consumer Privacy Act (CCPA) specifically precludes private lawsuits except for those resulting from certain data breaches, that has not stopped at least one plaintiff from bringing a putative class action based on an alleged CCPA violation. A proposed class action was filed on February 27, 2020, in the Southern District of California … Continue Reading

The growth of Adtech and how it falls into privacy laws’ crosshairs

The onslaught of privacy regulations has impacted every industry and, while it seems that no industry can be flat footed – from auto manufacturers to ecommerce platforms – one in particular has had to remain especially nimble: the advertising technology (Adtech) industry.  The Adtech industry has struggled with privacy regulations, including the CCPA, but it … Continue Reading

Wisconsin representative proposes “groundbreaking” data privacy law modeled after GDPR, including statutory penalties up to $20 million or 4 percent of total annual revenue

A trio of consumer data privacy bills modeled after Europe’s General Data Protection Regulation (GDPR) has been introduced in the Wisconsin State Assembly. The three bills, collectively dubbed the Wisconsin Data Privacy Act (WDPA), were sponsored by Republican State Representative Shannon Zimmerman, who is seeking to make Wisconsin “the most consumer-friendly state in our nation … Continue Reading

2020 could be a monumental year for adtech

With the California Consumer Privacy Act (CCPA) coming into effect on January 1 and the announcement on 14 January from Google that it will be phasing out third party cookies within the next two years, it seems that 2020 will be a significant year for the adtech industry as industry players react with solutions and … Continue Reading

Uncertainty persists in biometric litigation

Companies facing class action litigation stemming from Illinois’ Biometric Privacy Act, 740 ILCS 14/1 et seq. (BIPA), will not get conclusive guidance from the U.S. Supreme Court on the issue of Article III standing. Despite the substantial increase in BIPA class actions filed between 2018 and 2019, and amici briefs imploring the Supreme Court to … Continue Reading

Maryland Attorney General Brian Frosh talks to Reed Smith about privacy and consumer protection

Reed Smith IP, Tech & Data attorneys Divonne Smoyer and Alexis Cocco conducted an in-depth Q&A with Maryland Attorney General Brian Frosh. During the interview, he discusses his priorities for data privacy and security for Maryland, including his hopes for future legislation in both Maryland and federally. AG Frosh is currently in his second term … Continue Reading

Bipartisan proposals, FTC review signal likely changes to COPPA

With newly proposed legislation, the House has joined the Senate in introducing bipartisan legislation making changes to the Children’s Online Privacy Protection Act (COPPA). This pending legislation, when combined with the Federal Trade Commission’s (FTC) ongoing COPPA review and workshop, foreshadows expanded COPPA protections, especially for teenagers between 13 and 15 years of age. In … Continue Reading

Biometric privacy: The year in review and looking toward 2020

2019 signalled significant growth in both regulatory focus and litigation involving biometric privacy. The passage of the California Consumer Privacy Act (CCPA), the addition of biometrics to numerous state data breach notification laws (including New York), and continued class action lawsuits emanating from Illinois’ Biometric Information Privacy Act (BIPA) made biometrics a trend line in … Continue Reading

An FAQ guide to data breach notifications in Singapore

Singapore’s Personal Data Protection Commission (PDPC) has announced that data breach notification will soon become mandatory in Singapore. However, not all breaches need to be reported. We have prepared this guide to aid businesses in understanding when, to whom and how to notify should they encounter a data breach. As further guidance and details on … Continue Reading

Advocate General gives opinion on Schrems II: an early Christmas present?

Today, the Advocate General Henrik Saugmandsgaard Øe (AG) published his opinion on a case brought by privacy rights activist, Max Schrems (C-311/18, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems) (Schrems II). The case concerns the validity of the standard contractual clauses (SCCs). The Court of Justice of the European Union (CJEU) press release … Continue Reading

A snapshot comparison of data protection certifications in Singapore

Increasingly, businesses are looking to adopt data protection certifications and standards for myriad reasons, including enhancing consumer trust, demonstrating compliance when contracting with partners and managing regulatory risk. We have prepared a high-level comparison to guide Singapore businesses in determining which certification or certifications could be the best fit. ISO/IEC 27701:2019 Who can apply: All … Continue Reading

New requirements for Singapore banks to include provisions in service contracts on protection of customer data

On 4 November 2019, Singapore’s Parliament published a draft amendment to the Banking Act. Under the amendment, all banks will be required to evaluate the ability of their service providers (whether these be a branch or office, or an external party) to: (a) safeguard the confidentiality and integrity, and ensure the availability, of the banks’ … Continue Reading

Updated draft of ePrivacy Regulation – Finnish presidency of the Council of the EU aims for final text by the end of the year

The Finnish presidency of the Council of the EU (Finnish Presidency) released an updated draft of the Regulation on Privacy and Electronic Communications (ePrivacy Regulation) on October 30, 2019 (available here). The Working Party on Telecommunications and Information Society (WP TELE) will discuss the new draft at its meeting on November 7, 2019. Amendments put … Continue Reading

ICO blogs on AI and data subject rights

On 15 October 2019, the Information Commissioner’s Office (ICO) released the latest in its series of blogs on developing its framework for auditing artificial intelligence (AI). The blog (here) focuses on AI systems and how data subjects can exercise their rights of access, rectification and erasure in relation to such systems. Below, we summarise some … Continue Reading

At odds no more: can regulatory collaboration bring innovation and data privacy closer together?

In July 2019, the UK’s Financial Conduct Authority (FCA) held a week-long Global Anti-Money Laundering and Financial Crime TechSprint (FCA TechSprint) event. The FCA TechSprint looked at ways to effectively combat financial crime and money laundering within the financial services industry. On 16 October 2019, the Information Commissioner’s Office (ICO) released a blog (here) that … Continue Reading

Courts continue to consider intersection of Fourth Amendment and technology: without a warrant, retrieval of car’s electronic data unconstitutional, but surveillance on hunting property permissible

The Fourth Amendment has received significant attention in recent court rulings involving surveillance, electronic data retrieval, and other types of technology. Two rulings issued on October 21, 2019 demonstrate how difficult it can be to anticipate the outcome of Fourth Amendment disputes relating to technology. In one, the Georgia Supreme Court found the warrantless search … Continue Reading

California attorney general issues draft CCPA regulations

On October 10, 2019, California Attorney General Xavier Becerra issued proposed regulations implementing and interpreting the California Consumer Privacy Act (CCPA). The draft regulations address privacy policies, consumer notices, practices for handling consumer requests, ways to verify consumer requests, requirements regarding minors, and rules governing nondiscrimination practices. The regulations are currently in draft form, with … Continue Reading
LexBlog