Austin, Texas is renowned for its live music scene, clean air, college vibe … and of course its technology conferences. Two Hogan Lovells lawyers—Bret Cohen and Lisa Ellman—have made the list of finalists for panels at the South by Southwest group of conferences this upcoming March, to talk about Student Privacy and Domestic Drone Policy.
Don’t let the audience miss out on these presentations by voting for them at the links below. Continue Reading
Today, on 1 September, the Russian Data Localization Law came into force. So far there have been no unexpected developments or reports of any unplanned inspections by Roskomnadzor, the Russian Data Protection Authority. Existing planning documents, however, provide some predictability for organizations subject to the law about the schedule under which Roskomnadzor plans on conducting compliance inspections. Continue Reading
This article is not about morality but about an urgently-needed change in behaviour. For real and for good. The much talked-about saga involving the theft and subsequent publication of customer data from extramarital affairs website (what a surreal description!) Ashley Madison, has sparked many debates. Opinions have ranged from those who see this as a just punishment for the organised cheating industry to those who have ranked this hack as the most serious privacy violation since the invention of the Internet. The degree of sympathy for the victims has also been variable, but what appears to be a constant theme is the perception that this incident will have more dramatic consequences than any other cyber-attacks we have seen. Continue Reading
For the past several years, California’s Legislature has actively sought to regulate unmanned aerial systems (“UAS”), including, but not only, through privacy-related legislation.
In the 2014 session, one bill (AB 2306) passed and was signed by Governor Brown. It bans the use of UAS to capture images or record voices of people without their permission, and is widely regarded as an anti-paparazzi law, aimed at protecting the many celebrities – and their children – in California’s entertainment industry. However, the wording of the bill more broadly protects individuals’ privacy from visual or audio recording in a manner that is “offensive to a reasonable person … under circumstances in which the [person] had a reasonable expectation of privacy” if the recording could not have been made without either trespassing or using special equipment (such as a UAS). The bill is codified at California Civil Code section 1708.8.
In the 2015 session, the California Legislature introduced five more bills, covering a range of issues. Continue Reading
The Third Circuit affirmed the ruling of the district court, finding that the Third Circuit found that the FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the FTC Act and that neither the plain meaning of “unfairness” nor congressional action in the area of cybersecurity negate such authority. The Third Circuit also found that, to satisfy due process, a company need not have had “fair notice” of the FTC’s interpretation of what specific cybersecurity standards are required to avoid liability under the unfairness prong of § 45(a), but only “fair notice” that cybersecurity practices can form the basis of an unfair practice under § 45(a)—notice the court found to exist here. Continue Reading
The Organisation for Economic Co-operation and Development (OECD) has published its 2015 Digital Economy Outlook (“Report”), a survey of changes and opportunities in, and challenges arising from, the digital economy. The Report identifies three broad trends for member countries and their partners to focus on in digitising their economies: Continue Reading
The United States Court of Appeals for the Third Circuit’s much anticipated ruling in FTC v. Wyndham has now been released. The court affirmed the FTC’s authority under section 5 of the FTC Act to seek consent decrees or bring enforcement actions against companies that allegedly failed to put in place reasonable cybersecurity practices to protect consumer data. The court also affirmed the district court’s finding that the Federal Trade Commission provided sufficient “fair notice” to Wyndham regarding the cybersecurity practices the agency deems reasonable to avoid liability under the FTC Act. With this decision, the case will now move forward to the merits phase at the district court. A more detailed analysis of this decision will be posted here shortly.
For our previous blog post on FTC v. Wyndham, click here.
On August 12, the National Institute of Standards and Technology (NIST) published a Request for Information (RFI) to help develop the next generation of technical encryption standards used by the U.S. Government and federal contractors to protect sensitive information. The new standard will update Fair Information Processing Standard (FIPS) 140-2, which has provided the baseline requirements for the development, testing, and validation of cryptographic modules since 2001. While the RFI seeks input on several questions, NIST is primarily interested in the risks and benefits of transitioning—in whole or in part—to a competing standard developed by the International Standards Organization and International Electrotechnical Commission: ISO/IEC 19790:2012. Continue Reading
With the aim of keeping pace alongside European practice, on July 13th 2015, the Russian President signed into law a bill amending the Federal Law “On Information, information technologies and on protection of information” No. 149-FZ of 27 July 2006. This law (the “Law”) introduces in Russia the so-called “right to be forgotten” or “right to oblivion” and will take effect on January 1st 2016.
Under the Law, upon receiving a request from an individual, search engines must cease listing links to Internet pages with information on the individual where such information is:
- unlawfully disseminated;
- outdated; or
- irrelevant (i.e. it has lost its importance to the individual due to subsequent events or actions of the individual).