The California Privacy Protection Agency (“the Agency”) announced October 17, 2022, proposed modifications to the draft regulations for the California Privacy Rights Act (CPRA) that were published on July 8, 2022. The draft regulations expanded on the text of the CPRA setting out a number of additional requirements regarding obtaining consumer consent, supporting the exercise
Government Agency Update / Notice
Brazilian Data Protection Authority’s Most Relevant Publications To Date
The Brazilian Data Protection Authority (ANPD) has issued important guidance covering a variety of privacy aspects including security measures, determining controller and processor capacities, and how the ANPD administrative process will be applied to investigating companies and imposing penalties.
Big Changes to ANPD with Provisional Measure No. 1,124
On Monday, Provisional Measure No. 1,124 was published, amending Law No. 13,709 of 2018—the Brazilian General Personal Data Protection Law (LGPD)—which brings significant changes to the configuration of the Brazilian National Data Protection Authority (ANPD).
BIS Revises Export Controls on Cybersecurity Items Used for Malicious Cyber Activity
On May 26, 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) published a final rule revising the restrictions on the export, reexport and transfer (in-country) of certain “cybersecurity items” used for malicious cyber activities (“final rule”). Effective immediately upon publication, the final rule amends the October 21, 2021, interim final rule…
US FTC to “Crack Down” on EdTech’s Use of Children’s Data
On May 19, 2022, the Federal Trade Commission (FTC) unanimously approved a policy statement on education technology (EdTech) and the Children’s Online Privacy Protection Act (COPPA). Characterized as part of a larger effort to “crack down on companies that illegally surveil children learning online,” the policy statement itself merely highlights pre-existing obligations under…
Guidance for Definitions of Personal Data Processing Agents and Data Protection Officers
Published by the Brazilian Data Protection Authority (ANPD) on April 26, 2022, the new version of the guidance brought subtle, yet important, changes and clarifications.
US Senate Confirms 5th FTC Commissioner – Now What?
On May 11, 2022, the Senate confirmed President Biden’s appointment of Alvaro Bedoya to fill the vacant Democratic seat on the Federal Trade Commission (FTC). Commissioner Bedoya’s confirmation gives the Democratic commissioners a voting majority on the Commission, and we expect the FTC will pursue actions previewed by Chair Lina Khan. In this Legal Update,…
US SEC Cyber Risk Management Proposed Rules: Analysis for Investment Advisers, Investment Companies, BDCs and Broader Implications for Private Sector
On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of…
Pushing the Envelope? The CAC’s Draft Regulations on Push Notifications
On 2 March 2022, the Cyberspace Administration of China (“CAC”) issued draft regulations on the administration of internet pop-up push notifications (the “Draft Regulations”). The Draft Regulations were issued pursuant to a number of laws, including the Cybersecurity Law.
The Draft Regulations bid to further tighten government control over the news followed a…
SEC Proposes New Rules on Public Company Cybersecurity Disclosures
On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,…