On July 30, 2024, New York Attorney General Letitia James announced website privacy guides for New York consumers and businesses. The guides, a business-focused Business Guide to Website Privacy Controls and a consumer-focused Consumer Guide to Tracking on the Web, are available on the Office of the New York State Attorney General’s (the “OAG’s”) website. The Business Guide to Website Privacy Controls is instructive for businesses operating websites available in the state. The OAG’s announcement is made amid increasing regulatory scrutiny, including by the FTC, as well as increased litigation centered on the use of online tracking technologies.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-07.jpg607833Colleen T. Brownhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngColleen T. Brown2024-08-13 09:04:082026-01-23 12:23:09New York Attorney General Publishes Guide to Avoid “Key Mistakes” Regarding Online Tracking Technologies
On 24 May 2024, the Council of the European Union (the “Council”) released new details of a proposed reform of the General Data Protection Regulation’s (“GDPR”) procedural rules, which representatives of EU national governments approved on 29 May 2024. On 13 June 2024, the Council issued a press release detailing its agreed common Member States’ position that maintains the general thrust of the original proposed reforms, but which seeks to: (i) introduce clearer timelines; (ii) improve efficiency of cooperation; and (iii) provide an early resolution mechanism.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2024-08-12 09:33:582024-08-12 09:33:58EU Governments Sign-off Proposed Reforms to GDPR Procedural Rules and Council Reaches Common Member States’ Position
During the King’s Speech on 17 July 2024, the newly appointed UK Prime Minister announced the UK Government’s intention to introduce a new Cyber Security and Resilience Bill to strengthen the UK’s defences against the global rise in cyberattacks and to protect the UK’s critical infrastructure. In background briefing notes published together with the King’s Speech, the UK Government stated that the new Cyber Security and Resilience Bill will “strengthen our defences and ensure that more essential digital services than ever before are protected.” According to the briefing notes, the Cyber Security and Resilience Bill intends to address the concern that the UK has not kept up-to-date with recent legislative advancements made by the EU in the cybersecurity space, resulting in the UK being “comparably more vulnerable.” Although the form of the proposed Cyber Security and Resilience Bill has yet to be released, the UK Government has indicated that it plans to introduce the bill in the coming months.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-15.jpg607834William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2024-08-09 09:38:232024-08-09 09:38:23UK proposes New Cyber Security and Resilience Bill to Boost the UK’s Cyber Defences
In July 2024, Malaysia’s legislative body approved significant changes to the country’s Personal Data Protection Act. The changes have the effect of aligning Malaysia’s personal data protection laws more closely with international data protection laws. The effective date and other implementation guidelines are expected to follow closely.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Yuet Ming Thamhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngYuet Ming Tham2024-08-07 10:10:572024-08-07 10:12:34Important Changes to Malaysia’s Data Protection Laws
On July 23, 2024, the competition authorities of the EU, the UK, and the U.S. issued a joint statement on competition in generative artificial intelligence (AI) foundation models and AI products (Joint Statement). Since the emergence of generative AI, each of the authorities has been individually ramping up its work in order to understand better the potential risks to competition that AI may pose. The Joint Statement may herald a more joined-up global approach with respect to scrutiny of competition in AI.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-10.jpg607834Ken Dalyhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngKen Daly2024-07-31 10:31:542024-07-31 10:37:37Artificial Intelligence Tops Agenda for Global Competition Authorities: EU, UK, and U.S. Issue Joint Statement
As Section 230 of the 1996 Communications Decency Act nears its 30th year since enactment, debate rages on in Congress and in the public as to whether and how it should be changed or perhaps scrapped altogether.
The protection of minors online continues to be a focus for EU regulators. Following the publication last year by the European Parliament of its guidelines on online age verification methods for children, the European Commission has recently announced it will be holding a dedicated stakeholder workshop in September 2024 to discuss guidelines for age verification and protecting minors. Whilst the issue has been flagged as a priority by the European Data Protection Board (“EDPB”) and we are seeing an increase in guidelines and (in some cases) laws addressing the issue at a national Member State level, this is also a focus of the new EU Digital Services Act (“DSA”).
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-04-1.jpg607833William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2024-07-26 13:10:082024-07-26 13:10:08Heightened Focus in the EU for the Protection of Minors Online
On June 20, 2024, the U.S. Department of Commerce (Commerce) Office of Information and Communications Technology and Services (OICTS) published a first-of-its-kind Final Determination against Kaspersky Lab, Inc., prohibiting the provision of its antivirus software and cybersecurity products in the United States or to U.S. persons. This Final Determination provides new insights into OICTS review of information and communications technology and services (ICTS) transactions and the prohibitions or restrictions that may result. The full text of the Final Determination is available here. OICTS also provides additional guidance on the new prohibition here.
New York Attorney General Publishes Guide to Avoid “Key Mistakes” Regarding Online Tracking Technologies
On July 30, 2024, New York Attorney General Letitia James announced website privacy guides for New York consumers and businesses. The guides, a business-focused Business Guide to Website Privacy Controls and a consumer-focused Consumer Guide to Tracking on the Web, are available on the Office of the New York State Attorney General’s (the “OAG’s”) website. The Business Guide to Website Privacy Controls is instructive for businesses operating websites available in the state. The OAG’s announcement is made amid increasing regulatory scrutiny, including by the FTC, as well as increased litigation centered on the use of online tracking technologies.
(more…)
Colleen T. Brown
Washington, D.C.
ctbrown@sidley.com
Mitchell Noordyke
Chicago
mnoordyke@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
EU Governments Sign-off Proposed Reforms to GDPR Procedural Rules and Council Reaches Common Member States’ Position
On 24 May 2024, the Council of the European Union (the “Council”) released new details of a proposed reform of the General Data Protection Regulation’s (“GDPR”) procedural rules, which representatives of EU national governments approved on 29 May 2024. On 13 June 2024, the Council issued a press release detailing its agreed common Member States’ position that maintains the general thrust of the original proposed reforms, but which seeks to: (i) introduce clearer timelines; (ii) improve efficiency of cooperation; and (iii) provide an early resolution mechanism.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Arthur Clover
Trainee Solicitor
aclover@sidley.com
UK proposes New Cyber Security and Resilience Bill to Boost the UK’s Cyber Defences
During the King’s Speech on 17 July 2024, the newly appointed UK Prime Minister announced the UK Government’s intention to introduce a new Cyber Security and Resilience Bill to strengthen the UK’s defences against the global rise in cyberattacks and to protect the UK’s critical infrastructure. In background briefing notes published together with the King’s Speech, the UK Government stated that the new Cyber Security and Resilience Bill will “strengthen our defences and ensure that more essential digital services than ever before are protected.” According to the briefing notes, the Cyber Security and Resilience Bill intends to address the concern that the UK has not kept up-to-date with recent legislative advancements made by the EU in the cybersecurity space, resulting in the UK being “comparably more vulnerable.” Although the form of the proposed Cyber Security and Resilience Bill has yet to be released, the UK Government has indicated that it plans to introduce the bill in the coming months.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Denise Kara
Important Changes to Malaysia’s Data Protection Laws
In July 2024, Malaysia’s legislative body approved significant changes to the country’s Personal Data Protection Act. The changes have the effect of aligning Malaysia’s personal data protection laws more closely with international data protection laws. The effective date and other implementation guidelines are expected to follow closely.
(more…)
Yuet Ming Tham
Singapore, Hong Kong
ytham@sidley.com
Shu Min Ho
Singapore
shumin.ho@sidley.com
Margaret Huang
Singapore
margaret.huang@sidley.com
Artificial Intelligence Tops Agenda for Global Competition Authorities: EU, UK, and U.S. Issue Joint Statement
On July 23, 2024, the competition authorities of the EU, the UK, and the U.S. issued a joint statement on competition in generative artificial intelligence (AI) foundation models and AI products (Joint Statement). Since the emergence of generative AI, each of the authorities has been individually ramping up its work in order to understand better the potential risks to competition that AI may pose. The Joint Statement may herald a more joined-up global approach with respect to scrutiny of competition in AI.
(more…)
Ken Daly
Brussels
kdaly@sidley.com
Patrick J. Harrison
London
pharrison@sidley.com
Monika Zdzieborska
London
mzdzieborska@sidley.com
Fiona Shajko
London
fshajko@sidley.com
Section 230’s Original Intent Offers Touchstone for Online Safety
As Section 230 of the 1996 Communications Decency Act nears its 30th year since enactment, debate rages on in Congress and in the public as to whether and how it should be changed or perhaps scrapped altogether.
(more…)
Randi Singer
New York, Palo Alto
randi.singer@sidley.com
Liz Mclean
New York
elizabeth.mclean@sidley.com
Heightened Focus in the EU for the Protection of Minors Online
The protection of minors online continues to be a focus for EU regulators. Following the publication last year by the European Parliament of its guidelines on online age verification methods for children, the European Commission has recently announced it will be holding a dedicated stakeholder workshop in September 2024 to discuss guidelines for age verification and protecting minors. Whilst the issue has been flagged as a priority by the European Data Protection Board (“EDPB”) and we are seeing an increase in guidelines and (in some cases) laws addressing the issue at a national Member State level, this is also a focus of the new EU Digital Services Act (“DSA”).
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Matthias Bruynseraede
London
mbruynseraede@sidley.com
U.S. Commerce Department Issues First-of-Its-Kind Determination Banning Certain Software Products and Services
On June 20, 2024, the U.S. Department of Commerce (Commerce) Office of Information and Communications Technology and Services (OICTS) published a first-of-its-kind Final Determination against Kaspersky Lab, Inc., prohibiting the provision of its antivirus software and cybersecurity products in the United States or to U.S. persons. This Final Determination provides new insights into OICTS review of information and communications technology and services (ICTS) transactions and the prohibitions or restrictions that may result. The full text of the Final Determination is available here. OICTS also provides additional guidance on the new prohibition here.
(more…)
Jen Fernandez
Washington, D.C.
jen.fernandez@sidley.com
James Mendenhall
Washington, D.C.
jmendenhall@sidley.com
Heather Hedges
Upcoming Events
Resources