Global Privacy & Security Compliance Law Blog

Commentary on Global Privacy and Security Issues of Today

GDPR and PSD2 are two legal initialisms that have both generated a great deal of press coverage in recent months, but they are seldom considered together. By Christian F. McDermott, Calum Docherty and Brett Carr There were around 122 billion non-cash payments in the European Union (EU) in 2016, with card payments accounting for 49% of all transactionsi  and the trend is continuing: UK Finance recently reported that UK debit card payments overtook the…
Brazilian Congress passes a data protection bill that seeks to improve privacy and cybersecurity. By Amadeu Ribeiro and Thiago Luís Sombra (Mattos Filho, Veiga Filho Marrey Jr e Quiroga Advogados) and Jennifer Archie and Terese Saplys The Brazilian Congress has been working on a bill relating to the protection of personal data for over eight years. The Senate approved the bill, known as the General Data Protection Act (GDPA), on 10 July 2018,…
FCA Chair hints that new regulation addressing data ethics in the FinTech space may be on the horizon. By Nicola Higgs, Fiona Maclean and Terese Saplys Will societies of the future be ruled by algocracy, in which algorithms decide how humans are governed? Charles Randell, Chair of the Financial Conduct Authority (FCA) and Payment Systems Regulator, addressed how to avoid this hypothetical scenario in a broad-ranging speech on that he delivered on 11 July 2018 in…
Businesses active in California should promptly assess whether the law applies to their practices and start planning towards compliance with the new law. By Jennifer Archie, Michael Rubin, and Scott Jones Key Points: A sweeping new privacy law — the California Consumer Privacy Act of 2018 — was signed into law on June 28, 2018. The Act imposes substantial new obligations on businesses that collect, process, and disclose the data of California residents.…
California ballot initiative, Consumer Right to Privacy Act of 2018, gathers momentum for a November vote, spurring some telecom and internet businesses to organize opposition. By Michael H. Rubin, Roxana Mondragón-Motta, and Scott C. Jones Businesses are preparing to oppose a California ballot measure that could impose new data privacy and security obligations, with the threat of significant civil liability for non-compliance. Signatures are being gathered to put the Consumer Right to Privacy…
The General Data Protection Regulation (GDPR) comes into effect on May 25, 2018. As an EU Regulation, it will be directly effective in each EU member state, but all member states are expected to pass national implementing legislation. Latham’s GDPR Implementation Tracker is an interactive, web-based tool to help companies doing business in Europe stay abreast of the latest developments. The Implementation Tracker is now available at gdpr.lw.com.   Updates will be provided regularly,…
The UK agency’s principles-based guidance on cybersecurity for OES adds important detail to NIS Directive obligations. By Gail Crawford, Mark Sun, Fiona Maclean, and Malika Sajdik The National Cyber Security Centre (NCSC) has published introductory guidance for operators of essential services (OES) on the new cybersecurity rules under the EU’s Security of Network and Information Systems Directive (NIS Directive). The NIS Directive is the first EU-wide legislation on cybersecurity and…
Proposed changes provide indication of the yet-to-be-published contents of the NIS Directive’s implementing regulation. By Gail CrawfordMark Sun, Fiona Maclean, and Malika Sajdik The UK government moved closer to implementing the Security of Network and Information Systems Directive (NIS Directive) with the release of its consultation response. The NIS Directive is the first EU-wide legislation on cybersecurity that aims to enhance network and information system security across vital business sectors…
By Gail Crawford and Mark Sun  With the assistance of colleagues across the EU, Latham & Watkins has updated its GDPR National Implementation Tracker. With just over three months to go until the GDPR go-live date on 25 May 2018, two EU member states (Belgium, Slovakia) have joined Austria and Germany in successfully implementing the GDPR in their national laws. Since our last update in October 2017: Six additional member states have published draft…
By Jennifer Archie, Serrin Turner, Kyle Jefcoat, Dean Baxtrasser and Morgan Maddoux As of December 31, 2017, many United States government contractors face a new compliance requirement involving cybersecurity. This requirement will govern most new Department of Defense (DoD) contracts and, significantly, will apply to many current DoD contracts that include the applicable standard contract clause. On October 21, 2016, DoD issued a final rule, Defense Federal Acquisition Regulation Supplement (DFARS) clause…