Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

Now Available: CCPA Update (Webinar Materials)

Mark Brennan

Tim Tobin

 

 

 

 

 

 

 

With the California Consumer Privacy Act’s (CCPA) effective date fast approaching on January 1, 2020 and the California Attorney General’s CCPA rule-making still pending, covered businesses have important decisions to make in the very near future. In this webinar discussion from November 14, Hogan Lovells Privacy and Cybersecurity partners Mark Brennan and Tim Tobin discussed how the CCPA changes enacted over the past year and the proposed regulations may impact your compliance efforts.

The webinar can be viewed on demand here, and the slides can be downloaded here.

Posted in International/EU Privacy

Getting Cookie Consent Right

One could be forgiven for thinking that knowing how to comply with a legal obligation that has been in place for nearly a decade would be clear cut. However, widespread practice tells us that this is far from the truth. In November 2009, as part of wider reforms to the European telecommunications regulatory framework, the European Union introduced various amendments to the existing Directive 2002/58/EC (‘e-Privacy Directive’), including to the provisions regulating the use of cookies. Continue Reading

Posted in International/EU Privacy

Russia Update: Law Increasing Fines for Violation of Data Protection Laws Comes Into Force

Update: On 3 December 2019 the law imposing multi-million Ruble (RUB) fines for infringing Russian data localization and information security laws has come into force. We have retained below our earlier update about the law for informational purposes and to provide context. Since the law has already come into force, new fines may be imposed on companies based on results of the Russian DPA’s (Roskomnadzor) inspections in 2020. Roskomnadzor has already identified the entities it plans to inspect in 2020 but may initiate unplanned inspections as well based, for example, on data subject complaints or its online monitoring of company activity.

On 21 November 2019 a bill imposing multi-million Ruble (RUB) fines for infringing Russian data localization and information security laws passed the last hearing at the State Duma. This likely means that the bill will become the law soon, once it passes the higher chamber of Russia’s Parliament and is singed by the Russian President. The process may take about two weeks. Continue Reading

Posted in International/EU Privacy

Hogan Lovells Calls for an Alternative Approach to Regulating Privacy in the Digital Economy

Hogan Lovells has published a study evaluating the ongoing legislative proposal for a new ePrivacy Regulation, a law aimed at updating the current ePrivacy framework in the EU.

After nearly three years of debates and negotiations, the European Union is nowhere near agreeing on a position for how to achieve the right balance between the need for technological innovation, public security, and the protection of privacy in the context of the digital economy. According to Hogan Lovells, this is due to the structure and legislative approach of the proposed ePrivacy Regulation, which, rather than complementing the GDPR as originally intended, is in some fundamental respects in conflict with it. Continue Reading

Posted in International/EU Privacy

The grand “finale” of China’s Encryption Law

Two years on since the first draft, the final act of the legislative passage saga of the long-awaited People’s Republic of China Encryption Law ended with its passage on 26 October 2019. It will take effect on 1 January 2020.

The final text of the Encryption Law clearly represents a step in the right direction in terms of putting in place a comprehensive law in the encryption field, a sensitive and highly regulated area which China closely associates with state secrecy, and which historically has caused foreign investors great confusion with its strange mix of legislation that said one thing and policies that said another. Continue Reading

Posted in International/EU Privacy

Spanish DPA on Use of Cookies: Continued Browsing is Consent

On November 8, the Spanish data protection authority (AEPD) published new Guidelines on the Use of Cookies (Guidelines) (Spanish only). The Guidelines have been prepared in collaboration with different organisations in the marketing and online advertising industries (e.g., Adigital, Iab Spain, etc.), and aim to provide some direction on the use of cookies and similar technologies (e.g., local shared objects or flash cookies, web beacons or bugs, fingerprinting techniques, etc.) in compliance with information society services laws and regulations. Continue Reading

Posted in News & Events

Webinar Invitation — California Consumer Privacy Act (CCPA) Update

Mark Brennan

Tim Tobin

 

 

 

 

 

 

 

With the effective date for the California Consumer Privacy Act (CCPA) fast approaching on January 1, 2020 and the Attorney General’s CCPA rulemaking still pending, covered businesses have important decisions to make in the very near future.

Join us for a webinar discussion with Hogan Lovells Privacy and Cybersecurity partners Mark Brennan and Tim Tobin of how the CCPA changes enacted over the past year and the California Attorney General’s proposed regulations may impact your compliance efforts. This program will expand on Mark and Bret Cohen‘s webinar discussion from June 2019 titled Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies, (available here), which discussed the impact of the CCPA, key definitions, how to determine whether businesses are covered, how to account for opt-outs from sales to third parties, the content and timing of CCPA notices, how to apply the CCPA’s exceptions, and more. Continue Reading

Posted in Cybersecurity & Data Breaches

Lessons for In-House Counsel from Cybersecurity’s Front Lines

Recent developments reinforce the urgent need for general counsel and legal departments to deepen their focus on cybersecurity. In today’s environment, any organization can be the target of a cyberattack, regardless of industry, size, or geographic footprint. Indeed, in just the past few years, a variety of cyber adversaries have attacked financial institutions, social media sites, a movie studio, hospital systems, a peer-to-peer ridesharing company, the Democratic National Committee, hotel chains, city governments, educational institutions, telecommunications and energy utilities, prominent retailers, manufacturers, and even the mobile app of a well-known coffee and donut chain.

Lessons for In-House Counsel from Cybersecurity’s Front Lines was written by members of the Hogan Lovells Privacy and Cybersecurity practice Peter M. Marta and Asmaa Awad-Farid for Bloomberg Law.

To read the full article, click here.

Posted in International/EU Privacy

Spanish DPA Publishes Guide for Satisfying PbD Obligation

On October 17, the Spanish data protection authority (AEPD) published the Guide to Privacy by Design (Guide). While Privacy by Design (PbD) first became a legal requirement in the EU with implementation of the General Data Protection Regulation (GDPR), it is a well-known concept among privacy professionals that dates back to the 1990s.

PbD should be construed as “the need to consider privacy and the principles of data protection from the inception of any type of processing.” It is a concept focused on risk management and accountability that aims to incorporate privacy protections throughout the life cycle of systems, services, products, and processes. It involves the application of measures for privacy protection among all business processes and practices associated with personal data. Continue Reading

Posted in News & Events

Now Available: CCPA Draft Regulations – What You Need to Know (Webinar Materials)

Tim Tobin

Melissa Bianchi

Mark Brennan

Bret Cohen

Scott Loughlin

 

 

 

 

 

 

 

 

 

 

 

On October 17, 2019, the Hogan Lovells Privacy and Cybersecurity team discussed key elements of the California Attorney General’s proposed regulations implementing certain provisions of the California Consumer Privacy Act (CCPA). (See our coverage of the proposed regulations, here.)

While the proposed regulations may change, including based on public input, they provide valuable signals of how the California Attorney General may ultimately approach a wide array of CCPA requirements.

The Hogan Lovells team discussed the proposed requirements and how they would impact privacy notices, individual rights, financial incentive programs, and contracting strategies. We also discussed steps you can take to develop reasonable and defensible CCPA compliance strategies by January 1, 2020, along with several areas where businesses may want to provide comments to the Attorney General based on practical business realities.

Continue Reading