Global Crisis Management Series:  This post is part 14 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis.  The current version is available here. Many investigations, particularly those that are cross-border in nature, are likely to present data privacy issues, and managing these issues is frequently a key consideration in an investigation.  By keeping…

The final version of the California Consumer Privacy Act of 2018 is coming into view. On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session.  (We previously discussed the CCPA here and the amendments here.)  While the Regulations are currently subject to public comment and may be further modified…

On October 11, 2019, the leaders of the Commodity Futures Trading Commission, Financial Crimes Enforcement Network, and Securities and Exchange Commission issued a joint statement to remind businesses that engage in digital asset activities of their anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) obligations under the Bank Secrecy Act (“BSA”). As market participants increasingly become involved with digital assets and related activities or services, the agencies clarified that their regulatory treatment is…

On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1]  As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner.  The…

On September 24, 2019[1], the Court of Justice of the European Union (the “CJEU”) handed down its much anticipated follow-on judgment[2] in connection with an individual’s right to have links removed from search results displayed following a search of that individual’s name on Google’s search engine. Building on its recognition of a “right to de-referencing” in its landmark 2014 Google Spain judgment[3] (establishing the so-called “right to be forgotten” or “RTBF”),…

On September 18, 2019, the Securities and Exchange Commission (“SEC”) filed its first civil suit alleging violations of broker-dealer registration requirements in U.S. digital asset markets.  In a case filed in the U.S. District Court for the Central District of California, the SEC alleged that Defendants ICOBox and its founder, Nikolay Evdokimov, illegally conducted an unregistered public securities offering for their 2017 initial coin offering (“ICO”), and have operated an unregistered brokerage service facilitating the…