Category

Online Privacy

21 December 2016

ESAs release Consultation Paper on Big Data

On December 19, 2016 the Joint Committee of the European Supervisory Authorities (“ESAs”) launched a public consultation (the “Consultation”) on the potential benefits and risks of Big Data for consumers and financial firms to determine whether any regulatory or supervisory actions will be required. The ESAs are three EU-wide supervisory authorities, the European Banking Authority (“EBA”), European Securities and Markets Authority (“ESMA”) and the European Insurance and Occupational Pensions Authority (“EIOPA”).

(more…)

SHARE
EmailPrintShare
05 December 2016

FCA Outlines its Approach to Cybersecurity in Financial Services Institutions

A recent speech by the Financial Conduct Authority (“FCA”) Director of Specialist Supervision, Nausicaa Delfas, delivered at the Financial Times’ Cyber Security Summit, shows that the FCA, which is the leading financial services regulator in the United Kingdom, is taking the issue of cyber security seriously and that it believes new approaches are needed to combat the threat to financial services firms.

The FCA’s concerns are consistent with those being expressed by US banking regulators and the Group of Seven (G-7) industrial nations who agreed on a set of guidelines to combat cyber risks affecting global financial institutions.

(more…)

SHARE
EmailPrintShare
15 November 2016

China Adopts Cyber Security Law

On November 7, 2016, the Standing Committee of the National People’s Congress of China promulgated the Cyber Security Law of the People’s Republic of China (the “Cyber Security Law”) after three rounds of readings in June 2015, June and October 2016, respectively.  The Cyber Security Law will enter into force on June 1, 2017.  As early as July 1, 2015, the National Security Law of the People’s Republic of China was promulgated, expressly providing that the state shall “safeguard sovereignty and security of cyberspace in the state,” a theme that is reiterated and emphasized in Article 1 of the Cyber Security Law.  The introduction of the concept of “cyber space sovereignty” in the Cyber Security Law echoes the views of President Xi Jinping, who is also the head of the Office of the Central Leading Group for Cyberspace Affairs, and who has stated in February 2014 that “[n]o cyber safety means no national security.”  Critically, the Cyber Security Law may have global implications, as the Law applies to both Chinese and international businesses engaging in the construction, operation, maintenance or use of information networks in China.

(more…)

SHARE
EmailPrintShare
11 November 2016

The Trump Agenda for Cybersecurity and Privacy

The future of privacy and cybersecurity under President-elect Trump – with a Republican-controlled House and Senate – is far from certain, but his campaign comments indicate an emphasis on robust cybersecurity, perhaps with more openness to both offensive as well as defensive initiatives.

(more…)

SHARE
EmailPrintShare
31 October 2016

ICO Updates Guidance on Privacy Notices

The EU Data Protection Directive requires that data be processed fairly, which includes providing individuals with certain information about how a business uses their data, for example, by way of a privacy notice.  These information requirements will be enhanced under the new EU Data Protection Regulation (“GDPR“), which will require many companies to review and amend their employee and customer notices, consents and policies (including privacy notices).

(more…)

SHARE
EmailPrintShare
18 October 2016

G7 Sets Guidelines for Cybersecurity for the Financial Sector

As the financial services sector becomes ever more reliant on new technologies to decrease costs and create more efficient systems, it becomes more vulnerable to cyber attacks. On October 11, 2016, the Group of Seven (“G7”) industrial nations agreed on a set of guidelines to combat the cyber risks that are “growing more dangerous and diverse, [and] threatening to disrupt our interconnected global financial systems and the institutions that operate and support those systems.” These issues have been particularly visible following a number of high profile cybersecurity attacks at financial institutions.

(more…)

SHARE
EmailPrintShare
07 September 2016

Why Design Matters: It Can Determine Whether an Online Agreement is Enforceable

*Updated on September 8, 2016

The Southern District of New York recently issued a ruling that raises new issues with customer consent and arbitration contracts in a simple click-through agreement, adding to the increasing judicial skepticism over the enforceability of browse-wrap agreements, despite the Supreme Court’s seeming endorsement of consumer arbitration clauses in AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), based on preemption by the Federal Arbitration Act. Soon after this decision, however, the Ninth Circuit issued a ruling that went the other way and found that the arbitration terms in Uber’s terms and conditions were enforceable. Central to these cases has been findings relating to the degree to which terms of use can be considered binding.

(more…)

SHARE
EmailPrintShare
29 August 2016

Despite Lenient View of Standing, Appellate Court Dismisses “Clearly Meritless” Case on 12(b)(6) Grounds Not Considered by the District Court; Lessons Abound

In Carlsen v GameStop, Inc. the Eighth Circuit held that a plaintiff had standing to bring privacy claims that his personal information, specifically web browsing data, was provided to a third party in violation of an allegedly express agreement not to do so (namely, the defendant’s privacy policy). The district court had previously dismissed the complaint on the grounds of lack of standing because the plaintiff – a paying customer of Gamestop’s online video game magazine – failed to allege that he paid any specific amount for the privacy policy or that he bargained for any additional privacy beyond what non-paying users obtained. However, even though the district court did not consider the defendant’s 12(b)(6) motion to dismiss the complaint on grounds of failure to state a claim, the appellate court nonetheless affirmed the dismissal on that basis.

(more…)

SHARE
EmailPrintShare
26 August 2016

German guidance on employee monitoring a reminder to carefully craft Acceptable Use Policies

Earlier this year, German data protection authorities issued guidance (in German) for companies regarding monitoring employees’ work email account and Internet usage.  The guidance establishes a framework based on the German Federal Data Protection Act (“FDPA”) and whether the employer allows employees to use their work email and Internet services for personal use.  Where personal use is prohibited, the data protection recognize a greater scope for monitoring.  The guidance also recognizes that employers may randomly check employees’ Internet use to ensure it is being used only for business purposes.  Further, employers may access an employees’ sent and received emails during a long absence if required for business purposes.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator