Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Time to Take Notice: ICO to Impose Record Fine for Data Security Breach

On 8 July 2019, the UK data protection authority (Information Commissioner’s Office; ICO) issued a notice of its intention to fine British Airways (BA) GBP 183.39 million (approx. USD 229.46 million) for infringements of the General Data Protection Regulation (GDPR).

The proposed fine relates to a data breach in which personal data of approximately 500,000 customers were compromised. The incident (reported to the ICO in September 2018) involved user traffic to the BA website being diverted to a fraudulent site where customer details were harvested by attackers. Following an “extensive investigation,” the ICO found that customer data was compromised by “poor security arrangements at the company.” Continue Reading

Posted in International/EU Privacy

The French Data Protection Authority Gets Ahead of the Game With New Rules on Cookie Consent Before the ePrivacy Regulation Reaches its Final Draft

The French Data Protection Authority (the CNIL) has made targeted online advertising a priority topic in its 2019-2020 agenda and has changed its position on cookie consent. Although the ePrivacy Regulation is still being debated by EU legislators and is far from being finalised, the CNIL has withdrawn its 2013 cookie recommendation and announced  that it will publish new guidelines (announcements are available in English on the CNIL’s website here and here). These explicitly rule out the use of implied or “soft” consent to place cookies on users’ devices. Continue Reading

Posted in International/EU Privacy

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.  The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance.

Since the EU legislators shocked the internet world a decade ago by changing the legal requirement for the use of cookies and similar technologies from “notice and opt-out” to “notice and consent”, many businesses have struggled to find a way to balance the expectations of the regulators with the effective functioning of their services without disrupting the experience of those that use them.  The ICO’s new cookie consent guidance may help with taking a view on how to address the obligations in practice, but it also contains some robust views which will likely cause those who have taken steps to address the cookies rules already to re-think them. Continue Reading

Posted in News & Events

Privacy and Cybersecurity July 2019 Events

Please join us for our July 2019 events.

July 4
Making Privacy Actionable
Eduardo Ustaran and Nicola Fulford are hosting the IAPP London KnowledgeNet which will discuss, “Making Privacy Actionable: Working with the Chief Data Officer.”
Location: London

 

July 5-8
Privacy at the Aspen Institute
Harriet Pearson will lead a seminar on “What is Privacy and How Do We Protect It?,” at the Aspen Institute’s Socrates Program.
Location: Aspen, Colorado

 

July 11
#DataDoneRight
Mark Brennan will provide insights on the FCC’s TCPA-related actions and prospects for robocall legislation in Congress on the panel, “Landmark Debt Collection Policymaking in Washington, D.C.,” at the ACA International Annual Convention & Expo.
Location: Washington, D.C.

 

Continue Reading

Posted in Consumer Privacy

U.S. Supreme Court Sidesteps Important TCPA Deference Issues

On June 20, 2019, the Supreme Court released its long-awaited decision in PDR v. Carlton & Harris Chiropractic. The Court was expected to provide greater clarity about the extent to which litigants can challenge the Federal Communications Commission’s (FCC) Telephone Consumer Protection Act (TCPA) interpretations in private litigation. Instead of deciding that issue, however, the Court vacated the Fourth Circuit’s ruling and remanded the case for further development. How the Fourth Circuit rules on remand may ultimately provide more insight on how much deference is owed to the FCC’s TCPA interpretations. Continue Reading

Posted in News & Events

Now Available: Webinar – Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies

Bret Cohen

Mark Brennan

 

 

 

 

 

 

We have extensively covered the California Consumer Privacy Act, the first U.S. law comprehensively regulating the collection, use, and disclosure of general consumers’ personal information in the U.S.  This important legislation poses significant compliance challenges for organizations that engage with residents of California, the world’s fifth largest economy.
Continue Reading

Posted in Consumer Privacy

TMT Horizons 2019

The dynamism of the Technology, Media and Telecoms sector is set to continue.

Challengers can reach scale seemingly overnight, forcing market change at a similar speed. Established business models are upended, driving consolidation and restructuring. Regulators rush to respond, radically reshaping the environment.

These trends show no sign of slowing down. Continue Reading

Posted in News & Events

Webinar Invitation — Cyberthreats in the Internet of Things

Allison Holt Ryan

Paul Otto

Nathan Salminen

 

 

 

 

 

 

Please join the Hogan Lovells Privacy and Cybersecurity and Litigation teams on July 16th for our webinar, Cyberthreats in the Internet of Things. We will explore some techniques that can be used to exploit potential vulnerabilities in connected devices and how those types of events impact organizations from a regulatory and litigation perspective. Continue Reading

Posted in International/EU Privacy

New Bill Imposing Increased Fines for Violations of Russian Data Protection Laws Under Consideration

On June 13, 2019, a new draft bill imposing multi-million Ruble (RUB) fines for infringing Russian data localization and information security laws—multiplying the maximum penalty under current law by a magnitude of 240—was submitted to the State Duma (the lower chamber of Russian Parliament). This would supplement existing fines, which we reported were previously increased in 2017. Continue Reading

Posted in News & Events

Amsterdam Seminar: Protect Your Data! (English)

Joke Bodewits

Ruud van der Velden

 

 

 

 

 

On 2 July 2019, Hogan Lovells’ Amsterdam office will host the in-person seminar “Protect Your Data!” This English-language seminar follows a popular Dutch-language edition of the seminar. Joke Bodewits and Ruud van der Velden will discuss recent EU legislation, and focus on “lessons learned” for companies with respect to privacy, cybersecurity, and trade secrets. Continue Reading