Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in News & Events

Now Available: U.S. Consumer Financial Issues during COVID-19 and Beyond (Webinar Materials)

Mark Brennan

Allison Schoenthal

Tim Tobin

Mike Turrill

Allison Funk

Ashley Hutto-Schultz

Roshni Patel

















During this webinar, Hogan Lovells attorneys discussed the latest developments on consumer financial issues and how you can steer your organization in today’s rapidly changing COVID-19 environment and beyond. The webinar can be viewed on demand here, and the slides can be downloaded here. Continue Reading

Posted in International/EU Privacy

CNIL’s New Guidelines on HR Processing

The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations.

When the GDPR became effective, the CNIL’s previous set of HR Data guidelines became out of date as they did not incorporate the new law’s requirements (e.g. obligations relating to records of processing activities and Data Protection Impact Assessments). These new guidelines replace several older HR guidelines issued by the CNIL, including and in particular the well-known Simplified Norm NS-46 and the Notification Exemption for payroll, both of which are no longer applicable. Continue Reading

Posted in Consumer Privacy

Second Circuit Panel Sides With Ninth Circuit on What Qualifies as an Autodialer

A recent decision by the U.S. Court of Appeals for the Second Circuit in Duran v. La Boom Disco, Inc. has interrupted the emerging consensus around the definition of “autodialer” in the Telephone Consumer Protection Act (TCPA). On April 7, 2020, a Second Circuit panel joined a Ninth Circuit panel in adopting a broad reading of the statutory definition of “automatic telephone dialing system” (ATDS), commonly referred to as an autodialer. The Duran decision also rejected the reasoning in opinions issued by panels in the Seventh and Eleventh Circuits earlier this year, which deepens the split between the Courts of Appeals and increases the pressure on the Federal Communications Commission, Congress, and even the U.S. Supreme Court to provide clarity on what constitutes an autodialer under the TCPA. Continue Reading

Posted in Cybersecurity & Data Breaches

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. The guidance highlights the heightened cybersecurity risks from the current crisis and NYDFS’ expectations that its regulated entities address those risks as large portions of their workforce have shifted to remote working arrangements. Continue Reading

Posted in International/EU Privacy

Making COVID-19 Apps Data Protection Compliant

The role of COVID-19 contact tracing apps in the exit strategy of the current lockdown that is gripping much of the world is increasingly becoming a focus of attention. While that role is being hotly debated, it is very likely that those apps in combination with other measures will be deployed across many countries. Until now and despite the calls by influential bodies such as the European Data Protection Supervisor for a coordinated approach to the development of single COVID-19 mobile app involving the World Health Organization, different countries have adopted their own strategies. Continue Reading

Posted in International/EU Privacy

Dutch DPA Imposed a Controversial Fine on the Royal Dutch Tennis Association

The Dutch Data Protection Authority (Dutch DPA) recently imposed a fine of EUR 525,000 on the Royal Dutch Tennis Association (KNLTB) for sharing the personal data of its members with two of its sponsors in June 2018 on the basis of its own commercial interests. Continue Reading

Posted in News & Events

Webinar Invitation — Prepare for Global Data Class Actions

Matthew Felwick

Christine Gateau

Omar Guerrero Rodríguez

Natalia Gulyaeva

Michelle A. Kisloff

Matthias M. Schweiger












In the wake of the COVID-19 epidemic, there is an unfortunate increase in the cyber-security risks businesses may face. Our global team will help you best prepare for the uncertain times ahead of us.

Following the launch of our Data Class Actions Guide, we will be hosting a series of three webinars to dive into key updates in this fast-changing area of litigation. Join us as we kick off the webinar series with a general overview of data class actions in the United States, Europe, Mexico, and Russia.

Keep your eyes peeled for more information on our webinar series.

Tuesday, April 28, 2020

10:00 a.m. – 11:00 p.m. EDT
3:00 p.m. – 4:00 p.m. BST
4:00 p.m. – 5:00 p.m. CEST

To register, please click here.

Posted in Consumer Privacy

COVID-19 and IT Service Provider Contracts: A Checklist for Force Majeure Events

The COVID-19, and the various restrictions that have been implemented in response to it, are causing extraordinary business disruptions. Many organizations have had to modify their operational controls and accommodate a shift to remote working (among other adjustments). One key impact of COVID-19 involves an organization’s relationships with its IT service providers, which often play important roles in securing their data and systems. Under current conditions, some service providers may face challenges in performing this work, especially for engagements that require significant personnel resources or that require personnel to be on-site. Potential non-performance has significant consequences for service providers and their clients alike. Continue Reading

Posted in International/EU Privacy

Brazilian Senate Adopts COVID-19 Emergency Bill That Would Delay LGPD Implementation

In light of the pandemic crisis caused by the COVID-19, Brazilian Officials have sought to enact emergency measures to minimize its impact on regular business practices. One of the latest efforts is Bill 1,179/2020.

On April 3, 2020 Brazil’s Federal Senate approved Bill 1,179/2020, to establish that:

  • Corporate acts such as Board meetings and shareholders meetings can be held remotely.
  • The effects of the pandemic are equivalent to the fortuitous event of force majeure, but they do not abrogate obligations due before the recognition of the pandemic.
  • Implementation of Law 13,709/2018 (“Brazilian General Data Protection Law” or “LGPD”) is postponed so as not to burden companies in the face of the enormous technical economic difficulties arising from the pandemic.

Continue Reading

Posted in International/EU Privacy

Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2020

Businesses in the APAC region are facing unprecedented challenges in 2020.

Data protection and cyber security regulation are engaged in a number of important ways by the region’s moves to combat the threat of COVID-19, but more broadly, these areas of regulation are shaping the future going forward from the crisis. Whatever change may come as the legacy of the outbreak, data protection and cyber security regulation will be important considerations for business and will continue to evolve and adapt to new challenges. Continue Reading