We have extensively covered the California Consumer Privacy Act, the first U.S. law comprehensively regulating the collection, use, and disclosure of general consumers’ personal information in the U.S. This important legislation poses significant compliance challenges for organizations that engage with residents of California, the world’s fifth largest economy.
The dynamism of the Technology, Media and Telecoms sector is set to continue.
Challengers can reach scale seemingly overnight, forcing market change at a similar speed. Established business models are upended, driving consolidation and restructuring. Regulators rush to respond, radically reshaping the environment.
These trends show no sign of slowing down. Continue Reading
Allison Holt Ryan
Please join the Hogan Lovells Privacy and Cybersecurity and Litigation teams on July 16th for our webinar, Cyberthreats in the Internet of Things. We will explore some techniques that can be used to exploit potential vulnerabilities in connected devices and how those types of events impact organizations from a regulatory and litigation perspective. Continue Reading
On June 13, 2019, a new draft bill imposing multi-million Ruble (RUB) fines for infringing Russian data localization and information security laws—multiplying the maximum penalty under current law by a magnitude of 240—was submitted to the State Duma (the lower chamber of Russian Parliament). This would supplement existing fines, which we reported were previously increased in 2017. Continue Reading
Ruud van der Velden
On 2 July 2019, Hogan Lovells’ Amsterdam office will host the in-person seminar “Protect Your Data!” This English-language seminar follows a popular Dutch-language edition of the seminar. Joke Bodewits and Ruud van der Velden will discuss recent EU legislation, and focus on “lessons learned” for companies with respect to privacy, cybersecurity, and trade secrets. Continue Reading
On 6 June, 2019, the Privacy Commissioner for Personal Data (the “PCPD“) issued an enforcement notice against Cathay Pacific Airways (and its affiliate Hong Kong Dragon Airlines) (together, “Cathay Pacific“) in respect of a data breach concerning unauthorized access to the personal data of some 9.4 million Cathay Pacific customers. Continue Reading
Please join the Hogan Lovells Privacy and Cybersecurity team and LexisNexis on June 19 for the webinar, Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies.
The California Consumer Privacy Act of 2018 (CCPA) has been described as groundbreaking, watershed, and unprecedented since its passage on June 28, 2018. As the first broad-based state law on consumers’ personal data in the U.S., this important legislation does indeed pose significant compliance challenges for organizations that engage with residents of California, the world’s fifth largest economy. In this presentation, Hogan Lovells partners Mark Brennan and Bret Cohen will explore the impact of the CCPA including: Continue Reading
July is set to be a busy month in Luxembourg. On the first and second of the month, the General Court of the European Union (which is part of the Court of Justice of the European Union (CJEU)) will hear a case against the EU-U.S. Privacy Shield brought by three French NGOs, La Quadrature du Net, French Data Network and Fédération FDN. A week later, on 9 July, the CJEU will hear arguments in Schrems II, in which the Irish High Court has referred 11 questions relating to whether the European Commission’s Standard Contractual Clauses (SCCs) provide an adequate level of protection for personal data which is transferred to the US. Continue Reading
On May 28, 2019, the Cyberspace Administration of China (“CAC“) released the draft Measures on the Administration of Data Security (“Data Security Measures” see our in-house English translation here) for public consultation. The Data Security Measures will be a great leap forward in China’s current data protection landscape, which mainly consists of scattered provisions contained in various pieces of legislation and standards, such as the Cyber Security Law, the E-Commerce Law, the Consumer Rights Protection Law as well as the Personal Information Security Specification (“Specification“), the most comprehensive yet non-binding national standard with respect to data protection. The Data Security Measures, once officially promulgated, will be the first binding administrative regulation in China to specifically and systematically set out explicit protection for personal data and important data collected and processed through the use of cyber technologies, following the effectiveness of the Cyber Security Law in 2017 (see our briefing here). Continue Reading
Nevada has a new privacy law. On May 29, Nevada Governor Steve Sisolak signed Senate Bill 220 (SB-220) into law, making Nevada the first state to join California in granting consumers the right to opt out of the sale of their personal information. The act, which amends an existing online privacy notice law, is significantly narrower than the California Consumer Privacy Act (CCPA). It applies only to online activities, defines “consumer” and “sale” in a much more limited manner than the CCPA, and includes broad exceptions for financial institutions subject to the Gramm-Leach-Bliley Act, entities subject to the Health Insurance Portability and Accountability Act, and vehicle manufacturers and vehicle service and repair entities that collect covered information from vehicles through connected or subscription services. Continue Reading