On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook.

The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the grounds of consumer protection for France

The DGCCRF issued an injunction to Facebook requiring either revising or removing certain clauses of its Terms and Conditions which would be considered as unfair and “abusive” terms under French consumer law. This concerns in particular provisions granting Facebook the right, in its sole discretion, to remove any content or information posted by Facebook users, or to update its Payment Terms at any time without informing the users beforehand. The DGCCRF required Facebook to take appropriate action within 60 days. Otherwise, Facebook can be sued before the French courts.
Continue Reading By jointly tackling Facebook, French regulators set an example to large international digital media companies – First prominent enforcement measure after the Safe Harbor invalidation

Anthony Albanese, the head of the New York Department of Financial Services, issued a letter to more than 20 federal and state regulators outlining proposed cybersecurity regulations for banks and insurance companies operating in New York. While the letter is a request for comment from fellow regulators, it represents a preview of several cybersecurity measures that may soon be required of the financial industry. These measures focus on guaranteeing that banks and insurers establish and maintain a formal cybersecurity program, and hold third-party vendors accountable to following similar cybersecurity practices. Specifically, the letter asks for comment on eight proposed regulatory requirements:
Continue Reading New York Department of Financial Services Previews Upcoming Cybersecurity Regulations for Banks and Insurers

The Minister of the Malaysian Communications and Multimedia Commission (the Minister) has announced by Gazette that Malaysia’s Personal Data Protection Act 2010 (the PDPA) will finally take effect as of 15 November 2013, introducing a privacy regime in Malaysia for the first time. To accompany this announcement, a series of regulations have been issued to

The UK’s data protection authority, Information Commissioner’s Office (ICO), commissioned an independent survey investigating the understanding of the proposed EU data protection reform and associated costs. The survey involved 506 organisations, and one of the key findings is that as a general rule, businesses do not understand the implications of the proposed General Data Protection

This post was written by Cynthia O’Donoghue.

The date of the first binding vote by the Civil Liberties, Justice and Home Affairs Committee (LIBE) on the proposed General Data Protection Regulation (Regulation), which was initially planned for April-May 2013, has been postponed a second time. During the meeting on May 6, LIBE decided

This post was written by Cynthia O’Donoghue.

On 24 April 2013, the EU Presidency, currently held by Ireland, prepared a Note to the Committee of Permanent Representatives (COREPER) regarding the proposed General Data Protection Regulation (Regulation). The Note was leaked and published on Statewatch’s website. Statewatch is a civil liberties organisation. In the

This post was written by Daniel Kadar.

The French Data Protection Authority (DPA), the CNIL, has expressed its satisfaction on the draft report (the “draft Report”) released by the European Parliament on the new European Data Protection Regulation (the “Regulation”).

One of the major points of concern for the CNIL was that the draft

This post was written by Cynthia O’Donoghue.

The Article 29 Working Party (“Art. 29 WP”), which has already released two opinions (WP191 and WP199) regarding the draft General Data Protection Regulation (“Regulation”), issued a statement and two accompanying annexes addressing some of the most heavily debated elements. This statement addresses relaxation of

The proposed new EU General Data Protection Regulation may need to be watered down. The far-reaching proposed draft, which was published in January 2012, aims to unify and strengthen the data protection laws across the 27 EU countries. However, the Financial Times reports that a memo drafted by the Irish presidency admits that “several member

This post was written by Cynthia O’Donoghue.

Following the lead of the Committee on Civil Liberties, Justice and Home Affairs (LIBE), which already released its draft report (see our prior blog) 20 February, the European Parliament Committee on Industry, Research and Energy (ITRE Committee) published its Draft Opinion on the proposed General