On June 11, 2018, the Financial Services Information Sharing and Analysis Center (“FS-ISAC”) announced the launch of the CERES Forum, an information sharing initiative for central banks, regulators, and supervisors designed to strengthen responses to cyber and physical threats. The new forum will become operational on July 1, 2018. Although FS-ISAC primarily comprises private financial … Continue Reading
Earlier this week, the National Telecommunications and Information Administration (NTIA), the executive branch agency responsible for telecommunications and information policy, released a Notice of Inquiry requesting that any interested party—including the private sector, technical experts, academics, and civil society—help the agency determine its international internet policy priorities. In particular, NTIA is seeking comments and recommendations … Continue Reading
This past week, Mary Meeker presented her annual Internet Trends report for 2018 at the Code Conference. A copy of the slide deck is available here. The report is widely respected by industry experts, and this year’s presentation included a number of insights that industry stakeholders will find relevant regarding data privacy and technology more … Continue Reading
Two federal appellate courts are taking sharply different views on whether—and why—government agents must have some amount of suspicion to conduct forensic searches of electronic devices seized at the border. The Fourth Circuit on May 9, 2018, held that government agents must have reasonable suspicion to conduct forensic searches of cell phones seized at the … Continue Reading
The much discussed and long-awaited General Data Protection Regulation (“GDPR”) applies from today, May 25, 2018. It will update and harmonize data protection laws across the EU, and sets out comprehensive rules in relation to personal data handling, as well as the rights of individuals over their personal data. It is unclear how aggressively the … Continue Reading
Having received Royal Assent on May 23, 2018, the UK Data Protection Bill is now an Act of Parliament. The Data Protection Act 2018 (the “Act”) implements the General Data Protection Regulation (“GDPR”) and replaces the UK Data Protection Act 1998. Notable provisions that make use of the ability of Member States to implement different … Continue Reading
Reflecting evidence from 280 witnesses from the government, academia and industry, and nine months of investigation, the UK House of Lords Select Committee on Artificial Intelligence published its report “AI in the UK: ready, willing and able?” on April 16, 2018 (the Report). The Report considers the future of AI in the UK, from perceived … Continue Reading
Last summer, Marcus Hutchins, the security researcher who stopped the “WannaCry” malware attack, was arrested and charged for his role in allegedly creating and conspiring to sell a different piece of malware, known as Kronos. As we have previously discussed on this blog, however, the indictment was notable for its lack of allegations connecting Hutchins … Continue Reading
IAB Europe opened the registration process for vendors and consent management providers (“CMPs”) to apply for approved status under IAB Europe’s Transparency and Consent Framework (“Framework”). The Framework intends to provide publishers that have decided that the interest-based advertising products available on their platforms require user consent to deploy a standardized framework to (1) disclose … Continue Reading
Last August, the Department of Justice arrested and indicted Marcus Hutchins, the security researcher who accidentally discovered the “kill switch” that stopped the “WannaCry” malware attack. Hutchins was not charged for anything to do with WannaCry, but rather for creating and conspiring to sell a different piece of malware, the “Kronos Banking trojan.” Apart from … Continue Reading
Henriette Tielemans, co-chair of Covington’s global Data Privacy and Cybersecurity practice, has today received the IAPP Privacy Vanguard Award, the industry’s top honor, for her lifelong services to the data privacy community. The International Association of Privacy Professionals (IAPP) is the world’s largest and most comprehensive global information privacy community. Each year, the IAPP names … Continue Reading
On March 23, 2018, Congress passed, and President Trump signed into law, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which creates a new framework for government access to data held by technology companies worldwide. The CLOUD Act, enacted as part of the Consolidated Appropriations Act, has two components. Part I: Extraterritorial Reach of … Continue Reading
Artificial intelligence promises to be a paradigm shift for many applications from manufacturing to finance, and from defense to education. Given the vast potential, focus on AI has sharpened around the world, including in China. Decision makers in Beijing and around the country are paying attention and have begun shaping a legal and policy regime … Continue Reading
By Bruce Bennett, Carlo Kostka, Charlotte Hill, Craig Pollack, Dan Cooper, Gemma Nash, Kristof Van Quathem, Mark Young, and Sophie Bertin The EU Payment Services Directive (PSD2), which took effect on January 13, 2018, puts an obligation on banks to give Third Party Providers (TPPs) access to a customer’s payment account data, provided the customer expressly … Continue Reading
By Dan Cooper, Joseph Jones, and Ruth Scoles Mitchell On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment — … Continue Reading
On January 2, 2018, the Standardization Administration of China (“SAC”) released the final version of the national standard on personal information protection, officially entitled GB/T 35273-2017 Information Technology – Personal Information Security Specification (GB/T 35273-2017 信息安全技术 个人信息安全规范) (hereinafter “the Standard”). The Standard will come into effect on May 1, 2018. As highlighted in our previous … Continue Reading
On January 12, the International Consumer Electronics Show (CES) in Las Vegas closed its doors for another year. Each CES raises a new set of technology themes, ranging from robots to smart fridges — and this year, the winner was voice technologies. Such technologies, while not entirely new, are now becoming mainstream: sales of smart … Continue Reading
As we summarized last fall, the EU Commission published a new Cybersecurity Communication in September that, among other things, sets out proposals for an EU cybersecurity certification framework as part of an EU “Cybersecurity Act” (see our post here and a more detailed summary here). Just before the holidays, on December 20, 2017, the UK Government published a consultation on these proposals, which the … Continue Reading
As 2017 ends, all of us at InsidePrivacy are grateful for the attention and engagement of our readers. This has been an excellent year for our blog, and we’d like to share with you some information about InsidePrivacy and its readers. First, there are more of you than ever — in fact, an 11% year-over-year … Continue Reading
By Mark Young, Joseph Jones and Ruth Scoles Mitchell The Article 29 Working Party (WP29) has published long-awaited draft guidance on transparency and consent under the General Data Protection Regulation (“GDPR”). We are continuing to analyze the lengthy guidance documents, but wanted to highlight some immediate reactions and aspects of the guidance that we think … Continue Reading
By Joseph Jones and Ruth Scoles Mitchell On December 1, 2017, the High Court of England and Wales found the fourth-largest supermarket chain in the UK, Wm Morrisons (“Morrisons”), vicariously liable for a data breach caused by the intentional criminal actions of one of its employees, namely the leaking of payroll information online. The breach … Continue Reading
Yan Luo advises clients on a broad array of regulatory matters in connection with cybersecurity and data protection rules in China. With previous work experience in Washington, DC and Brussels before relocating to Beijing, Yan has fostered her government and regulatory skills in all three capitals. She is able to strategically advise international companies on … Continue Reading
Kristof Van Quathem, special counsel in Covington’s Brussels office, advises clients on data protection, data security, and cybercrime matters. He has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies, ranging from compliance advice on the adopted laws, regulations, and guidelines, to the … Continue Reading
In the past three weeks, China’s State Council and the State Cryptography Administration (“SCA”) issued two documents that reveal a major change in the regulatory regime governing commercial encryption products in China, potentially paving the way for the draft Encryption Law to establish a uniformed encryption regime. This development and its practical implications will be … Continue Reading
