Category

Legislation

09 May 2017

Sidley’s Third Annual Privacy and Cybersecurity Roundtable

On April 18 in the DC office, Sidley hosted the firm’s third annual Privacy and Cybersecurity Roundtable for over 70 clients. Speakers included a senior representative of the European Data Protection Supervisor, senior officials from the Office of the New York State Attorney General and the Federal Trade Commission, legal, policy and compliance leaders from Facebook and Gannett, along with several members of the firm’s privacy, securities law and governance groups. (more…)

SHARE
EmailPrintShare
03 May 2017

New German Federal Data Protection Act Passed by German Parliament; Provisions Could Conflict with GDPR Undermining Uniformity

On 27 April 2017 the German Parliament passed the new Federal Data Protection Act (the Bundesdatenschutzgesetz or “new BDSG”) which from 25 May 2018 will replace the current German Data Protection Act. The new BDSG adapts German law in line with the EU’s new General Data Protection Regulation (the “GDPR”). The GDPR has direct effect in EU members states, but it allows member states to pass legislation which supplements the GDPR but is consistent with it.

(more…)

SHARE
EmailPrintShare
17 April 2017

EU Lawmakers Say That Privacy Shield Deficiencies Must Be Fixed Urgently

On 6th April, 2017, the European Parliament adopted a resolution stating that there are deficiencies in the EU-US data transfer accord Privacy Shield which must be “urgently resolved” in order to give citizens and companies legal certainty. MEPs called on the EU Commission to conduct an assessment and to ensure that the Privacy Shield complies sufficiently with the EU Charter of Fundamental Rights and new EU data protection rules. (more…)

SHARE
EmailPrintShare
10 April 2017

New Mexico Enacts Breach Notification and Data Security/Secure Disposal Law, While Tennessee Clarifies Encryption Exception

New Mexico has become the 48th state to enact a data breach notification law, which also includes data security requirements. The Data Breach Notification Act, signed by Governor Martinez on April 6, 2017, requires notification within 45 days of discovery of a security breach, or “unauthorized acquisition” of computerized personal information, subject to the needs of law enforcement. A security breach is also limited to unencrypted data or encrypted data when the decryption key is compromised. Personal data protected by the law includes Social Security numbers, driver’s license numbers, government-issued identification numbers, account, credit card or debit card number paired with the security code or other pin, and biometric data.

(more…)

SHARE
EmailPrintShare
04 April 2017

A Farewell to the FCC Broadband Privacy Rules

On April 3, 2017, President Trump signed the bill repealing the Federal Communications Commission’s much-debated broadband privacy rules. The House of Representatives voted 215–205 to disapprove the rules, after a party-line Senate vote of 50–48. The result is that the FCC’s key rules governing internet service providers’ collection and use of consumer data, as well as data security, will not go into effect as scheduled. Moreover, the FCC will be precluded from promulgating any regulation in “substantially the same” form until a future Congress allows such action.

(more…)

SHARE
EmailPrintShare
31 January 2017

2016 Year in Review and 2017 Preview: Top Ten for Data Protection and Privacy

2016 was a year of seismic changes in the global data protection and privacy landscape.  Here, we look back at the top ten events and issues that shaped 2016, and are poised to shape the year ahead as well.

Year In Review

1. GDPR Adoption

On April 14, the European Parliament voted to adopt the long-awaited EU General Data Protection Regulation (GDPR), formally completing adoption of the GDPR. The GDPR was published in the Official Journal of the EU on May 25, 2016, giving companies and Member States until the May 25, 2018 effective date to implement the Regulation fully. In the wake of its adoption, businesses should have planning under way for implementation of the significantly expanded Regulation by evaluating whether they are subject to the expanded jurisdiction, and if so, completing an internal gap analysis of current data protection practices as compared with the new requirements and rights under the Regulation. Some of the key aspects to consider include data breach response planning under the new 72-hour notice requirement, reviewing existing data protection notices and consents for the more robust obligations, identifying current profiling activities and existing data protection and retention policies and procedures, ensuring privacy impact assessments are carried out where required, and evaluating whether there is an obligation to appoint a data protection officer.  Despite the time until the effective date, the extensive preparation necessary to comply presents a challenge as companies around the world refocus resources to develop compliance plans.

2. Political Cyber Warfare

There is a new front in geopolitical battles.  (more…)

SHARE
EmailPrintShare
03 January 2017

ePrivacy Directive – European Commission Publishes Results of Consultation

On 11 April 2016, the European Commission consulted on Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”), seeking input from a wide range of businesses, organizations and individuals on the effectiveness of the ePrivacy Directive and their views for its revision. The European Commission’s review is a key element of its Digital Single Market Strategy, which aims to reinforce trust and security in digital services in the EU.

The European Commission released the results of this consultation on 19 December 2016. The consultation received 421 replies from stakeholders in all Member States and outside the EU, which included 162 replies from citizens; 186 contributions from industry actors; 40 public authorities, including competent authorities which enforce the ePrivacy Directive at national level; 33 contributions from civil society associations. The largest number of respondents came from Germany (25.9%), UK (14.3%), Belgium (10%) and France (7.1%).

(more…)

SHARE
EmailPrintShare
19 December 2016

The Article 29 Working Party Releases Draft Guidelines on Key Elements of the GDPR Including the Right to Data Portability, Data Protection Officers and the Lead Supervisory Authority

On 15 December 2016 the Article 29 Working Party (“WP29”) released draft guidelines and FAQs on key provisions in the EU’s General Data Protection Regulation (“GDPR”). The guidelines cover the right to data portability, data protection officers and the lead supervisory authority. The WP29 has invited comments from stakeholders on the draft guidelines and FAQs. The deadline for comments is January 31, 2017. Although this invitation for comment is directed at the new guidance, some members of the WP29 have expressed interest in comments on additional issues for the WP29 2017 work plan, for which guidance has not been issued.

(more…)

SHARE
EmailPrintShare
15 December 2016

Changes to DMCA Safe Harbor Registration Require Action by December 31, 2017

As part of a housekeeping effort, the U.S. Copyright Office issued a final rule that changes the designated agent mechanism protecting online service providers from certain copyright infringement liability under the Digital Millennium Copyright Act (“DMCA”).  Companies will now have to re-register every three years, and existing registrations will cease to be valid by the end of next year.

(more…)

SHARE
EmailPrintShare
02 December 2016

European Commission adopts its Work Programme for 2017; includes focus on Digital Single Market Strategy and General Data Protection Regulation

On October 25, 2016 the European Commission (the “Commission“) adopted its 2017 Work Programme (the “Work Programme”) which sets out what the Commission intends to do over the next 12 months. The Work Programme is the third to be presented under Jean-Claude Junker’s presidency of the Commission and will also be the first Work Programme to be adopted following consultation with the European Parliament (the “Parliament“) and the European Council (the “Council“).

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator