On 8 July 2019, the UK data protection authority (Information Commissioner’s Office; ICO) issued a notice of its intention to fine British Airways (BA) GBP 183.39 million (approx. USD 229.46 million) for infringements of the General Data Protection Regulation (GDPR).
The proposed fine relates to a data breach in which personal data of approximately 500,000 customers were compromised. The incident (reported to the ICO in September 2018) involved user traffic to the BA website being diverted to a fraudulent site where customer details were harvested by attackers. Following an “extensive investigation,” the ICO found that customer data was compromised by “poor security arrangements at the company.” Continue Reading
The French Data Protection Authority (the CNIL) has made targeted online advertising a priority topic in its 2019-2020 agenda and has changed its position on cookie consent. Although the ePrivacy Regulation is still being debated by EU legislators and is far from being finalised, the CNIL has withdrawn its 2013 cookie recommendation and announced that it will publish new guidelines (announcements are available in English on the CNIL’s website here and here). These explicitly rule out the use of implied or “soft” consent to place cookies on users’ devices. Continue Reading
Please join us for our July 2019 events.
On June 20, 2019, the Supreme Court released its long-awaited decision in PDR v. Carlton & Harris Chiropractic. The Court was expected to provide greater clarity about the extent to which litigants can challenge the Federal Communications Commission’s (FCC) Telephone Consumer Protection Act (TCPA) interpretations in private litigation. Instead of deciding that issue, however, the Court vacated the Fourth Circuit’s ruling and remanded the case for further development. How the Fourth Circuit rules on remand may ultimately provide more insight on how much deference is owed to the FCC’s TCPA interpretations. Continue Reading
We have extensively covered the California Consumer Privacy Act, the first U.S. law comprehensively regulating the collection, use, and disclosure of general consumers’ personal information in the U.S. This important legislation poses significant compliance challenges for organizations that engage with residents of California, the world’s fifth largest economy.
The dynamism of the Technology, Media and Telecoms sector is set to continue.
Challengers can reach scale seemingly overnight, forcing market change at a similar speed. Established business models are upended, driving consolidation and restructuring. Regulators rush to respond, radically reshaping the environment.
These trends show no sign of slowing down. Continue Reading
Allison Holt Ryan
Please join the Hogan Lovells Privacy and Cybersecurity and Litigation teams on July 16th for our webinar, Cyberthreats in the Internet of Things. We will explore some techniques that can be used to exploit potential vulnerabilities in connected devices and how those types of events impact organizations from a regulatory and litigation perspective. Continue Reading
On June 13, 2019, a new draft bill imposing multi-million Ruble (RUB) fines for infringing Russian data localization and information security laws—multiplying the maximum penalty under current law by a magnitude of 240—was submitted to the State Duma (the lower chamber of Russian Parliament). This would supplement existing fines, which we reported were previously increased in 2017. Continue Reading
Ruud van der Velden
On 2 July 2019, Hogan Lovells’ Amsterdam office will host the in-person seminar “Protect Your Data!” This English-language seminar follows a popular Dutch-language edition of the seminar. Joke Bodewits and Ruud van der Velden will discuss recent EU legislation, and focus on “lessons learned” for companies with respect to privacy, cybersecurity, and trade secrets. Continue Reading