Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Timothy Tobin

Posts by Timothy Tobin
Posted in Policy & Regulation Photo of Timothy TobinPhoto of Mark Brennan

New Nevada Privacy Law With “Sale” Opt-Out Right Will Take Effect Before the CCPA

Nevada has a new privacy law. On May 29, Nevada Governor Steve Sisolak signed Senate Bill 220 (SB-220) into law, making Nevada the first state to join California in granting consumers the right to opt out of the sale of their personal information. The act, which amends an existing online privacy notice law, is significantly narrower than the California Consumer Privacy Act (CCPA). It applies only to online activities, defines “consumer” and “sale” in a much more limited manner than the CCPA, and includes broad exceptions for financial institutions subject

Posted in Data Protection & Privacy, Policy & Regulation Photo of Timothy TobinPhoto of Harriet PearsonPhoto of Mark BrennanPhoto of Bret Cohen

California DoJ Sets March 8 Deadline for CCPA Pre-Rulemaking Comments

The California Department of Justice has announced a March 8, 2019 deadline for submitting written pre-rulemaking comments on the California Consumer Privacy Act (CCPA). The March 8 deadline is an extension from the previously set end-of-February deadline. Pursuant to section 1798.185(a) of the CCPA, the California Attorney General (AG) is obligated to solicit broad public participation and adopt regulations to further the purposes of the CCPA. The CCPA sets out seven specific areas for AG rulemaking: Updating as needed the categories of personal information expressly enumerated in the definition of

Posted in Data Protection & Privacy, Drones, Internet, Policy & Regulation, Spectrum, Technology Photo of Michele FarquharPhoto of Timothy TobinPhoto of Mark Parsons

The Internet of Things Webinar Series: 2018 in a nutshell and what 2019 has in store for IoT

On 18th December we hosted the final instalment in our Internet of Things Webinar series for 2018 (more to come in 2019!). Michele Farquhar, Tim Tobin, Mark Parsons, and Valerie Kenyon provided a round-up of the hot topics from 2018, including key regulatory and legal developments in the U.S., Europe, and Asia, in areas such as connected vehicles, drones, smart phones, medical devices, and many more. They also provided an insightful look into what developments and changes 2019 has in store. Please click here to listen to the webinar recording.

Posted in Data Protection & Privacy Photo of Timothy Tobin

California Consumer Privacy Act: The Challenge Ahead – CCPA and Employee Data

This is the seventh installment in Hogan Lovells’ series on the California Consumer Privacy Act. The application of the California Consumer Protection Act of 2018 (“CCPA”) to employee data has been the subject of much debate since the first version of the bill was introduced on June 21, 2018 (just days prior to its enactment on June 28). Under a plain language reading of the CCPA, the law likely applies to employee data. However, it is unclear whether the California legislature intended that result. There is no clarity to be

Posted in Data Protection & Privacy, Policy & Regulation Photo of Timothy TobinPhoto of Paul Otto

California Passes First-Of-Its-Kind Law Focussed on Internet of Things Cybersecurity

Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. Starting on January 1, 2020, manufacturers of regulated connected devices are required to equip such devices with “reasonable security features” designed to protect a connected device and any information it holds from “unauthorized access, destruction, use, modification, or disclosure.” This legislation was prompted by what the bill’s sponsor viewed as a “lack of security features on internet connected devices undermin[ing] the privacy and security of California’s consumers.”

Posted in Data Protection & Privacy, Policy & Regulation Photo of Mark BrennanPhoto of Harriet PearsonPhoto of Bret CohenPhoto of Timothy Tobin

Now Available: California Consumer Privacy Act: What you need to know now webinar recording and slides

Thank you to everyone who participated in last week’s webinar “California Consumer Privacy Act: What you need to know now.” In this complimentary webinar, Hogan Lovells partners Mark Brennan, Bret Cohen, Harriet Pearson, and Tim Tobin, discussed: • What triggered the new law? • What data is covered? • What does CCPA require, and how do you start operationalizing the requirements? • Disclosure requirements • Opt-out and opt-in requirements • Data access, portability, and “right to delete” requirements • What’s the impact on your GDPR compliance program-what additional steps do

Posted in Data Protection & Privacy, Policy & Regulation Photo of Mark BrennanPhoto of Bret CohenPhoto of Harriet PearsonPhoto of Timothy Tobin

Webinar Invitation – California Consumer Privacy Act: What you need to know now

On June 28, 2018, California’s governor signed Assembly Bill 375, a ground-breaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR).  Particularly in light of California’s status as the world’s 5th largest economy, many are wondering how the new California Consumer Privacy Act (CCPA) will affect them. Please join members of the Hogan Lovells global privacy team to arm yourself first-hand with insights about: What triggered the new law? What data is covered? What does the CCPA require,

Posted in Data Protection & Privacy, Policy & Regulation Photo of Mark BrennanPhoto of Timothy Tobin

California Enacts Sweeping New Comprehensive Privacy Legislation

California continues to be a first mover in privacy in the United States, enacting the US’s toughest and most comprehensive privacy legislation on Thursday, June 28, 2018. Unlike existing state and federal privacy legislation that has generally focused on specific sectors or privacy issues, the California Consumer Privacy Act of 2018 (AB 375), applies broadly to businesses that collect personal information about California consumers and aims to create significant new consumer privacy rights. In doing so, it creates significant new obligations for businesses. The new law was a fast-tracked effort

Posted in Cybersecurity, Data Protection & Privacy Photo of Timothy TobinPhoto of Winston Maxwell

Straight Talks podcast: Data privacy and cybersecurity in the age of rolling smart devices

The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture. Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar scope, but now the need is to safeguard data against cyber attacks and privacy breaches. And once again, the automobile industry will feel the regulatory impact. Autonomous and connected vehicles

Posted in Data Protection & Privacy, Technology Photo of Timothy TobinPhoto of W. James Denvil

Navigating the Road Ahead: Auto Industry Stakeholders and Regulators Convene to Discuss Connected Vehicle Privacy

In the same week that the automotive industry gathers in Washington, D.C. for the 2018 Washington Auto Show, a cross-section of automotive stakeholders, government officials, and consumer and privacy advocates came together at Hogan Lovells’ Washington office to discuss privacy issues facing connected vehicles. The half-day conference, co-hosted by Hogan Lovells and the Future of Privacy Forum, convened on January 23, with the theme of “Privacy and the Connected Vehicle: Navigating the Road Ahead.” Panels focused on the privacy landscape surrounding automobiles and connectivity generally, regulatory developments and areas of government interest,

Posted in Data Protection & Privacy Photo of W. James DenvilPhoto of Timothy Tobin

FTC and NHTSA to Explore Vehicle Privacy and Security Issues

The Federal Trade Commission (FTC) and National Highway Traffic Safety Administration (NHTSA) are co-hosting a workshop on June 28, 2017, to explore the privacy and security issues raised by automated and connected vehicle technologies. The agencies are looking to explore the types of data such technologies collect, store, transmit, and share; the potential benefits and challenges posed by the technologies; the privacy and security practices of vehicle manufacturers; the roles that federal agencies should play in regulating privacy and security issues; and how self-regulatory standards apply to connected vehicle privacy

Posted in Internet, Telecoms & Broadband Photo of Paul OttoPhoto of Timothy Tobin

NTIA Highlights Promise and Policy Challenges of IoT, Seeks Additional Comments

On January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the Advancement of the Internet of Things,” which assesses the technological and policy landscape of the Internet of Things (IoT). The Green Paper is expansive in scope, reflecting the broad range of issues raised in comments submitted by stakeholders in the private sector, academia, government, and civil society following NTIA’s April 2016 request for public comment. The Green Paper identifies

Posted in Data Protection & Privacy, Technology Photo of Timothy TobinPhoto of Winston Maxwell

European Commission Outlines Data Sharing Strategy for Connected Vehicles

Connected vehicles today are rolling computers able to exchange information wirelessly with manufacturers, other vehicles, and third party service providers to significantly improve safety, efficiency, and comfort for drivers.  Many entities are interested in the data these connected vehicles generate and transmit.  These entities include dealers and repair shops, vehicle fleet service providers, end-users, infrastructure operators, diagnostics providers, researchers, financial services companies and insurance companies.  The European Commission and industry actors in Europe, while recognizing the challenges of wide-spread deployment of these technologies, have taken further steps to develop a

Posted in Data Protection & Privacy Photo of Logan BreedPhoto of Timothy TobinPhoto of Meghan Rissmiller

FTC Issues Sharing Economy Report

In June 2015, the Federal Trade Commission (FTC) held a workshop on The “Sharing” Economy: Issues Facing Platforms, Participants, and Regulators. The Commission also solicited public comments on the topic, receiving more than 2,000 comments in response. On 17 November, the Commission issued a report summarizing the issues explored in the workshop and the public comments. The report emphasized that the workshop (and its ensuing summary) was not intended “as a precursor to law enforcement” but “an opportunity to learn more” about this rapidly evolving business model and to aid

Posted in Data Protection & Privacy Photo of Timothy TobinPhoto of Katherine Gasztonyi

FTC Seeks Public Comment on Safeguards Rule

On 29 August the FTC announced a request for public comment on the Standards for Safeguarding Consumer Information Rule (the Safeguards Rule). The FTC promulgated the Safeguards Rule in 2002, implementing Title V of the Gramm-Leach-Bliley Act (GLBA), which required federal agencies to establish standards for the administrative, technical, and physical safeguards employed by financial institutions for certain information. In addition to general requests for comment, the FTC requested that five specific issues be addressed, which we have outlined below. Comments are due by November 7, 2016. The Safeguards Rule The

Posted in Data Protection & Privacy Photo of Winston MaxwellPhoto of Timothy Tobin

ENISA Jumpstarts Connected Car Cybersecurity Study for EU

With attention to connected car cybersecuity issues increasing globally, the European Union Agency for Network and Information Security (ENISA) is leading the EU’s first bloc-wide initiative to identify cybersecurity rules of the road for connected cars. On July 13, ENISA announced a study aimed at creating a comprehensive list of cybersecurity policies, tools, standards, and measures to enhance security in next-generation automobiles. ENISA will include interviews with relevant stakeholders like car manufacturers and Tier 1 and 2 suppliers and solicit feedback on its findings at an open workshop October 10 in

Posted in Data Protection & Privacy, Policy & Regulation Photo of Timothy TobinPhoto of W. James Denvil

Second Circuit Holds That U.S. Cannot Compel By Warrant Microsoft’s Production of Emails Stored Outside of U.S., Citing The Stored Communications Act’s Privacy Protections and Lack of Extraterritorial Effect

A three-judge panel of the U.S. Court of Appeals for the Second Circuit today unanimously reversed a lower court’s denial of Microsoft’s motion to quash a warrant seeking the content of emails for a customer of its Outlook.com email service.  The decision is surprising in that that U.S. courts, including the Second Circuit, have traditionally enforced government process seeking documents or data stored abroad from entities that have control over the information under the test of “control, not location.”  See In the Matter of a Grand Jury Subpoena Directed to

Posted in Data Protection & Privacy, Policy & Regulation, Telecoms & Broadband Photo of Timothy TobinPhoto of Mark BrennanPhoto of Michele FarquharPhoto of Julie Brill

NTIA Commences Internet of Things Proceeding

On April 5, 2016, the National Telecommunications and Information Administration (NTIA) initiated an inquiry to review the potential benefits and challenges presented by the Internet of Things (IoT). In its Notice and request for public comment (RFC), NTIA is seeking input on the current IoT technological and policy landscape with a goal of developing recommendations—in the form of a Green Paper—as to whether and how the federal government should play a role in fostering the advancement of IoT technologies. Comments are due on or before May 23, 2016 at 5:00

Posted in Data Protection & Privacy Photo of Timothy TobinPhoto of Harriet PearsonPhoto of Katherine Gasztonyi

CFPB Dives Into Data Security Enforcement

On March 2, 2016, the Consumer Financial Protection Bureau (CFPB) announced its first data security enforcement action in the form of a Consent Order with online payment platform Dwolla, Inc.  The five-year Consent Order is based on CFPB allegations that Dwolla engaged in deceptive acts and practices by misrepresenting to consumers that it had “reasonable and appropriate data security practices.”  Dwolla neither admitted nor denied that it engaged in data security misrepresentations.  The CFPB fined Dwolla $100,000, enjoined it from making further misrepresentations, and is requiring that it develop a

Posted in Data Protection & Privacy Photo of Timothy TobinPhoto of Katherine Gasztonyi

FDIC Publication Emphasizes Framework for Cybersecurity

Earlier this month, the Federal Deposit Insurance Corporation’s (FDIC) Division of Risk Management Supervision released “A Framework for Cybersecurity” in its Winter 2015 issue of Supervisory Insights. The FDIC article outlines the current and evolving cyber threat landscape and identifies the challenges presented by these threats as “critical” to financial institutions. The article describes regulatory steps the FDIC has taken and also how banks should incorporate cybersecurity into their overall risk management framework. The article is helpful for understanding the FDIC’s cybersecurity focus and the issues upon which it expects

Posted in Data Protection & Privacy Photo of H. Deen KaplanPhoto of Harriet PearsonPhoto of Timothy Tobin

New York Department of Financial Services Previews Rigorous Cybersecurity Rules for Financial Sector

On November 9, 2015, Anthony Albanese, Acting Superintendent of the New York State Department of Financial Services (NYDFS), issued a letter to a wide array of federal and state financial services regulators that are part of the Financial and Banking Information Infrastructure Committee (FBIIC). The FBIIC members work together to enhance the reliability and security of financial sector infrastructure. Mr. Albanese’s letter outlines potential new cybersecurity regulations that would impact NYDFS-regulated financial institutions. The letter, which follows numerous steps taken by the NYDFS in recent years to better understand and mitigate

Posted in Data Protection & Privacy Photo of Timothy TobinPhoto of Tim Wybitul

European Commission Issues Opinion on Safe Harbor after Schrems

On November 6, 2015, the European Commission issued its widely anticipated Communication to the European Parliament and Council about the effect of the Court of Justice of the European Union’s (CJEU) Schrems decision, which invalidated the U.S.-EU Safe Harbor framework.  The Commission expresses a commitment to negotiate with the U.S. Government a new framework for cross-border transfers of personal data.  The Commission also emphasizes that the Communication does not have binding legal effect, but concludes that: