Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Category Archives: Data Protection & Privacy

Posted in Cybersecurity, Data Protection & Privacy, Internet of Things, Policy & Regulation, Technology

Webinar: The impact of California Privacy and Cybersecurity law on IoT in the home

We are pleased to invite you to the next webinar in our Internet of Things series, focusing on the impact of the following California (and other) laws on IoT offerings: California Consumer Privacy Act (CCPA) The new California Privacy Rights and Enforcement Act (CPRA) The California IoT security bill California and other privacy laws have a significant impact on consumer applications and devices for home-based use. Through representative use cases in the following areas, attorneys in our top-rated Hogan Lovells Privacy and Cybersecurity practice will discuss strategies for building and

Posted in Cybersecurity, Data Protection & Privacy

Upcoming privacy and cybersecurity events – October

Please join us for our October 2020 events October 21-23 Mark Brennan will be leading a panel at the virtual Fall Academy 2020 Privacy + Security Forum, where he will be joined by other seasoned experts for deep-dive sessions with practical takeaways. October 22 Bret Cohen will be part of the recording for “We Love You, You’re Perfect, Now Change: Stories of Data Protection in M&A”, an IAPP installment where speakers will discuss privacy, security, and risk. The recording will be made available online. October 23 Tim Tobin and Bret Cohen will be joined by Jared Bomberg, Senior

Posted in Data Protection & Privacy Photo of Elisabethann Wright

Belgian DPA Issues Guidance on Temperature Measurements in the Context of COVID-19

In the context of their return-to-work policies companies are seeking solutions to detect individuals with fever at the entrance of their premises with the aim of preventing further contamination within the buildings. This can be achieved by means of conventional thermometers, digital fever scanners directed at the forehead of the person, or sophisticated thermal camera systems. The Belgian Data Protection Authority has issued a guidance in which it adopts a strict position regarding the implications of temperature screenings for individuals’ data privacy rights. More specifically, it provides that the simple

Posted in Data Protection & Privacy

Facial Recognition Challenged by French Administrative Court

In a decision (French only) dated 27 February 2020, the French Administrative Court of Marseille invalidated the deliberation of the Provence-Alpes-Côte d’Azur Regional Council which allowed to set up, on an experimental basis, a facial recognition mechanism in two high schools in order to (i) better control and speed up entry of students into the high schools and (ii) control access to premises of occasional visitors. This decision is important as this is the first administrative court decision in France about facial recognition. Since the GDPR entered into force, it

Posted in Data Protection & Privacy Photo of Eduardo UstaranPhoto of Lilly Taranto

Making COVID-19 Apps Data Protection Compliant

The role of COVID-19 contact tracing apps in the exit strategy of the current lockdown that is gripping much of the world is increasingly becoming a focus of attention. While that role is being hotly debated, it is very likely that those apps in combination with other measures will be deployed across many countries. Until now and despite the calls by influential bodies such as the European Data Protection Supervisor for a coordinated approach to the development of single COVID-19 mobile app involving the World Health Organization, different countries have

Posted in Advertising, Data Protection & Privacy, Technology

Webinar Invitation — AdTech and Privacy: Managing Risk in a Complex and Evolving Digital Economy

Join Hogan Lovells and Ankura to learn about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. James Denvil from Hogan Lovells’ Privacy and Cybersecurity practice by senior directors from Ankura to share best practices and their perspectives. Program topics will include: Cookies and Similar Tracking Technologies Defined How cookies and similar tracking technologies support and enhance digital services, including advertising Types of cookies (are your cookies strictly necessary or for marketing purposes?) Ways in which consumers’ digital activities are shared throughout the digital advertising

Posted in Data Protection & Privacy Photo of Katie McMullanPhoto of Eduardo Ustaran

Getting Customer Communications Right in Times of Coronavirus

Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. With all of the cancellations, postponements, and alternative arrangements that are required as a result of this global crisis, plus the special desire of all retail, travel, and other consumer-facing businesses to stay in touch with their customers, many organisations face the critical challenge of getting to grips with the legal rules that apply to those unsolicited communications and interactions. Privacy

Posted in Data Protection & Privacy, Internet, Policy & Regulation Photo of Ewa KacperekPhoto of Weronika Wolosiuk

A summary of polish legislation and of the guidelines of authorities concerning covid-19 in the context of data protection

To meet your questions and concerns related to maintaining the principles of personal data protection in the face of the global COVID-19 pandemic, we have prepared a short guide to the key legal regulations and guidelines of authorities that you should keep in mind not only when conducting business and professional activity but also in everyday life. 1.         COVID-19 Act Decisions, orders, recommendations and guidelines addressed to legal entities and entrepreneurs The Act of 2 March 2020 on special solutions related to the prevention, counteracting and combating of COVID-19, other

Posted in Data Protection & Privacy, Policy & Regulation

Brexit and Data Protection: Boom for data centre operators in Continental Europe?

Data centre operators in Europe could benefit from Brexit and have already been preparing for years for precisely this scenario, including by expanding such data centre capacities in Continental Europe. The United Kingdom (UK) finally left the EU on 31 January 2020. The withdrawal agreement provides for the UK to continue to be treated largely as an EU member state until the end of the transition period on 31 December 2020, while both sides work out the future rules for cooperation. For the period after this, current prime Minister Boris

Posted in Data Protection & Privacy, Telecoms & Broadband Photo of Mark BrennanPhoto of Arpan SuraPhoto of Kathryn Marshall Ali

Webinar | New TRACED Act and Robocall Year in Review: What you need to know

It was a very busy year on the robocall front, and on 30 December 2019, President Trump signed into law the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act (S. 151), which the House and Senate passed by wide, bipartisan margins earlier this year. The TRACED Act is the most significant robocall legislation in years. It requires the Federal Communications Commission (FCC) to take steps to improve call verification, reduce the number of illegal robocalls, and enhance the federal government’s Telephone Consumer Protection Act (TCPA) enforcement efforts. Among

Posted in Cybersecurity, Data Protection & Privacy, Privacy and Security Litigation

Privacy and Cybersecurity November 2019 Events

Please join us for our November 2019 events. November 5 Your Body as Data Mark Brennan will speak on the panel, “Your Body as Data: Facial Recognition, Biometrics, and the Future of Privacy,” at the Columbus School of Law at The Catholic University of America. Location: Washington, D.C. November 5 2019 Data Protection Leadership Forum Eduardo Ustaran will speak during the session, “International Issues,” and will participate in a Q&A Session at the 2019 Data Protection Leadership Forum hosted by Arthur Cox. Location: Dublin November 20 IAPP Europe Data Protection Congress Eduardo

Posted in Artificial Intelligence, Blockchain, Copyright, Cybersecurity, Data Protection & Privacy, Intellectual Property, Internet, Policy & Regulation, Technology

A Turning Point for Tech – Global survey on digital regulation

Whilst political uncertainty may have businesses’ attention fixed, the Hogan Lovells Global Survey on Digital Regulation: ‘A Turning Point for Tech’ suggests that tech companies should be looking elsewhere. During yesterday’s launch at Hogan Lovells’ London Office, editor of the survey, Falk Schoening uncovered the 452 digital regulations that had been proposed across 16 jurisdictions in just six months of monitoring. The report aims to provide insight for what is on the horizon for tech companies, giving them a ‘heads up’ on how they should look at their business models

Posted in Data Protection & Privacy

Privacy and Cybersecurity October 2019 Events

Please join us for our October Events. October 15 Privacy + Security Forum Bret Cohen is a speaker on the panel “The Notice Trap: When and How to ‘Inform,’ Provide ‘Explicit Notice,’ and ‘Disclose’ Under the CCPA” at the Privacy + Security Academy’s Privacy + Security Forum. Location: Washington, D.C. October 15 Privacy + Security Forum Pete Marta is a speaker on the panel, “Best Practices for Preparing a Ransomware-Related Cyber Incident Response Plan,” at the Privacy + Security Academy’s Privacy + Security Forum. Location: Washington, D.C. October 15 Privacy + Security Forum Tim Tobin is a speaker on the

Posted in Cybersecurity, Data Protection & Privacy Photo of Paul OttoPhoto of W. James DenvilPhoto of Julian Flamant

New York Enacts New Data Security Laws

On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding the scope of information covered by New York’s data breach notification law; defining breaches to include incidents involving unauthorized access to covered information, even where the information is not acquired; and requiring consumer reporting agencies who suffer breaches of social security numbers to offer up to 5 years of identity theft services. Businesses maintaining the private

Posted in Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation, Telecoms & Broadband Photo of Mark BrennanPhoto of Adam CookePhoto of Alicia PallerPhoto of Joseph J. Cavanaugh

Ill-Suited: Private Rights of Action and Privacy Claims

“For years, the plaintiffs’ bar has conjured multibillion-dollar class action lawsuits out of largely intangible privacy harms. This wave of litigation is increasingly driven by federal and state statutes that include private rights of action and allow for excessive statutory damages. Given the willingness of some courts to let cases proceed despite a lack of allegations or evidence of concrete harm, this litigation trend shows no sign of abating.” The U.S. Chamber of Commerce Institute for Legal Reform has published “Ill-Suited: Private Rights of Action and Privacy Claims,” a white

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation

Privacy and Cybersecurity KnowledgeShare event: Sept 19, London

Join us on Thursday 19 September for our Privacy and Cybersecurity KnowledgeShare in London. We’ll share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops. Topics will include: Nailing the basics – Fast insights into key issues such as lawful grounds for processing, people’s rights and DPIAs. Enforcement – What the risk-based approach truly means. Privacy challenges of the digital economy – AI,

Posted in Data Protection & Privacy

Now Available: Webinar – Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies

We have extensively covered the California Consumer Privacy Act, the first U.S. law comprehensively regulating the collection, use, and disclosure of general consumers’ personal information in the U.S.  This important legislation poses significant compliance challenges for organizations that engage with residents of California, the world’s fifth largest economy. On June 19, 2019, Hogan Lovells partners Mark Brennan and Bret Cohen discussed in great detail the impact of the law, explained key definitions, and offered practical guidance on how to navigate it during the webinar, “Operationalizing the California Consumer Privacy Act.” More

Posted in Cybersecurity, Data Protection & Privacy, Intellectual Property Photo of Andrew McGinty

China’s first Data Protection Measures lifting its veils

On May 28, 2019, the Cyberspace Administration of China released the draft Measures on the Administration of Data Security (“Data Security Measures“, see our in-house English translation here) for public consultation. These Data Security Measures will be a great leap forward in China’s current data protection landscape, which mainly consists of scattered provisions contained in various pieces of legislations and standards, such as the Cyber Security Law, the E-Commerce Law, the Consumer Rights Protection Law as well as the Personal Information Security Specification, the most comprehensive yet non-binding national standard

Posted in Cybersecurity, Data Protection & Privacy, Internet

Privacy and Cybersecurity June 2019 Events

Please join us for our June events. June 4 Privacy Breakfast Paul Otto and Tim Tobin are presenting at the Hogan Lovells Munich office’s privacy breakfast, “EU General Data Protection Regulation,” on privacy topics such as the California Consumer Privacy Act (CCPA), cybersecurity and data breaches, and sector-specific issues found in the life sciences and health care, automotive, and financial sectors. Click here to register. Location: Munich, Germany June 25-26 National Association of College and University Attorneys Bret Cohen and Stephanie Gold are presenting at the annual conference of the National Association of College and University Attorneys on the panel, “Focus

Posted in Artificial Intelligence, Data Protection & Privacy Photo of Mark BrennanPhoto of Bret CohenPhoto of Filippo Raso

NIST Seeking Input on AI Technical Standards by May 31, 2019

On May 1, 2019, the National institute of Standards and Technology (NIST) announced a Request for Information (RFI) in the Federal Register regarding ongoing efforts to develop technical standards for artificial intelligence (AI) technologies and the identification of priority areas for federal involvement in AI standards-related activities. Responses to the RFI are due by May 31, 2019. The RFI comes in response to President Trump’s Executive Order to Maintain American Leadership in Artificial Intelligence, which among other actions directs NIST to develop a plan to guide the federal government’s engagement

Posted in Data Protection & Privacy, Policy & Regulation Photo of Joke Bodewits

Will Widened Class Actions Regime Boost Data Litigation in the Netherlands?

On 19 March 2019, the Dutch Senate approved legislation introducing collective damages actions in the Netherlands (the “Legislation”) which will broaden the regime even further. The Legislation introduces an option to claim monetary damages in a “US style” class action, including for violations of the GDPR. This Legislation together with the mechanisms already available under Dutch law put the Netherlands at the forefront of collective redress in Europe. The Legislation is expected to enter into force in July 2019 and will apply to events which took place on or after

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

The EDPB’s Narrow View of Contractual Necessity

The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data. The Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (adopted on April 9, 2019 and open for consultation until May 24, 2019) provide a detailed assessment of the regulator’s interpretation of the law. Article 6(1)(b) sets out one of the six possible lawful grounds for personal data processing under the European Union’s

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019

What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019? 2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the promulgation of an important GDPR-inspired national standard in China and the tabling of a draft data protection law in India that shares the same lineage. Rising public awareness of data