1. What has the Competition and Markets Authority (CMA) announced?
On January 27, The UK’s competition regulator, the CMA, has formally launched a market study into music streaming; see its Market Study Notice.
The market study will look at whether competition in the music streaming value chain is working well for consumers. It will focus on three key areas: competition among music companies; competition among music streaming services; and the impact on competition of agreements between music companies and music streaming services. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Patrick J. Harrisonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngPatrick J. Harrison2022-01-31 11:08:442023-09-06 17:03:03The UK’s Competition and Markets Authority’s Music Streaming Market Study
On January 11, 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recently released a joint Cybersecurity Advisory warning critical infrastructure operators about the threat of Russian state-sponsored cyberattacks and recommended best practices to minimize disruption from such an attack (the “Advisory”).
The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Within a few days, data security experts at Microsoft, Palo Alto Networks (“PANW”), and Mandiant confirmed reports of increasing Russian cyberactivity and offered their own recommendations for hardening measures (many of which overlap with the Advisory). (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Vishnu Tirumalahttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngVishnu Tirumala2022-01-28 11:06:502024-05-02 16:53:34U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks
It seems there will be a packed agenda for EU and UK data protection this coming year. We set out below the 5 hot topics to watch in 2022 including expected legislative reforms, the most interesting cases to follow, and areas which are expected to continue to receive regulatory attention. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2022-01-27 10:35:112024-11-15 14:36:365 Key European Data Protection Trends for 2022
A Caremark-based claim against a board of directors alleging a failure to monitor corporate operations has been said to be “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” or at least to withstand a motion to dismiss. Yet, Caremark has taken on renewed importance following recent high-profile successes on duty-to-oversee claims, most notably in Marchand v. Barnhill in 2019 and In re Boeing in September 2021, and recent shareholder lawsuits alleging that data breach- and cybersecurity-related failures would have been preventable were it not for oversight failures by corporate officers and directors, are being plead asserting Caremark claims. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Robert S. Velevishttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngRobert S. Velevis2022-01-26 11:26:462024-11-15 14:08:48Caremark’s Comeback Includes Potential Director Liability in Connection With Data Breaches
As data breaches become more common, increased public attention on privacy has led to a flurry of state-level activity on the issue. With a federal privacy bill languishing in Congress, the states have taken the lead. California, Colorado, and Virginia have all passed comprehensive privacy laws in the past three years. In 2021, an additional twenty-one states considered a comprehensive privacy bill.
Considering the serious risk of fragmentation that could arise from dozens of distinct privacy statutes, the Uniform Law Commission has proposed a model bill – the Uniform Personal Data Protection Act (“UPDPA”). The Uniform Law Commission’s model bills, such as the Uniform Commercial Code, are often influential in the development of state laws. The UPDPA will be available for states’ 2022 legislative sessions, with a billhaving already been introduced in the District of Columbia.
If adopted, the UPDPA offers a more business-friendly framework than many of the existing and proposed state privacy laws. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Vishnu Tirumalahttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngVishnu Tirumala2022-01-24 10:08:452023-09-06 17:05:14Uniform Law Commission Proposes “Reasonable” Uniform Personal Data Protection Act for State-by-State Adoption as Federal Privacy Bills Languish
On 29 November 2021, the Slovenian Presidency (the “Presidency”) of the European Council published its compromise text (“Compromise Text”) on the European Union’s (“EU”) draft Artificial Intelligence Act (“AI Act” or “Act”) alongside a progress report on the Act. While the overall structure of the AI Act and many of its key provisions (including, those relating to potential fines for non-compliance), remain the same, there are some significant proposed changes to the Act which we have noted below including, for example, a new Article on general purpose AI systems. (more…)
On December 17, 2021, the U.S. Securities and Exchange Commission (SEC) announced settled charges against a broker-dealer firm for recordkeeping violations arising from its employees’ use of personal devices for business communications. The firm agreed to pay a $125 million penalty and to retain a compliance consultant to conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices. In announcing this enforcement action, the SEC encouraged registrants to self-report similar failures to the SEC. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Lara C. Thyagarajanhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngLara C. Thyagarajan2022-01-12 09:18:112023-09-06 17:05:56SEC Encourages Self-Reporting of Recordkeeping Violations Resulting From Employees’ Use of Personal Devices for Business Communications
*This article was first published by Law360 on January 3, 2022.
A recent discussion with Elizabeth Denham and Claudia Berg of the U.K. Information Commissioner’s Office provided ample food for thought on the direction in which data protection regulation both in the U.K. and internationally is headed, including key trends to watch for in data protection.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2022-01-11 09:10:522023-09-06 17:06:275 Global Data Protection Trends To Watch In 2022
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
The UK’s Competition and Markets Authority’s Music Streaming Market Study
1. What has the Competition and Markets Authority (CMA) announced?
On January 27, The UK’s competition regulator, the CMA, has formally launched a market study into music streaming; see its Market Study Notice.
The market study will look at whether competition in the music streaming value chain is working well for consumers. It will focus on three key areas: competition among music companies; competition among music streaming services; and the impact on competition of agreements between music companies and music streaming services. (more…)
Patrick J. Harrison
London
pharrison@sidley.com
Tom Bainbridge
Monika Zdzieborska
London
mzdzieborska@sidley.com
Ken Daly
Brussels
kdaly@sidley.com
U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks
On January 11, 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recently released a joint Cybersecurity Advisory warning critical infrastructure operators about the threat of Russian state-sponsored cyberattacks and recommended best practices to minimize disruption from such an attack (the “Advisory”).
The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Within a few days, data security experts at Microsoft, Palo Alto Networks (“PANW”), and Mandiant confirmed reports of increasing Russian cyberactivity and offered their own recommendations for hardening measures (many of which overlap with the Advisory). (more…)
Vishnu Tirumala
Washington, D.C.
vtirumala@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Sujit Raman
Stephen W. McInerney
Chicago
smcinerney@sidley.com
5 Key European Data Protection Trends for 2022
It seems there will be a packed agenda for EU and UK data protection this coming year. We set out below the 5 hot topics to watch in 2022 including expected legislative reforms, the most interesting cases to follow, and areas which are expected to continue to receive regulatory attention. (more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Subhalakshmi Kumar
Caremark’s Comeback Includes Potential Director Liability in Connection With Data Breaches
A Caremark-based claim against a board of directors alleging a failure to monitor corporate operations has been said to be “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” or at least to withstand a motion to dismiss. Yet, Caremark has taken on renewed importance following recent high-profile successes on duty-to-oversee claims, most notably in Marchand v. Barnhill in 2019 and In re Boeing in September 2021, and recent shareholder lawsuits alleging that data breach- and cybersecurity-related failures would have been preventable were it not for oversight failures by corporate officers and directors, are being plead asserting Caremark claims. (more…)
Robert S. Velevis
rvelevis@xxxxxx.com
Christina C. Koenig
Dallas
christina.koenig@sidley.com
Uniform Law Commission Proposes “Reasonable” Uniform Personal Data Protection Act for State-by-State Adoption as Federal Privacy Bills Languish
Introduction
As data breaches become more common, increased public attention on privacy has led to a flurry of state-level activity on the issue. With a federal privacy bill languishing in Congress, the states have taken the lead. California, Colorado, and Virginia have all passed comprehensive privacy laws in the past three years. In 2021, an additional twenty-one states considered a comprehensive privacy bill.
Considering the serious risk of fragmentation that could arise from dozens of distinct privacy statutes, the Uniform Law Commission has proposed a model bill – the Uniform Personal Data Protection Act (“UPDPA”). The Uniform Law Commission’s model bills, such as the Uniform Commercial Code, are often influential in the development of state laws. The UPDPA will be available for states’ 2022 legislative sessions, with a bill having already been introduced in the District of Columbia.
If adopted, the UPDPA offers a more business-friendly framework than many of the existing and proposed state privacy laws. (more…)
Vishnu Tirumala
Washington, D.C.
vtirumala@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Michele L. Aronson
Washington, D.C.
maronson@sidley.com
EU Council Publishes Changes to Artificial Intelligence Act Proposal
On 29 November 2021, the Slovenian Presidency (the “Presidency”) of the European Council published its compromise text (“Compromise Text”) on the European Union’s (“EU”) draft Artificial Intelligence Act (“AI Act” or “Act”) alongside a progress report on the Act. While the overall structure of the AI Act and many of its key provisions (including, those relating to potential fines for non-compliance), remain the same, there are some significant proposed changes to the Act which we have noted below including, for example, a new Article on general purpose AI systems. (more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Subhalakshmi Kumar
SEC Encourages Self-Reporting of Recordkeeping Violations Resulting From Employees’ Use of Personal Devices for Business Communications
On December 17, 2021, the U.S. Securities and Exchange Commission (SEC) announced settled charges against a broker-dealer firm for recordkeeping violations arising from its employees’ use of personal devices for business communications. The firm agreed to pay a $125 million penalty and to retain a compliance consultant to conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices. In announcing this enforcement action, the SEC encouraged registrants to self-report similar failures to the SEC. (more…)
Lara C. Thyagarajan
New York
lthyagarajan@sidley.com
Ranah Esmaili
Washington, D.C.
resmaili@sidley.com
Stephen L. Cohen
Washington, D.C., Boston, ...
scohen@sidley.com
Barry W. Rashkover
Corin R. Swift
New York
corin.swift@sidley.com
5 Global Data Protection Trends To Watch In 2022
*This article was first published by Law360 on January 3, 2022.
A recent discussion with Elizabeth Denham and Claudia Berg of the U.K. Information Commissioner’s Office provided ample food for thought on the direction in which data protection regulation both in the U.K. and internationally is headed, including key trends to watch for in data protection.
View article.
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Upcoming Events
The Impacts of AI on the Power Sector and Related Regulatory Challenges
RSVP here.
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com