European Digital Rights (EDRi), a digital user rights non-for-profit organisation, on 25 October 2018, launched an online platform, ‘GDPR Today’. In its first edition of the GDPR Today, the EDRi published statistics collected from eight EU Member States (France, Germany, Ireland, Italy, Poland, Romania, Sweden and the United Kingdom). The statistics show that since the GDPR’s entry into force on 25 May 2018, data protection authorities (DPAs) have received thousands of complaints from EU individuals on the implementation of the GDPR by businesses and other organisations. Of note, the United Kingdom’s DPA, the UK Information Commissioner’s Office (ICO), has topped the list of complaints received, with nearly 15,000 complaints. Germany and France follow in the rankings, with 6,555 complaints and 3,767 complaints received, respectively. However, the UK figure includes complaints filed with the ICO prior to the GDPR’s effective date.
The results of Tuesday’s midterm elections were notable for several reasons, and not just in the races at the top of the ticket — there were also significant changes in the state Attorney General ranks. Forty jurisdictions (including Guam, Virgin Islands and the District of Columbia) had Attorney General candidates on their ballots, including open races in 13 jurisdictions. It was a somewhat strong showing for Democrats, who picked up open seats in Colorado (Phil Weiser), Michigan (Dana Nessel) and Nevada (Aaron Ford). In addition, Democrat Josh Kaul defeated incumbent Republican Brad Schimel in Wisconsin. Overall, there are 14 new Attorneys General. A chart at the end of this Update lists the results of all of Attorney General elections.
On November 1, 2018, following a rising tide of speculation, the Hong Kong regulator Securities and Futures Commission (SFC) announced a series of initiatives to regulate digital assets for the first time (and, apparently, without the need for any kind of legislative approval or backing). The initiatives, discussed below, take effect immediately. For purposes of the new regime, the SFC refers to “virtual assets” broadly defined to include initial coin offerings (ICOs), digital tokens (such as digital currencies, utility tokens or security or asset-backed tokens) and any other virtual commodities, cryptoassets and other assets of essentially the same nature (together “digital assets” herein as commonly understood in the industry).
Rapid advances in automation have the potential to disrupt a number of sectors, perhaps none more so than the automobile industry. The U.S. Department of Transportation (DOT) has accordingly announced its intention to take “active steps to prepare for the future by engaging with new technologies to ensure safety without hampering innovation.” Most recently, on October 4, 2018, DOT issued Preparing for the Future of Transportation: Automated Vehicles 3.0 (AV 3.0), its third round of guidance on the topic. Like its 2017 predecessor, “Automated Driving Systems 2.0: A Vision for Safety,” AV 3.0 emphasizes the development of voluntary, consensus-based technical standards and approaches while noting that there are cross-cutting policy issues where federal leadership may be necessary. AV 3.0 also builds on its predecessors by emphasizing that it reflects the view of all of DOT’s operating administrations; by providing much more detailed guidance on the development and testing of automated vehicle technologies; and by announcing some specific regulatory steps DOT plans to take in the near future.
Companies with robust cybersecurity programs may still be vulnerable to attack. A new, first-of-its-kind law in Ohio now recognizes this fact. On November 1, 2018, the Ohio Data Protection Act (SB 220) establishes a safe harbor from state tort actions in data breach cases for entities that have developed an information security program with “administrative, technical, and physical safeguards for the protection of personal information and that reasonably conforms to an industry recognized cybersecurity framework.” Without establishing minimum cybersecurity standards, the Ohio law affords defendants an “affirmative defense” against state tort actions and establishes an important precedent that may serve as a model for other states and the federal government to follow.
A string of Governmental announcements have increasingly sounded the alarm about the growing cybersecurity threat facing the energy sector. Among other things, these reports have announced that state-sponsored cyber actors have successfully gained access to the control rooms of utilities. The hackers, one of the reports notes, could have used such access to cause blackouts.
To receive email alerts when we post a blog entry, please provide your name and email address.