This regular update (no. 24 | 13 October 2020) covers key regulatory EU developments related to the evolving COVID-19 situation (Antitrust & State Aid; Trade/Export Controls; Medicines, Medical Devices and Personal Protective...more
10/22/2020
/ Competition ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Medical Devices ,
Member State ,
Personal Protective Equipment ,
Popular ,
State Aid
This regular alert covers key regulatory EU developments related to the COVID-19 situation. It does not purport to provide an exhaustive overview of developments and contains no analysis or opinion.
LATEST KEY DEVELOPMENTS...more
10/20/2020
/ Competition ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Medical Devices ,
Member State ,
Personal Protective Equipment ,
State Aid ,
State of Emergency
This regular update (no. 23 | 29 September 2020) covers key regulatory EU developments related to the evolving COVID-19 situation (Antitrust & State Aid; Trade/Export Controls; Medicines, Medical Devices and Personal...more
10/2/2020
/ Competition ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Medical Devices ,
Member State ,
Personal Protective Equipment ,
State Aid ,
State of Emergency
This regular update (no. 22 | 22 September 2020) covers key regulatory EU developments related to the evolving COVID-19 situation (Antitrust & State Aid; Trade/Export Controls; Medicines, Medical Devices and Personal...more
10/1/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Medical Devices ,
Medical Supplies ,
Member State ,
Personal Protective Equipment ,
Public Health ,
State Aid ,
Supply Chain
This regular alert covers key regulatory EU developments related to the COVID-19 situation. It does not purport to provide an exhaustive overview of developments and contains no analysis or opinion.
...more
9/1/2020
/ Competition ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Member State ,
Relief Measures ,
State Aid ,
State of Emergency
The Situation: The Court of Justice of the European Union ("CJEU") has ruled that international data flows under the European Union's comprehensive data protection regime, the GDPR, can continue to be based on EU Standard...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems
This week, the European Commission published white papers detailing its strategies regarding the use of data and artificial intelligence ("AI"). Several additional reports accompany the white papers and cover topics such as...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
1/29/2020
/ CNIL ,
Consent ,
Cookies ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Public Consultations
The Situation: The United Kingdom is due to leave the European Union ("EU") on 31 October 2019. Negotiations between member states of the EU excluding the United Kingdom ("EU27") and the United Kingdom are ongoing, but it is...more
10/1/2019
/ Corporate Counsel ,
Data Protection ,
EU-US Privacy Shield ,
European Commission ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
No-Deal Brexit ,
Personal Data ,
Standard Contractual Clauses ,
UK Brexit
The Situation: The UK Parliament has not approved the draft Brexit Withdrawal Agreement and Political Declaration on the future relationship of the European Union and United Kingdom. The next steps in the Brexit process are...more
The Situation: An investigation launched in 2016 by the German competition authority was meant to determine if Facebook was abusing its market position with its imposition of "misleading" data protection policies.
The...more
3/6/2019
/ Abuse of Dominance ,
Antitrust Investigations ,
Antitrust Violations ,
Competition Authorities ,
Data Collection ,
Data Protection ,
Facebook ,
Federal Cartel Office (the FCO) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Instagram ,
Monopolization ,
Prior Express Consent ,
WhatsApp ,
Without Consent
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Internal Report Regarding IoT Cybersecurity -
In September, the National Institute of Standards and Technology ("NIST") released a draft...more
12/26/2018
/ Civil Monetary Penalty ,
CNIL ,
Consumer Reporting Agencies ,
COPPA ,
Critical Infrastructure Sectors ,
Cross-Border ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Disclosure Requirements ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hobbs Act ,
Internal Audit Functions ,
International Data Transfers ,
Internet of Things ,
NIST ,
Popular ,
Power Grid ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
The Situation: The General Data Protection Regulation has a broad territorial scope and can apply to businesses based outside the European Union.
The Result: The European Data Protection Board has provided important...more
The Situation: The European Union's General Data Protection Regulation ("GDPR") has raised questions regarding the scope of coverage and protection afforded by current cyber policies, especially with respect to potential GDPR...more
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more
10/24/2018
/ Argentina ,
Asia ,
Australia ,
Belgium ,
Brazil ,
California Consumer Privacy Act (CCPA) ,
Canada ,
Chile ,
China ,
Colombia ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hong Kong ,
IRS ,
Italy ,
Japan ,
Mexico ,
Netherlands ,
NIST ,
Paraguay ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Singapore ,
Spain ,
TCPA ,
UK
The Situation: The Legislative Decree 101/2018 ("Harmonization Decree") harmonizes the Italian data protection laws with the General Data Protection Regulation (EU) 679/2016 ("GDPR") provisions. It was enacted and became...more
The Situation: On September 5, 2018, Belgium published two laws that implement the Belgian requirements under Regulation 21016/679, the General Data Protection Regulation ("GDPR").
The Details: The two laws include the Law...more
Whistleblowers who expose breaches of European Union law will be afforded greater protection from retaliation by companies and public authorities under a draft law proposed by the European Commission in April 2018. The draft...more
4/27/2018
/ Anti-Corruption ,
Corporate Governance ,
Data Protection ,
Employer Liability Issues ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Sarbanes-Oxley ,
Trade Secrets ,
Whistleblower Protection Policies ,
Whistleblowers ,
White Collar Crimes
The Situation: To strengthen cross-border cooperation in investigations, the European Commission has proposed legislation allowing EU Member State authorities to access, directly from services providers, electronic evidence...more
4/26/2018
/ CLOUD Act ,
Criminal Investigations ,
Data Protection ,
Discovery ,
e-Discovery Professionals ,
Electronically Stored Information ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Litigation ,
Proposed Regulation ,
Third Country Entities (TCEs)
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
United States and China Renew Promise Not to Hack -
On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
11/21/2017
/ Acquisitions ,
Argentina ,
Article 29 Working Party (WP29) ,
Australia ,
Belgium ,
Biometric Information Privacy Act ,
Blockchain ,
Canada ,
CCTV ,
Chile ,
China ,
CNIL ,
Connected Cars ,
COPPA ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Driverless Cars ,
EDPS ,
ENISA ,
Equifax ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Initial Coin Offering (ICOs) ,
International Data Transfers ,
Italy ,
Mexico ,
Mobile Apps ,
National Security ,
Netherlands ,
NIST ,
Online Advertisements ,
People's Bank of China ,
Personally Identifiable Information ,
Popular ,
Public Safety ,
Retail Investors ,
Search Engines ,
Securities and Exchange Commission (SEC) ,
Social Media ,
Spain ,
Stored Communications Act ,
TCPA ,
UK ,
Websites
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - FTC Comments on Improvements to IoT Device Security - On June 19, the Federal Trade Commission ("FTC") submitted comments to a working group organized by the...more
9/15/2017
/ Broker-Dealer ,
Computer Fraud and Abuse Act (CFAA) ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Internet of Things ,
Malware ,
Medical Records ,
NIST ,
RegTech ,
Retailers ,
Securities and Exchange Commission (SEC)
New York Attorney General Announces Record Number of Data Breach Notices in 2016 -
On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
6/5/2017
/ Advertising ,
Argentina ,
Australia ,
Chile ,
CNIL ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
De-Identification ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
DNA ,
DPA ,
e-Privacy Directive ,
EDPS ,
Encryption ,
Enforcement Actions ,
ENISA ,
EU ,
FACTA ,
FCC ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
France ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Information Commissioner's Office (ICO) ,
Information Sharing ,
Israel ,
Italy ,
Japan ,
Medical Records ,
Metadata ,
Mexico ,
National Security ,
Netherlands ,
NIST ,
Online Safety for Children ,
Patient Privacy Rights ,
Payroll Records ,
Personal Data ,
Personal Data Privacy Comission (PDPC) ,
Personally Identifiable Information ,
Popular ,
Privacy Policy ,
Repeal ,
Robocalling ,
Securities and Exchange Commission (SEC) ,
Singapore ,
Social Media ,
Spain ,
SWIFT ,
Telecommunications ,
Transparency ,
UK ,
Unmanned Aircraft Systems ,
USTR ,
XBRL Filing Requirements
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
3/15/2017
/ Actual Injuries ,
Advertising ,
Argentina ,
Australia ,
Banks ,
Belgium ,
Big Data ,
Canada ,
China ,
Class Action ,
Colombia ,
Connected Items ,
Consumer Protection Act ,
Controlled Unclassified Information (CUI) ,
Credit Cards ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Databases ,
Department of Homeland Security (DHS) ,
Department of Transportation (DOT) ,
Email Policies ,
ENISA ,
EU ,
EU Data Protection Laws ,
Fair Credit Reporting Act (FCRA) ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
FinTech ,
France ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Germany ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Information Sharing ,
International Data Transfers ,
Investigatory Powers Act 2016 ,
Italy ,
Japan ,
Mexico ,
National Security ,
Netherlands ,
NIST ,
NYDFS ,
OCIE ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Settlement Agreements ,
Singapore ,
Spain ,
Spokeo ,
Standing ,
State Data Breach Notification Statutes ,
Swiss Privacy Shield ,
Switzerland ,
TCPA ,
Telemarketing ,
UK ,
V2V ,
Web Tracking