On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The
Surveillance
FCC Examination of Proposed Drone Operations Within the 5 GHz Band Moves Forward
In furtherance of a 2018 request from the Aerospace Industry Association (“AIA”), the Wireless Telecommunications Bureau (“Bureau”) of the US Federal Communications Commission (“FCC”) has resumed its examination as to how best to license unmanned aircraft systems (“UAS”) or drones. On August 20, the Bureau released a Public Notice1 seeking updated public input on…
ICO Offers Insight on Its Policy Around the Use of Live Facial Recognition in the UK
On 18 June 2021, the UK Information Commissioner published a Commissioner’s Opinion (the “Opinion”) on the use of live facial recognition (“LFR”) technology in public spaces. Public spaces are defined broadly and include any non-residential space. The Opinion sets out that there is “a high bar” for businesses to meet.…
Managing OT Cyber Risk: Lessons from the Front Lines
Cyber attacks continue to grow against the wide range of industries that rely on connected systems to manufacture products, monitor industrial processes, operate critical infrastructure and perform countless other sensitive processes. These attacks against industrial systems—generally referred to as “Operational Technology” (OT)—threaten to stop production, impair the integrity of safety-critical systems or even cause physical…
€35 Million Fine Issued Under GDPR for Employee Monitoring and IT Security Failings in Germany
During the COVID-19 pandemic, data privacy – and, in particular, employee data privacy – has been at the forefront of employers’ minds. In the last six months, employers across the globe have been required to give careful thought to a whole host of potential issues, from contact tracing apps to temperature and other health checks…
The Chamber of No Secrets: What Tech and Data/Content-Driven Companies Need to Know about the Hong Kong National Security Law
On 30 June 2020, the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region (NSL), was passed by the Standing Committee of the National People’s Congress in China and officially listed in Annex III of the Hong Kong Basic Law. It came into effect in Hong…
BIS Considering New Export Restrictions on Facial Recognition Devices and Other Biometric Surveillance Equipment
On July 17, 2020, the US Department of Commerce, Bureau of Industry & Security (“BIS”), published a Notice of Inquiry (“Notice”)1 seeking public comments on potential changes to items controlled for crime control and detection (“CC”) reasons under the Export Administration Regulations (“EAR”)2 and the related licensing requirements. Among other possible changes, BIS…
10 Commandments for Processing Personal Data Through Video Devices in the EU
On January 29, 2020, the European Data Protection Board (“EDPB”) released Guidelines 3/2019 on processing personal data through video devices (“Guidelines”). The Guidelines shed light on the EU General Data Protection Regulation (“GDPR”) requirements applicable to this type of processing.
While some might debate whether a supreme being is watching us, there is little doubt…
The UK High Court Finds Police Use of Automated Facial-Recognition Technology Permissible
On 4 September 2019, the High Court in England and Wales rejected a judicial review claim brought by Edward Bridges, a civil liberties campaigner (the “Claimant“) regarding the use of automated facial-recognition technology (“AFR“) by the Chief Constable of South Wales Police’s (“SWP“). The High Court dismissed claims that…
SEC’s OCIE Issues Risk Alert for Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P
On April 16, 2019, the staff from the Office of Compliance Inspections and Examinations (the “OCIE”) of the US Securities and Exchange Commission (“SEC”) published a Risk Alert describing privacy and related customer information safeguarding issues it has identified in recent examinations of registered investment advisers and broker-dealers (“Registered Entities”).1 These issues continue to…