Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Category Archives: Data Protection & Privacy

Posted in Consumer Privacy, Data Protection & Privacy, Policy & Regulation, TMT2020 Mark BrennanSean Spivey

Commerce Secretary Ross to FCC: Overbroad TCPA Rules Could Have a “Devastating” Impact on Federal Agencies and the 2020 Census

As we head towards 2020, it’s time once again for the decennial U.S. national Census – one of the broadest data collections that the United States federal government undertakes to learn more about its citizens, recalibrate Congressional districts, allocate public funding, and deliver critical public services. But the government’s ability to conduct the upcoming Census is under threat from an … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, International/EU privacy, Policy & Regulation, privacy and security litigation

Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019

What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019?

2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the … Continue Reading

Posted in Advertising, Data Protection & Privacy, Digital Single Market (EU) Christelle Coslin

Hosting providers of websites are not as such data controllers and only incur limited liability, French Court of Appeal says

In a decision dated March 1st, 2019, the Paris Court of Appeal reminded that specific conditions must be met for hosting providers to be held liable in case of unlawful content. The French court also ruled that hosting providers are not data controllers per se and, as such, are not subject to obligations under the Data Protection Act.

In this … Continue Reading

Posted in Data Protection & Privacy, International/EU privacy Ewa KacperekWeronika Wolosiuk

First Fine Imposed by the Polish DPA Under the GDPR

The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000; approximately USD 245,977) for failing to fulfil the company’s transparency obligations towards over six million data subjects under Article 14 of Europe’s General Data Protection Regulation (GDPR).

This is the first fine imposed by the Polish DPA under … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, privacy and security litigation, Technology

Privacy and Cybersecurity April 2019 Events

Please join us for our April events.

April 2                             Trust in data, no longer a luxury?
Nicola Fulford and James Denvil will speak at the workshop,” Trust in data, no longer a luxury – Privacy, security, and consumer trust for 21st century,” at the Luxury Law London Summit. They will discuss some of the challenges of succeeding in a data-driven … Continue Reading

Posted in Data Protection & Privacy, Internet, Policy & Regulation

Crumbs of Comfort: the Advocate-General’s Opinion on Consent and Cookies in Planet49

It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving cookies. The European Data Protection Board recently released an opinion on this topic (as we discuss here), and on 21 March the … Continue Reading

Posted in Consumer Privacy, Data Protection & Privacy, Policy & Regulation Mark BrennanSarah K. Leggin

Assessing the Evolving U.S. Privacy Landscape and the Road Ahead

New proposals to protect consumer privacy in the U.S. seem to be appearing every day. There are now more than 90 privacy proposals that federal, state, and local regulators and policymakers are considering as privacy continues to dominate the news cycle. Hogan Lovells partners Mark Brennan and Nicola Fulford led a panel of industry stakeholders at the INCOMPAS Policy Summit … Continue Reading

Posted in Data Protection & Privacy, intellectual property, Policy & Regulation, Technology

Consumer Horizons 2019 – IP in the mix

The Consumer industry is evolving at lightning speed, and the way consumer companies operate is shifting. From issues in supply chain to the digitalization of the consumer experience, companies are rapidly changing to keep up with consumer demands. Last year businesses in the consumer industry saw a wave of unprecedented disruption and transformation, and 2019 promises challenges of similar or … Continue Reading

Posted in Data Protection & Privacy, Entertainment & Content, Internet Penny ThorntonLucy AdelmanJamie Pollock

UK House of Lords Select Committee calls for a Digital Authority to regulate the online world

On 9 March 2019, the House of Lords Select Committee on Communications published its report on “Regulating in a digital World”. It included a number of recommendations to the government, including 10 guiding principles for the development of regulation online, a new public interest test for data driven mergers and a new Digital Authority, to oversee regulation of the digital … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation, privacy and security litigation Eduardo Ustaran

EDPB Joins the Dots of ePrivacy and GDPR

On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation (“GDPR”). The Belgian Data Protection Authority had, on 3 December 2018, requested that the EDPB examine the overlap between the two laws and in particular the … Continue Reading

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Joke Bodewits

Dutch Data Protection Authority Sets GDPR Fines Structure

On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act).

The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, International/EU privacy, Policy & Regulation, privacy and security litigation Joke Bodewits

Dutch Data Protection Authority States Cookie Walls Violate GDPR

On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website until he or she consents to the placing of tracking cookies or similar technologies.

Under current Dutch cookie law, functional … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, privacy and security litigation, Technology

A global approach to IoT cybersecurity?

The European Telecommunications Standards Institute (ETSI) has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by … Continue Reading

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Dr. Christian TinnefeldDr. Henrik Hanßen

GDPR Enforcement Update: Increasing Fines Expected from German DPAs | HL Chronicle of Data Protection

Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. Now that the dust of the immediate GDPR compliance rush is settling, the first details of fines imposed under the GDPR and the number of cases pending with Data Protection Authorities (DPAs) in Europe are being made … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellChristine Gateau

An Approach for Setting Administrative Fines Under the GDPR

Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Timothy TobinHarriet PearsonMark BrennanBret Cohen

California DoJ Sets March 8 Deadline for CCPA Pre-Rulemaking Comments

The California Department of Justice has announced a March 8, 2019 deadline for submitting written pre-rulemaking comments on the California Consumer Privacy Act (CCPA). The March 8 deadline is an extension from the previously set end-of-February deadline.

Pursuant to section 1798.185(a) of the CCPA, the California Attorney General (AG) is obligated to solicit broad public participation and adopt regulations to … Continue Reading

Posted in Data Protection & Privacy Jakub BaczukEwa Kacperek

Poland: credit scoring in danger?

A draft act on adjusting the Polish legal system to the provisions of the GDPR is under way in the lower house of the Polish Parliament (Sejm).

The draft act contains, among others, provisions amending the rules for processing personal data by banks, credit institutions, loan companies and other entities regulated by Polish banking law.

Particular controversy has … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation, Technology Winston MaxwellJohn Salmon

EU: Are blockchain and data protection incompatible?

Since publishing the original version of our guide to blockchain and data protection in September 2017, there has been considerable further commentary from academics, politicians and practitioners, some of which suggested that there is inherent incompatibility of blockchain systems with EU data protection law.

This updated version of our guide puts forward our views on this question, offering a more … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Licensing, Policy & Regulation, Technology Winston MaxwellMark BrennanArpan Sura

Hogan Lovells publishes Demystifying the U.S. CLOUD Act

Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions.

Demystifying the U.S. CLOUD Act was written by Hogan Lovells partners Winston Maxwell and Mark Brennan, and senior associate Arpan Sura.

The report … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Drones, Internet, Policy & Regulation, Technology Mark Parsons

Privacy, Cybersecurity, and the Internet of Things in Asia: What to Expect in 2019

Increasing numbers of initiatives, devices, and solutions related to the Internet of Things (IoT) are substantially impacting the development of cybersecurity and data privacy regulations throughout Asia. After the implementation of the General Data Protection Regulation (GDPR) in Europe, for example, Asian lawmakers are considering strengthening their own data protection laws. The region is also characterized by a push in … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation

Are You Ready for Brazil’s New Data Protection Law?

The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection … Continue Reading

Posted in Data Protection & Privacy, Drones, Internet, Policy & Regulation, Spectrum, Technology Michele FarquharTimothy TobinMark Parsons

The Internet of Things Webinar Series: 2018 in a nutshell and what 2019 has in store for IoT

On 18th December we hosted the final instalment in our Internet of Things Webinar series for 2018 (more to come in 2019!). Michele Farquhar, Tim Tobin, Mark Parsons, and Valerie Kenyon provided a round-up of the hot topics from 2018, including key regulatory and legal developments in the U.S., Europe, and Asia, in areas such as connected vehicles, drones, smart … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy Christine GateauMichelle KisloffAdam Cooke

Going global: Data class actions make their way to the EU

Class actions have become an increasingly common means to seek redress in data privacy cases. With data breaches and data privacy claims on the rise, we asked our lawyers in France and the U.S. what you should bear in mind.

How real is the risk of class actions in data privacy?

Michelle Kisloff, U.S.: Class actions have long been … Continue Reading

Posted in Advertising, Data Protection & Privacy, Policy & Regulation Julian Flamant

Digital Media Company Agrees to $4.95 Million COPPA Penalty in Settlement with NYAG

On December 4, 2018, the New York Attorney General (NYAG) announced that Oath Inc., which was known until June 2017 as AOL Inc. (AOL), has agreed to pay a $4.95 million civil penalty to settle allegations that AOL’s ad exchange practices violated the Children’s Online Privacy Protection Act (COPPA). The $4.95 million penalty is the largest ever assessed by any … Continue Reading