French Council of State Partially Annuls CNIL Cookie Guidelines on Use of Cookie Walls

On June 19, 2020, the French Conseil d’État (“Council of State”) issued a decision partially annulling the Guidelines of the French Data Protection Authority (the “CNIL”) on cookies and other tracking tools (“Guidelines”). The Council of State ruled that the CNIL’s Guidelines could not prohibit the use of ‘cookie walls’, a practice which consists of blocking user access to a website where the user refuses to consent to cookies and other tracking tools. Nevertheless, the Council of State confirms the Guidelines on other key points, such as the requirement to facilitate the right to withdraw consent to cookies, the retention period for cookies and the information requirement for cookies not subject to a consent requirement.

Read More

EmailShare

Two Rulings in Two Weeks on the TCPA’s Autodialer Restrictions

The last two weeks have brought two important (although unrelated) rulings on the TCPA’s Autodialer Restrictions.  First, on June 25, the Federal Communications Commission limited the applicability of the autodialer restrictions in the Telephone Consumer Protection Act, 47 U.S.C. § 227 (the “TCPA”), to an emerging texting technology. Second, less than two weeks later, the Supreme Court ruled that an exception to the TCPA’s autodialer restrictions for calls to collect federal debts was unconstitutional and expanded the statute’s reach.

Read More

EmailShare

NYDFS Announces a Series of Virtual Currency Initiatives

On June 24, 2020, the New York State Department of Financial Service (NYDFS) announced a series of virtual currency initiatives aimed at providing additional opportunities and clarity for BitLicense and limited-purpose trust company applicants and licensees. These initiatives include:

  • A proposed framework for obtaining a conditional BitLicense when partnering with an existing licensee
  • A proposed approach for NYDFS pre-approval of certain virtual currencies and a licensee’s ability to self-certify the use of new virtual currencies
  • New procedures aimed at creating a more transparent and timely process for reviewing BitLicense applications
  • A BitLicense FAQ page

The NYDFS’s press announcement stated that these initiatives were developed based on feedback from the industry to make it easier for virtual currency companies to successfully operate in New York. If the stated intent is achieved, these initiatives will be a welcome change for virtual currency businesses, which have often faced long timelines and a burdensome review process when submitting a BitLicense application or attempting to expand their approved activities. It remains to be seen, however, whether those objectives can be met.

Read More

EmailShare

Privacy and Cybersecurity Roundtable: Monitor-Side Chat Series

These informal video chats, moderated by Sidley partner Alan Raul, are designed to help fill the COVID-19 induced privacy discussion drought. We look forward to hearing what is on the mind of key data protection and cybersecurity thought leaders from both public and private sectors. Each chat will be relatively brief, leaving some time to address participant questions via our virtual space. Please feel free to suggest any topics you would be interested to hear addressed by contacting dcevents@sidley.com.

Read More

EmailShare

Key Takeaways From Sidley’s Privacy and Cybersecurity Monitor-Side Chat Featuring Bruno Gencarelli, Head of International Data Flows and Protection at the European Commission

On June 25, 2020, Sidley partner, Alan Raul, founder and co-head of Sidley’s privacy and cybersecurity practice, hosted Bruno Gencarelli, head of International Data Flows and Protection at the European Commission, for a Monitor-Side Chat.

The discussion focused largely on the Commission’s report on two years of the GDPR which was issued on 24 June 2020. Key themes of the report include:

  • EU data protection authorities (“DPAs”) should increase their efforts towards the adoption of a harmonised approach to responding to cross-border investigations;
  • a call for greater resources to be given to DPAs by EU Member States to ensure the GDPR is sufficiently enforced;
  • a need for greater consistency among EU Member States on interpretations of the GDPR in national laws in order to avoid unnecessary burdens on companies; and
  • greater utilisation of the data portability right under the GDPR to ensure individuals have greater involvement in the digital economy by enabling them to switch between different service providers and make use of other innovative services.

Read More

EmailShare

The Return of the Mac: CCPA 2.0 Qualifies for California’s November 2020 Ballot and Could Usher In Sweeping Changes to CCPA

The California Privacy Rights Act (CPRA), a proposed initiative to codify far-reaching amendments to the California Consumer Privacy Act (CCPA) and sometimes referred to as “CCPA 2.0”, is back in play and heading to the November 2020 ballot.  A series of dramatic procedural twists and turns culminated with initiative backers successfully obtaining a writ of mandate directing the Secretary of State to direct counties to verify signatures for the ballot proposal by the June 25th Constitutional deadline.  This verification involved each county conducting a random sample of the more than 800,000 signatures that proponents had submitted to place the initiative on the ballot.

Before the California court’s ruling, observers were skeptical that signatures could be verified before the deadline.  Initiative proponents were almost two weeks behind the recommended schedule when they delivered signatures to be verified by California’s 58 counties.  This meant counties had until June 26th to verify signatures — a day after the June 25th Constitutional deadline.  Experience with other initiatives this year had shown that several large counties were waiting until the deadline to complete verifications, so proponents petitioned the court to push the deadline up by a day in order to meet the Constitutional deadline.  The court agreed to do so, finding good cause existed to force counties to complete verifications a day early.  And, as it happened, the extra time was not needed, as counties finished the count two days ahead of their initial deadline.

Read More

EmailShare

French Council of State Upholds €50m CNIL Fine against Google

On June 19, 2020, the French Conseil d’État (“Council of State”) issued a decision upholding the €50 Million fine imposed against Google LLC by the French Supervisory Authority (the “CNIL”). On January 21, 2019, the French CNIL had issued a fine against Google’s U.S. headquarters for failure to comply with the EU General Data Protection Regulation’s (“GDPR”) fundamental principles of transparency and legitimacy. Please refer to the relevant Sidley Data Matters’ blog post on the CNIL decision here. The CNIL found that Google had insufficiently informed Android users about their data processing activities, given the complexity of Google’s privacy policy and terms & conditions, and that the consent obtained from them through the use of pre-ticked boxes was insufficient to serve as a legal basis for processing used for targeted advertising. This was the first and highest regulatory fine the CNIL had issued on the basis of the GDPR.

Read More

EmailShare
1 2 3 85
EmailShare
XSLT Plugin by BMI Calculator