A computer programmer or hacker prints a code on a laptop keyboard to break into a secret organization system.
It has been some months since we wrote about the ePrivacy Regulation and some years since the first draft was proposed. Since then, we have seen numerous delays in achieving an agreed form of legislation, caused in part by strong views on how privacy and confidentiality shape the development of electronic communications services and passionate industry lobbying by both the AdTech industry and privacy organisations.
On 10 February 2021, the Council of the EU’s Permanent…
Traffic,vehicles, wireless communication network, internet of things, abstract image visual.
On February 5, 2021, the Federal Energy Regulatory Commission (“FERC”) published proposed regulations in the Federal Register that would provide federal financial incentives to utilities that voluntarily increase certain cybersecurity measures above those required by the Critical Infrastructure Protection Reliability Standards (“CIP Reliability Standards”) or by the NIST, Framework for Improving Critical Infrastructure Cybersecurity (“NIST Framework”). (86 Fed. Reg. 8309-8325 (Feb. 5, 2021).)
To obtain the incentive, these voluntary measures must “materially enhance the cybersecurity…
Cybersecurity
On 29 January 2021, the Personal Data Protection Commission (PDPC) announced that certain sections of the Personal Data Protection (Amendment) Act 2020 (the PDPA Amendments) will take effect from 1 February 2021 – please see PDPC’s announcement; the gazetted Commencement Notification. This legal update provides a high-level summary of the PDPA Amendments that have taken effect.
The changes introduced by the PDPA Amendments to the Personal Data Protection Act 2012 (the PDPA) are…
Closed circuit television on wall
A German state data protection authority has issued a fine of EUR 10.4m against a mid-size online retailer who allegedly violated the EU General Data Protection Regulation (GDPR) by monitoring their employees using CCTV.
The State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit) of Lower Saxony (the State Commissioner) imposed the fine on the electronics retailer “notebooksbilliger.de AG” (the Retailer) at the end of 2020.
The Retailer used CCTV…
The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in the coming months, businesses also need to be aware of significant changes to the way in which cross-border personal data breaches with a UK angle will need to be notified to data protection authorities (DPAs)…
A night neon street at the downtown long shot. Taito district Akihabara Tokyo / Japan - 01.14.2020 Japan Tokyo City
On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” The proposed rule would also affect companies that provide certain services to those banks, including data processing. Those service providers…
EU flags in front of European Commission building in Brussels
On Christmas Eve, the EU and UK announced that a Trade and Cooperation Agreement (TCA) had been finalised. With it, came a sigh of relief from data protection practitioners everywhere. This is because the TCA provides an extension period, of a sort, to allow the European Commission time to conclude its adequacy assessment of the UK. Without this, EEA-UK data transfers would otherwise have been restricted at the end of the Brexit transition period.
The…
On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data.
This is part three of a series of three blog posts. In this blog post, we consider the DGR’s relationship to competition law rules.
The DGR’s relationship to competition law rules
The DGR specifies that:
It does not affect the application of…
On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data.
This is part two of a series of three blog posts. In this blog post, we outline the new regimes for data sharing service providers and data altruism under the DGR, and consider the potential impact on businesses.
New regime for data…
On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data.
This is part one of a series of three blog posts. In this first blog post, we outline key aspects of the DGR, set it in the context of other reforms proposed by the EC, consider public-sector data sharing under the DGR,…