Data: A New Direction or Misdirection? ICO Responds to UK Government Consultation on Its Proposed New Data Protection Regime
On 7 October 2021, the Information Commissioner’s Office (“ICO”), published its response to the UK government’s consultation entitled “Data: A new direction”. The consultation which sets out the proposals of the Department for Digital, Culture Media & Sport (“DCMS”) promised far-reaching reforms to the UK data protection regime with an emphasis on capturing the power of data to drive economic growth and innovation. The DCMS’s proposals posed a significant moment for UK data protection law and as such Sidley was pleased to host a Chatham House Rule discussion about this important consultation on 15 September 2021 with Joe Jones, Deputy Director, International Data Transfers at the DCMS. We hope that interested readers may have attended our discussion with Deputy Director Jones. (more…)
National AI Strategy: The UK Government Publishes Its Artificial Intelligence Strategy for the Next Decade
On 22 September 2021, the UK Government (the “Government”) published its Artificial Intelligence (“AI”) strategy. The paper outlines the Government’s plan to make Britain a “global superpower” in the AI arena, and sets out an agenda to build the most “pro-innovation regulatory environment in the world”. This post highlights some of the key elements from the UK AI strategy. Significantly, the UK’s proposed approach may diverge in some respects from the EU’s GDPR. For example, the UK strategy includes consideration of whether to drop Article 22’s restrictions on automated decision-making, and whether to maintain the UK’s current sectoral approach to AI regulation. The UK will publish a White Paper on regulating AI in early 2022, which will provide a basis for further consultation and discussion with interested or affected groups before draft legislation is formally presented to the UK Parliament. (more…)
FTC Issues Civil Penalty Notice to 700 Companies Regarding Endorsements and Reviews
The U.S. Federal Trade Commission (FTC) on October 13 published a Notice of Penalty Offenses advising more than 700 companies that they could incur significant civil penalties if they use endorsements in ways that run counter to the FTC’s guidance. The FTC, in its own words, “blanket[ed] industry” with these notices to send a “clear message” that companies cannot use “fake reviews and other forms of deceptive endorsements” to “cheat consumers and undercut honest businesses.” (more…)
How to Mitigate Corporate Risk and Respond to Crises
Recent events have given the term “corporate crisis” a whole new meaning. From cyberattacks and pandemic disruptions to political divisions and tweets that go viral, companies are being challenged in ways they never have before. How should they respond in a fast-moving crisis? (more…)
The U.S. Federal Government Continues Its Focus on Ransomware Attacks: CISA, FBI, and NSA Publish Technical Advisory on the Conti Group
On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory (the “Advisory”) outlining the Conti ransomware group’s tactics, techniques, and procedures (“TTPs”) to help companies protect against their attacks. This Advisory is especially notable because it is an example of the type of information sharing promised by the Biden administration, which includes technical details about the Conti group’s TTPs. It also heralds the launch of new website called: StopRansomware.gov. (more…)
Data Breaches are More Expensive than Last Year, New IBM Security Report Finds
Death, taxes and data breaches. Cybersecurity incidents have grown in frequency, scale and seriousness. As articulated in President Biden’s May 2021 Executive Order, Improving the Nation’s Cybersecurity, “[t]he United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” These threats lead to direct costs on victims, and these costs have also grown exponentially in recent years, as readers of the famed annual Ponemon data breach report well know. This year’s report is out, and confirms the continuation of a troubling trend. (more…)
SEC Fines Alternative Data Provider for Securities Fraud
On September 14, 2021, the U.S. Securities and Exchange Commission (SEC) settled an enforcement action against App Annie Inc., an alternative data provider for the mobile app industry, and its former CEO Bertrand Schmitt. The SEC charged App Annie and Schmitt with securities fraud, under Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5, for engaging in deceptive practices and materially misrepresenting how App Annie derived its alternative data, thereby inducing trading firms to become subscribers to use App Annie’s data in their decisions to buy and sell securities. (more…)
The Burden of Privacy In Discovery
*This article first appeared on Judicature in Summer 2021
With the proliferation of social media platforms and other new technologies has come a renewed legal focus on privacy. Most of that focus has centered on data collection, storage, sharing, and, in particular, third-party transactions in which customer information is harnessed for advertising purposes. But what about other contexts? Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns? Should privacy be considered a “burden” under the proportionality analysis required by Federal Rule of Civil Procedure Rule 26(b)?
In this essay, Robert D. Keeling and Ray Mangum, a partner and associate, respectively, at Sidley Austin LLP, argue that privacy should be considered a burden under Rule 26(b).
Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon
This summer, the Federal Trade Commission (“FTC”) hosted its sixth annual PrivacyCon, an event focused on the latest research and trends related to consumer privacy and data security. This years’ event was divided into six panels: Algorithms; Privacy Considerations and Understandings; Adtech; Internet of Things; Privacy-Children and Teens; and, Privacy and the Pandemic. Welcoming attendees and kicking off the event, Commissioner Rebecca Kelly Slaughter called for minimization of data abuses and for a move away from the notice and consent model of privacy in favor of data minimization. PrivacyCon topics are selected by the FTC and often seen as an indication of enforcement priorities. (more…)
