Latest Articles

On April 15, 2019, the UK Information Commissioner’s Office (the “ICO”) issued for public consultation a draft code of practice, “Age Appropriate Design,” that will regulate the provision of online services likely to be accessed by children in the UK. Given the extraterritorial reach of the UK Data Protection Act 2018, organizations based outside of the UK may be subject to the code, which is expected to take effect by the end of 2019.…
On April 24, 2019, the Federal Trade Commission announced two data security cases involving online operators—one, an online rewards website, and the second, a dress-up games website—that were alleged to have failed to take reasonable steps to secure consumers’ data, which allowed hackers to breach both websites.…
On April 22, 2019, Washington state legislators voted to send HB 1071 (the “Bill”) to Governor Jay Inslee for consideration. The Bill was requested by Attorney General Ferguson and would strengthen Washington’s data breach law. The request to amend the current law followed Attorney General Ferguson’s third annual Data Breach Report, which found that data breaches affected nearly 3.4 million Washingtonians between July 2017 and July 2018.…
On April 17, 2019, the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (the “Dutch DPA”) issued six recommendations (in Dutch) for companies, to be taken into account when drafting privacy policies for the purpose of Article 24.2 of the EU General Data Protection Regulation (the “GDPR”). Article 24.2 of the GDPR provides the obligation for data controllers to implement privacy policies for accountability purposes, under certain criteria. The published recommendations follow the Dutch DPA’s investigation…
Earlier this month, the U.S. Department of Justice (“DOJ”) published a white paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act” (“White Paper”). The Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”) was enacted in March 2018 by the U.S. government to aid foreign and U.S. investigators in obtaining access to electronic information related to serious crimes and held by…
The much-discussed Washington Privacy Act, Senate Bill 5376 (“SB 5376”), appears to have died after failing to receive a House vote by an April 17, 2019 deadline for action on non-budget policy bills. Though the bill could be revived before the regular session ends on April 28, 2019, Washington lawmakers expressed doubt.…
Hunton Andrews Kurth LLP is pleased to announce the launch of a dedicated site focused on the California Consumer Privacy Act of 2018 (“CCPA”), which serves as a resource for businesses to understand and prepare to comply with the CCPA. Transformative in nature, the CCPA will impact most businesses that process the personal information of California residents, and is likely to set the stage for a wider shift in standards on data privacy across the…