Thank you to everyone who participated in the Hogan Lovells webinar “Russia Data Localization Update: New Details Emerge from Meetings with Russian Regulator” on 2 April 2015. This update follows an October 2014 presentation that outlined Russia’s newly enacted Data Localization Law. In this webinar, Hogan Lovells privacy and data protection attorneys Natalia Gulyaeva and Bret Cohen provided insight into the expectations of Russian regulators as the September 2015 implementation deadline approaches.
To access the a copy of the slide deck, click here.
To access the recorded webinar, click here (1 hr 17 mins — the webinar will start to play automatically).
Stay tuned to the blog for future updates on the law, including any future formal guidance from the Russian government.
Adblocking is an increasingly wide-spread phenomenon with huge impact on the online advertising industry. The best known and by far most popular adblocking tool is AdBlock Plus, marketed by the German company Eyeo GmbH. AdBlock Plus is among the most frequently downloaded browser add-ons worldwide, with over 144 million active users reported in 2014 (Source: Page Fair and Adobe 2014 report). AdBlock Plus allows Internet users to decide which advertising content they want to have appear on their screens. The software comes with a pre-selection of blacklisted and whitelisted websites and, by default, users of AdBlock Plus only see advertising content that has been whitelisted by Eyeo. Users are free, in theory, to set their own preferences, but most will probably stick with the default setting.
On 1 April 2015, President Obama signed an Executive Order authorizing the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities constituting a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.
Read More: Executive Order Authorizes Economic Sanctions as New Tool for U.S. Cyber Defense
On 29 March, the Hong Kong Privacy Commissioner for Personal Data (the “Commissioner“) published a guidance note that supplements previous guidance on the use of closed circuit television systems and for the first time addresses the increasing use of unmanned aircraft systems (“UAS“, or, more popularly, “drones”). The Commissioner’s guidance is the first significant regulatory engagement on the use of UAS by a Hong Kong regulator.
The guidance is timely, as the potential commercial applications for UAS are now becoming more fully understood and are clearly vast, ranging from infrastructure maintenance, crop management and security through to the more headline catching possibilities of delivery of consumer products to your doorstep.
Click here for full version
The National People’s Congress (“NPC“) of the People’s Republic of China (“China” or “PRC“) issued a draft Anti-Terrorism Law (the “Draft Law“) for public comment on 3 November 2014. As of the end of February 2015, the Draft Law had moved into its second draft but the revised draft is not yet in the public domain. As of the date of this writing, deliberations on the Draft Law are ongoing, notwithstanding media speculation that it had been dropped.
One of the points that is striking about the Draft Law is that at no point does it define “terrorism,” leaving the interpretation of this to the Chinese authorities (but the concept will no doubt encapsulate domestic as well as external threats).
The Draft Law, in its published first draft form, requires providers of telecommunications services (i.e., basic and value-added telecoms services providers) (电信业务经营者) (“Telecoms Service Providers“) and providers of Internet services “互联网服务提供者” (“Providers of Internet Services“) within China to actively cooperate with government authorities in their fight against terrorism. It mandates, among other things:
The following piece, written by the Hogan Lovells privacy team, was posted to the International Association of Privacy Professionals’ (IAPP) Privacy Tracker on March 31. The post, Data Security and Breach Notification Legislation Gaining Traction in Congress, is reprinted in its entirety below with permission from the IAPP.
For more than a year now, we have been hearing that the spate of highly-publicized data breaches could lead to federal data security and data breach legislation. On March 25, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade took action that brings us closer to seeing that prediction become a reality. In this post, we take a closer look at the bipartisan legislation approved by the subcommittee—the Data Security and Breach Notification Act of 2015 (DSBN) — and discuss five key provisions that are likely to be at issue as the legislation moves forward.
Hogan Lovells has just published the April edition of its Global Payments Newsletter containing the latest updates on payment technology and policy-related developments from around the world. Notable items in the April edition include:
- the establishment of the Payments Systems Regulator in the UK to promote competition and innovation in payment systems;
- the development of biometric facial recognition technology by Microsoft and Alibaba for authenticating digital payments; and
- the resumption of informal trialogue talks on the proposed EU network and information security Directive.
To view a PDF of the full Newsletter please click here. You can also follow us on Twitter at @HLPayments for regular news and updates.
On March 16, the U.S. Commerce Department’s Internet Policy Task Force (IPTF) published a Request for Public Comment for input on the key cybersecurity issues affecting the digital ecosystem and digital economic growth. The IPTF aims to coordinate and facilitate consensus-based multistakeholder processes to generate collective guidance and identify best practices. Through this effort, the IPTF seeks to broaden the focus of federal cybersecurity efforts beyond securing critical infrastructure. A number of key cybersecurity challenges have been identified in the Request for Public Comment, and the IPTF is inviting commenters to highlight other topic areas that the IPTF should consider including as part of this process.
The IPTF announcement is the latest in a series of activities following White House Executive Order 13636, which called upon the Commerce Department to work with industry to develop a framework to improve cybersecurity practices, and to undertake a study on incentives to encourage private sector adoption of cybersecurity protections. In February 2014, the National Institute of Standards and Technology (NIST), also part of the Commerce Department, released the Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 (Cybersecurity Framework). The Cybersecurity Framework offers organizations a guide for understanding and implementing appropriate cybersecurity protections, and NIST continues to monitor use of the Framework and consider additional guidance or updates.
With the release of this Request for Public Comment, the IPTF proposes to facilitate one or more multistakeholder processes around key cybersecurity issues. Potential outcomes would vary by the issue discussed, but could include voluntary policy guidelines, procedures, or best practices. Organizations will be free to choose whether to participate in any resulting code of conduct or standards.
The IPTF has identified a number of key cybersecurity topics for potential inclusion in these multistakeholder processes:
Recently, new rules on cookies (all links in Dutch) came into force in the Netherlands. In addition, the Dutch Second Chamber approved a draft bill to introduce a mandatory data breach notification requirement and to strengthen the Dutch Data Protection Authority’s investigative and fining powers. The new rules apply to all companies acting as a “data controller” within the meaning of the Dutch Data Protection Act. The Dutch First Chamber has announced that it plans to review this draft bill as soon as possible.
New rules on cookies
The most significant change is the introduction of a lighter regime for cookies that (a) are used to gather information on the quality and effectiveness of a requested service; and (b) have little or no effect on the privacy of the user of the service. For these cookies (e.g. analytic cookies, affiliate cookies and a/b testing cookies), the standard requirements for cookies (informing the user and obtaining consent) are no longer required.
Background of the case
A toothpaste television advertisement was hit with a record fine of RMB 6.03 million (approximately US$0.96 million) for violating the Advertising Law in China.
According to a recent report from the Shanghai AIC published last week, the television advertisement showed a Taiwanese celebrity showing off her teeth and boasting that they were visibly whiter after just one day of using the toothpaste. The AIC found that the alleged visual “whitening” effect in the advertisement was a result of computer editing, as opposed to the actual effect of the product.
The AIC did not mention whether there were any aggravating factors which justified this record fine. However, this decision is certainly in line with the recently proposed changes to the Advertising Law, which aim to root out false advertising in China. The draft changes are now undergoing what is believed to be the final round of review by the Chinese Government and could become law shortly. The proposed amendments, if enacted, would have wide-ranging implications on all advertising activities in China and on all stakeholders (including brand owners, advertising companies, and endorsers). Here is a snapshot of the major proposed changes to the Advertising Law and their likely ramifications: Continue Reading