Latest Articles

On February 20, 2019, the French data protection authority (the “CNIL”) published a set of questions and answers (“FAQs”) indicating the CNIL’s recommendations, and steps that organizations should take, to prepare for a no-deal Brexit. The CNIL’s FAQs build upon guidance the European Data Protection Board (“EDPB”) provided in its Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit.…
On February 12, 2019, the European Data Protection Board (the “EDPB”) released its work program for 2019 and 2020 (the “Work Program”). Following the EDPB’s endorsement of the Article 29 Working Party guidelines and continued guidance relating to new EU General Data Protection Regulation (“GDPR”) concepts, the EDPB plans to shift its focus to more specialized areas and technologies.…
At its plenary meeting on February 13, 2019, in Brussels, the European Data Protection Board (“EDPB”) adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit, and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.…
On February 12, 2019, the Federal Trade Commission announced the completion of the first regulatory review of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”) Rule (the “CAN-SPAM Rule” or “Rule”). By a vote of 5-0, the FTC voted to retain the CAN-SPAM rule with no modifications.…
On February 27, 2019, the U.S. Senate Committee on Commerce, Science and Transportation will hold a hearing titled “Privacy Principles for a Federal Data Privacy Framework in the United States.” The hearing will focus on potential Congressional action to “address risks to consumers and implement data privacy protections for all Americans.” Committee Chairman Sen. Roger Wicker described the hearing as an opportunity to “help set the stage for meaningful bipartisan legislation.”…
As reported on the Privacy & Information Security Law Blog on February 8, 2019, the European Commission has issued an EU-wide recall of the Safe-KID-One children’s smartwatch marketed by ENOX Group over concerns that the device leaves data such as location history, phone and serial numbers vulnerable to hacking and alteration. Continue Reading
The European Commission has issued an EU-wide recall of the Safe-KID-One children’s smartwatch marketed by ENOX Group over concerns that the device leaves data such as location history, phone and serial numbers vulnerable to hacking and alteration. The watch is equipped with GPS, a microphone and speaker, and has a companion app that grants parents oversight of the child wearer. According to a February 1, 2019 alert posted on the EU’s recall and notification index…
As we previously reported, the California Consumer Privacy Act of 2018 (“CCPA”) delays the California Attorney General’s enforcement of the CCPA until six months after publication of the Attorney General’s implementing regulations, or July 1, 2020, whichever comes first. The California Department of Justice anticipates publishing a Notice of Proposed Regulatory Action concerning the CCPA in Fall 2019.…
On January 23, 2019, the European Data Protection Board (“EDPB”) released an opinion on the interplay between the European Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”) (the “Opinion”). The Opinion was requested by the European Commission Directorate-General for Health and Food Safety (“DG SANTE”).…
On January 30, 2019, the UK Information Commissioner’s Office (“ICO”) released a discussion paper on the upcoming beta phase of its regulatory sandbox initiative (the “Discussion Paper”). The ICO had launched a call for views on creating a regulatory sandbox in September 2018, and the feedback received facilitated developing systems and processes necessary to launch the beta phase.…