On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) adopted new rules specifying enhanced disclosure regarding cybersecurity risk management, strategy governance, and incident disclosure. The SEC first proposed new cybersecurity rules back in March 2022. The agency’s comments
Technology Law Dispatch
Latest from Technology Law Dispatch - Page 3
ECJ Allows National Competition Authorities to Consider Non-Competition Law Violations in Dominance Abuse Cases
Please click here to access the source post from our Global Regulatory Enforcement Law Blog.
In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company…
Three lessons from ICO’s quarterly enforcement report
The Information Commissioner’s Office (ICO) has published a report on reprimands issued in the second quarter of the year, from April to June 2023. The recent reprimands by ICO shed light on areas of data protection where organizations across the…
Navigating the Path to Compliance: Takeaways from the New Draft Security Regulations for Connected Devices
The UK Department for Culture, Media and Sport published draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Draft Security Regulations). These regulations fall under the Product Security and Telecommunications Infrastructure Act 2022 (PSTIA) which…
Third Time’s a Charm: European Commission adopts EU-U.S. Data Privacy Framework
Background
The European Commission (EC) issued the long-awaited adequacy decision for the new EU-U.S. Data Privacy Framework (Framework) on July 10, 2023. The Court of Justice of the European Union (CJEU) had previously invalidated both the U.S.-EU Safe Harbor in…
Convention 108+: The Council of Europe Releases Model Contractual Clauses for Global Data Transfers
On June 27, 2023, the Council of Europe (“CoE”) announced the adoption of its first module of the Model Contractual Clauses (“MCCs”) for cross-border data transfers based on the Protocol amending the Convention for the Protection of Individuals with Regard…
ENISA Releases Comprehensive Framework for Ensuring Cybersecurity in the Lifecycle of AI Systems
On 7 June 2023, the European Union Agency for Cybersecurity (ENISA) released a report Multilayer Framework for Good Cybersecurity Practices for AI (“Framework”) in response to the evolving landscape of artificial intelligence (AI) and the associated cybersecurity challenges. The publication…
Guidance on Privacy-Enhancing Technologies for Data Protection Compliance: Key Considerations for Organizations
On 19 June 2023, the Information Commissioner’s Office (ICO) has released new Guidance on Privacy-Enhancing Technologies (PETs) for Data Protection Compliance. This guidance is designed to assist data protection officers (DPOs) and individuals responsible for managing large-scale personal data…
UK-US data bridge: Advancing Data Flows and Privacy
On 8 June 2023, the UK Secretary of State for Science, Innovation, and Technology, and US Commerce Secretary jointly announced the intention to establish a UK-US data bridge.The proposed data bridge between the UK and the US would build upon…
From Smartphones to Alarm Systems: UK Mandates Minimum Security for Connected Devices
The UK’s new Product Security and Telecommunications Infrastructure Act 2022 will take effect on 29 April 2024, and will require manufacturers to implement minimum-security standards on all consumer products with internet or network connectivity, such as smartphones, smart meters, CCTV…