Substantial Changes to Hong Kong’s Privacy Laws Coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.

(more…)

Unpacking Digital Data Laws Across Europe: Addressing the Digital Markets Act

The EU Digital Markets Act (DMA) is set to revolutionize the way in which so-called ‘Big Tech’ is regulated in the EU, shifting toward ex-ante rulemaking and away from traditional after-the-fact enforcement. The DMA imposes a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and gives the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance.

(more…)

EU Publishes New NIS2 Cyber Directive Imposing Liability and Obligations on Senior Management

On 17 January 2023, the new Network and Information Systems Security Directive (“NIS2 Directive”), which is aimed at establishing a minimum level of cybersecurity standards across the EU and is set to replace its predecessor (the NIS or “NIS1 Directive), entered into force. The new NIS2 Directive aims to further harmonize and strengthen cybersecurity and resilience throughout the EU in response to a continued increase in digitization and rise in cyber (and in particular ransomware) threats – which is estimated to have reached a total cost of €5.5 trillion at the end of 2020 (double the figure of 2015) and continues to rise in the EU and globally notably due to ongoing geopolitical conflicts in Ukraine and Russia. (more…)

European Commission Publishes Draft Cyber Resilience Act

On 15 September 2022, the European Commission (“Commission” or “EC”) published a draft proposal for a Cyber Resilience Act (“CRA” ). The CRA comes in response to the increasingly common occurrence of cyberattacks, with some predicting that the global cost of cyberattacks for companies will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. The CRA promises to transform the European cybersecurity landscape by harmonizing and bolstering cybersecurity rules across all technologies with “digital elements.” The Commission is currently inviting public feedback on the CRA through 18 November 2022. The CRA will then pass through the European Parliament for debate and for amendments to be proposed.

(more…)

Regulatory Update: NAIC Summer 2022 National Meeting

The National Association of Insurance Commissioners (NAIC) held its Summer 2022 National Meeting (Summer Meeting) August 9–13, 2022. This post summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Summer Meeting. Highlights include a proposal for a new consumer privacy protections model law, continued discussion of considerations related to private equity ownership of insurers, continued development of accounting principles and investment limitations related to certain types of bonds and structured securities, and initiatives to address climate risks in the insurance sector.

(more…)

Big California Privacy News: Legislative and Enforcement Updates

Privacy never sleeps in California.  In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country.  For businesses operating in California or whose websites, products or services reach California residents, these changes mean new compliance obligations, some of which could require significant investments of time and resources.  The impact of these changes highlight once again how the United States lacks a consistent national policy on privacy that could be set by a comprehensive federal privacy law.  (more…)

Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law

Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law.  Kentucky Governor Andy Beshear signed House Bill 474 into law, and Maryland Governor Larry Hogan signed SB 207. (more…)

Connecticut Makes Five: The Constitution State Enacts Broad Data Privacy Law Effective July 2023

Connecticut has passed a new state data privacy law slated to go into effect on July 1, 2023.  The law largely tracks other new state data privacy laws recently passed in Virginia and Colorado, but also includes several provisions that could impact compliance plans, including a new obligation to provide a mechanism for consumers to revoke their consent to the processing of their data. (more…)

UK Consults on Algorithmic Processing

Algorithms touch upon multiple aspects of digital life, and their use potentially falls within several separate – though converging – regulatory systems. More than ever, a ‘joined up’ approach is required to assess them, and the UK’s main regulators are working together to try to formulate a coherent policy, setting an interesting example that could be a template for global approaches to digital regulation. (more…)

Data Regulation Ramps Up in Europe: DMA, DSA, and the UK Online Safety Bill

Location
WEBINAR
REGISTER HERE
11:00 a.m. ET | 4:00 p.m. BST | 5:00 p.m. CET

Date
Wednesday, June 8, 2022

Since the EU announced its Digital and Data Strategy in February 2020, the European Commission has released several legislative proposals to regulate digital platforms and services, including with respect to access and the use of data. Included within the proposals are the Digital Markets Act (DMA) and the Digital Services Act (DSA).

(more…)