Two weeks ago, certain territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2018 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including with Russia’s data localization requirement. The inspection plans contain a number of prominent multi-national and Russian companies.
Please join us for our November 2017 Privacy and Cybersecurity Events.
Join us tomorrow, October 25 for the next installment of our 2017 Internet of Things (IoT) webinar series and get practical guidance on privacy compliance challenges presented by the IoT. Continue Reading
Last Monday, the Supreme Court granted certiorari in the Microsoft search warrant case, a case in which Microsoft challenged the U.S. government’s right to use the warrant process to obtain certain emails stored overseas. Some view the upcoming decision as signaling the level of access the U.S. government will have to the growing troves of data U.S.-based technology companies hold about citizens of the world. And regulators in the EU and other jurisdictions may view a reversal of the Second Circuit decision as a negative factor when considering the protections the U.S. government afford their citizens’ data. The case was previously decided twice in Microsoft’s favor in the Second Circuit, which declined to grant en banc review by a 4-4 decision.
The complexity of the EU General Data Protection Regulation (“GDPR”) is often alleviated by the guidance of regulatory authorities who contribute their practical interpretation of the black letter of the law and provide welcome certainty. However, the latest draft guidelines issued by the Article 29 Working Party (“WP”) on automated decision-making has thrown up a particular curve ball which bears further investigation. It relates to whether Article 22(1) of the GDPR should be read as a right available to data subjects or as a straightforward prohibition for controllers.
Growing evidence suggests that existing Telephone Consumer Protection Act (“TCPA”) compliance challenges, and the current TCPA litigation landscape, are increasingly a threat to many U.S. companies – particularly small businesses that have fewer resources and could face financial ruin if targeted by a class action lawsuit. To help address this issue and support the U.S. economy, Congress and the Federal Communications Commission (“FCC”) should revise the current TCPA framework and facilitate reasonable, practical compliance approaches for companies attempting in good faith to communicate with customers.
On 6 October, the German Federal Cartel Office (“FCO”) launched its new series of papers on “Competition and Consumer Protection in the Digital Economy.” The first paper deals with “Big Data and Competition.” The same day, a “real-life example” of competition enforcement in Big Data became public. The EU Commission confirmed unannounced inspections in “a few Member States” concerning online access to bank customer’s account data by competing service providers.
Whether malicious or inadvertent, workforce actions cause or contribute to over half of cyber attacks experienced by organizations. Protecting against such “insider” cyber risks can be challenging, especially given the global web of privacy, communications secrecy, and employment laws that may be implicated by monitoring workforce use of IT resources.
Harriet Pearson and James Denvil, lawyers in the Hogan Lovells Privacy and Cybersecurity practice, have led the authorship of a white paper to help companies understand and navigate the workforce cyber risk landscape. An international team of privacy and cybersecurity lawyers from Hogan Lovells and select local counsel firms contributed to the analysis.
Last week, the U.S. District Court for the Northern District of California dismissed three of six claims the Federal Trade Commission (FTC) asserted against D-Link Systems (D-Link) related to its sale of routers and IP cameras and related software and services. The decision has implications for the pleading standards courts use to evaluate such claims at the motion to dismiss stage and for the FTC’s assertion of unfairness claims based on alleged likelihood of substantial consumer harm.
On September 13, the U.K. government introduced in Parliament the Data Protection Bill. The main aim of the bill is to implement the General Data Protection Regulation (EU) 2016/679 into U.K. domestic law. However, as perhaps reflected in the length and complexity of the bill, it is also intended to do several other things, including: