Last week, the FCC issued a forfeiture order against Dialing Services, LLC (“Dialing Services”) $2,880,000, finding that Dialing Services made automated calls to wireless phones without prior express consent, in violation of the Telephone Consumer Protection Act (“TCPA”). Dialing Services is a platform that offers automated calling services to its customers, and this Order is … Continue Reading
By Dan Cooper and Rosie Klement On July 26, 2017, the Court of Justice of the EU (CJEU) published Opinion 1-15 (the “Opinion”) on the proposed agreement between the European Union and Canada on the transfer and processing of passenger name record (“PNR”) data (the “Agreement”). The Agreement was signed in 2014, but the CJEU … Continue Reading
On July 21, New Jersey Governor Chris Christie signed into law the Personal Information Privacy Protection Act (PIPPA) (S. 1913), which limits the circumstances under which “retail establishments” (retailers) can collect and use information obtained by scanning the state-issued identification cards of customers. The new law limits the ability of retailers to scan the barcode … Continue Reading
By Lisa Peets and Rosie Klement On July 14, 2017, the Impact Assessment Institute (“IAI”) (an independent institute committed to impartial impact assessment and scientific evaluation of policy and legislation in the EU) published a study assessing the impact assessment carried out by the European Commission in connection with the Commission’s proposal for a new … Continue Reading
The FTC announced today a new “Stick With Security” Initiative, building on its prior “Start With Security” guide as “part of its ongoing efforts to help businesses ensure that they are taking reasonable steps to protect and secure consumer data.” Stick With Security constitutes a series of blog posts published each Friday using “hypothetical examples … Continue Reading
On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation on the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017. Aiming to add greater clarification to the Cybersecurity Law, which took effect on June 1, … Continue Reading
As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500). Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading
Twenty years ago, the Supreme Court was faced with the question of whether a federal statute that imposed a content-based restriction on online speech violated the First Amendment. That case, Reno v. American Civil Liberties Union, marked the first instance in which the Supreme Court weighed in on the role of the Internet in the … Continue Reading
The UK Information Commissioner’s Office (“ICO”), which enforces data protection legislation in the UK, has ruled that the NHS Royal Free Foundation Trust (“Royal Free”), which manages a London hospital, failed to comply with the UK Data Protection Act 1998 in providing 1.6 million patient records to Google DeepMind (“DeepMind”), requiring the Royal Free to … Continue Reading
By Dan Cooper and Rosie Klement The EU’s Article 29 Working Party (“WP29”) has issued new guidance on data processing in the employment context. Adopted on June 8, 2017, the guidance primarily takes account of the existing data protection framework under the EU Data Protection Directive (Directive 95/46/EC), but also considers the developments coming into force … Continue Reading
