With an effective date of February 17, 2024, the Digital Services Act (“DSA”) will start applying to most online platform providers in less than a year. The DSA, which introduces due diligence and transparency obligations regarding algorithmic decision-making by online platforms, such as social media, video sharing or e-commerce, entered into force on November 16,
Privacy / Data Protection
UK Government Proposes Key Changes to the UK GDPR
The UK Government has relaunched its efforts to reform the UK’s data protection regime, with the Data Protection and Digital Information Bill (No. 2) (the “Bill“) being introduced to Parliament on Wednesday 8 March. The Bill supersedes a previous version that was originally published in July 2022 (see our previous legal update).…
Illinois Supreme Court’s Most Recent BIPA Decision Exponentially Increases Potential Exposure for Businesses
In what is becoming a pattern, the Illinois Supreme Court recently issued another decision interpreting the Biometric Information Privacy Act (“BIPA”) to expand potential liability for businesses. The court held in Cothron v. White Castle that each time a business collects or discloses an individual’s biometric data without first obtaining BIPA-compliant consent, a separate claim…
UK Cybersecurity and Incident Response – The Outlook for 2023
Following on from our alert in relation to technology, data privacy, cybersecurity and IP legal developments to look out for in 2023, this update outlines some of the potential developments and trends in the UK cyber incident response landscape for 2023.
Increased litigation risk for cyber breach victims – the Information Commissioner’s Office begins naming …
European Commission Publishes U.S. Draft Adequacy Decision
On 13 December 2022, the European Commission published its draft adequacy decision for EU-U.S. data transfers. The draft decision follows the EU-U.S. announcement of an agreement on a new EU-U.S. Data Privacy Framework (“DPF”) in March 2022 as well as the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (“Executive Order”) signed…
ICO’s Updated Guidance on International Personal Data Transfers Offers an Alternative Approach to Carrying Out Transfer Risk Assessments
The UK Information Commissioner’s Office (the “ICO”) published new guidance on transfer risk assessments (“TRAs”) and a template for carrying out a TRA.
All businesses are required to carry out TRAs, also known as local law assessments or transfer impact assessments, when transferring personal data subject to the UK GDPR outside the United Kingdom using…
Health Data: European Commission Proposes New Rules on Access and Use
The European Commission’s proposal to establish a European Health Data Space (“EHDS”) aims to improve access by individuals to their health data (primary use) and facilitate the re-use of health data for societal good across the European Union (secondary use).
While the draft EHDS regulation might easily get lost in an alphabet of…
ROPA Template Proposal for Small Processing Agents
Technical Note No. 33/2022, published by the Brazilian Data Protection Authority (ANPD), proposes a template for a Record of Personal Data Processing Activities (ROPA) for small processing agents, whether controllers or processors.
The proposed template is under public consultation until December 4, 2022, with a definitive version expected to be published in 2023.…
Webcast: Data Privacy & Cybersecurity: Spotlight on the Board and C-Suite for Global Data Innovation
With the cybersecurity landscape evolving ever more rapidly, and the threats to businesses’ critical information and assets—as well as to their bottom lines—are only increasing. Breaches continue to grow in scale and sophistication, regulators are crowding the field with an expanding and shifting array of requirements and de facto standards, and litigation remains perilous. Now,…
California Issues Revisions to Proposed CPRA Regulations
The California Privacy Protection Agency (“the Agency”) announced October 17, 2022, proposed modifications to the draft regulations for the California Privacy Rights Act (CPRA) that were published on July 8, 2022. The draft regulations expanded on the text of the CPRA setting out a number of additional requirements regarding obtaining consumer consent, supporting the exercise…