The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech
As regulators around the world fiercely debate new ways to oversee competition in the digital sector, the EU is on the brink of formally approving a landmark new law. The Digital Markets Act (DMA) will impose a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and give the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance.
Once it comes into force, the DMA is set to revolutionize the way in which so-called Big Tech is regulated in the EU, shifting toward ex-ante rulemaking and away from traditional after-the-fact enforcement. Given the far-reaching nature of the DMA obligations, their effects will likely be felt globally.
There is a lot to digest, so below is our breakdown of the top 10 key points you should know about the EU’s new rules. (more…)
Data Matters: The Declaration for the Future of the Internet
On April 28, 2022, the White House announced, in partnership with 60 global partners, the launch of the Declaration for the Future of the Internet, also known as the “DFI.”
According to the White House briefing, the Declaration sets forth the shared principles regarding how parties should comport themselves with respect to the Internet, the digital ecosystem, and the digital economy. The Declaration affirms that the signatories are committed to defending the Internet, to governing it by a multi-stakeholder approach, and to promoting an open, free, global, interoperable, reliable, and secure Internet for the world. The State Department’s newly formed Bureau of Cyberspace and Digital Policy put out a nearly identical statement. (more…)
EU Data Governance Act – Edging Closer to a European Single Market for Data
On 6 April 2022, the European Parliament formally approved the Data Governance Act (“DGA”), which establishes a legal framework to promote the availability of data and increase trust in data sharing across sectors in the EU. Some of the key objectives of the new legislation include enabling the re-use of certain categories of protected public sector data and making it easier and safer for citizens and businesses to share their data with relevant stakeholders. (more…)
Privacy by Design and Data Minimisation
*This article was first published by Global Data Review in March 2022.
“Privacy by design” refers to the practice of integrating and embedding privacy and data protection into the development and implementation of information technology systems, business practices and policies, and products and applications. (more…)
Understanding China’s Data Regulatory Regime: What Are Important Data? And Can They Be Transferred Outside Of China?
The concept of “important data” is a cornerstone of China’s data regulatory regime. The Cyber Security Law (2017) (the CSL) prohibits operators of critical information infrastructures (CIIs) from transferring their “important data” and personal information outside of China. The Data Security Law (2021) (the DSL) and some recent draft regulations indicate that the prohibition on exports of “important data” is likely to apply to all companies, whether CII operators or not.
Then, what are “important data”? (more…)
Third Time’s a Charm? Privacy Shield Agreement Reached In Principle
The U.S. President and European Commission President announced in a joint press statement on March 25th, 2022 that an agreement “in principle” has been reached on a new Trans-Atlantic Data Privacy Framework (Privacy Shield Agreement 2.0). Once approved and implemented, the agreement would facilitate the transatlantic flow of personal data and provide an alternative data transfer mechanism (in addition to EU Standard Contractual Clauses and Binding Corporate Rules) for companies transferring personal data from the EU to the U.S. This is a welcome announcement for companies that have been dealing with the legal uncertainty of such data flows following the Schrems II decision in July 2020, which invalidated the EU-U.S. Privacy Shield 1.0 for international transfers of personal data.
Data Protection in Financial Services Week 2022
WEBINAR
From February 28-March 3, Sidley and OneTrust DataGuidance hosted their annual Data Protection in Financial Services (DPFS) Week, a series of webinars looking at the impacts of data privacy across the financial sector. Industry speakers covered a range of issues including:
- How the latest privacy and cybersecurity developments in Europe and the U.S. have impacted financial services
- How new and existing privacy and cyber requirements intersect with finance-specific regulation
- What financial organizations can do to keep ahead of the curve in the ever-evolving data privacy and cyber landscape
- How to deal with and manage the key issues for 2022, such as AI, data governance, and international transfers
Trying to Tackle Big Data: European Union Launches Draft Data Act
On 23 February 2022, the European Commission (Commission) proposed a draft of a regulation on harmonised rules on fair access to and use of data – also known as the Data Act. The Data Act is intended to “ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all”.
If adopted in its current form, the new rules will impose far-reaching obligations on tech companies (such as manufacturers of connected products and cloud service providers) and give national authorities new enforcement powers to sanction infringements with fines of up to EUR 20 million or 4% of annual global revenue, whichever is higher. (more…)
U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks
On January 11, 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recently released a joint Cybersecurity Advisory warning critical infrastructure operators about the threat of Russian state-sponsored cyberattacks and recommended best practices to minimize disruption from such an attack (the “Advisory”).
The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Within a few days, data security experts at Microsoft, Palo Alto Networks (“PANW”), and Mandiant confirmed reports of increasing Russian cyberactivity and offered their own recommendations for hardening measures (many of which overlap with the Advisory). (more…)
5 Key European Data Protection Trends for 2022
It seems there will be a packed agenda for EU and UK data protection this coming year. We set out below the 5 hot topics to watch in 2022 including expected legislative reforms, the most interesting cases to follow, and areas which are expected to continue to receive regulatory attention. (more…)
