French CNIL Publishes Draft Guidance on Cookie Consent

On January 14, 2020, the French data protection authority, the CNIL, proposed a consultation on its draft recommendations on practical ways to collect website user consent for cookies and similar technologies (the “Recommendations”). The Recommendations follow the publication in July 2019 of updated guidance on cookies, including requirements for obtaining GDPR-standard consent, by various European data protection authorities, including the CNIL and the ICO (the latter guidance was reported by Data Matters here). The CNIL has since undertaken a consultation to develop practical methods to obtain user consent.

Read More

EmailShare

A February 2020 Surprise: California Attorney General Proposes Significant Revisions to CCPA Regulations

Just as companies were starting to recover from their exertions to put in place California Consumer Privacy Act (“CCPA”) compliance programs before the law’s January 1, 2020 entry into force, the California Attorney General (“AG”) provided an early February surprise.  CCPA watchers long expected that the AG would revise the CCPA regulations he initially proposed on October 10, 2019.  But when the AG actually released his proposed regulations on February 7 – a proposal he subsequently modified slightly on February 10 – both the timing and breadth of the revisions were surprising.  In short, the revisions were both sooner and more significant than expected.

Read More

EmailShare

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

On 8 January 2020, the UK’s Information Commissioner’s Office (ICO) published a draft Direct Marketing Code of Practice (Draft Code) for public consultation. The Draft Code is intended to update existing guidance published pre-GDPR and provide clarity on certain important issues.

Summarised below are the key takeaways from the Draft Code:

Read More

EmailShare

Retail Privacy Network

You are invited to join privacy professionals in the retail sector for topical conversation, learning and networking at the first Retail Privacy Network meeting.

This interactive meeting will include hot topics in UK/EU data privacy and cybersecurity with practical case studies on retail industry issues.

The agenda will include discussions on:

  • Lessons learned from GDPR enforcement actions and update on cookies
  • Erasure and back-ups
  • Use of biometrics (including facial recognition technology)
  • Adtech, real-time bidding and valid consent

Read More

EmailShare

SEC Publishes Cybersecurity and Resiliency Observations Report

The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a report on Cybersecurity and Resiliency Observations based on practices seen in prior exams.  OCIE published the overview of practices to help market participants when considering “how to enhance cybersecurity preparedness and operational resiliency,” while acknowledging that there is not a “one-size fits all” approach.  The report links cybersecurity to resiliency and business continuity planning, explicitly merging two concepts on which the OCIE has previously focused into a single topic.

Read More

EmailShare

NIST Releases Version 1.0 of Privacy Framework to Help Organizations Manage Privacy Risks and Improve Protection of Personal Data

With issues around the collection and handling of personal data becoming the focus of increased scrutiny among regulators, policymakers, and consumers, interest has continued to grow among organizations to better understand and address privacy risk.  Seeking to support innovation in the market and to accommodate the increasingly global nature of data processing ecosystems, the National Institute of Standards and Technology (“NIST”) released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“NIST Privacy Framework”) on January 16, 2020.  The recent publication aims to outline an adaptable approach to privacy risk for organizations of all sizes by providing a “framework for privacy management, not just a checklist of tasks.”

The NIST Privacy Framework is a voluntary tool intended to assist organizations in managing privacy risks that may arise due to system, product, or service operations that involve personal data, or in connection to new regulatory regimes such as the California Consumer Privacy Act (“CCPA”) and the European Union’s General Data Protection Regulation (“GDPR”).  As noted in the Executive Summary, the NIST Privacy Framework is intended to “enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy.”  Notably, the Federal Trade Commission (“FTC”), recognized by many as the U.S. government’s top privacy watchdog, had applauded the preliminary draft of the NIST Privacy Framework in Fall 2019 – indicating that the finalized publication could potentially serve as a credible benchmark for organizations seeking to address privacy risk across the data processing lifecycle.

Read More

EmailShare

Highest European Court Confirms: No Presumption of Confidentiality Over Documents Submitted in Marketing Authorization Dossier

On January 22, 2020, the Court of Justice of the European Union (CJEU) found that there is not a general presumption of confidentiality over documents containing clinical and preclinical data provided to the European Medicines Agency (EMA) to support a marketing authorization application. However, the CJEU indicated that certain information may be protected if the interested party can specifically show that the disclosure will cause it harm. This is the first time the CJEU has ruled on this matter, upholding the EMA’s approach to handling access to documents requests.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator