Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Category Archives: Data Protection & Privacy

Posted in Data Protection & Privacy

Privacy and Cybersecurity October 2019 Events

Please join us for our October Events.

October 15
Privacy + Security Forum
Bret Cohen is a speaker on the panel “The Notice Trap: When and How to ‘Inform,’ Provide ‘Explicit Notice,’ and ‘Disclose’ Under the CCPA” at the Privacy + Security Academy’s Privacy + Security Forum.
Location: Washington, D.C.

October 15
Privacy + Security Forum
Pete Marta is a … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy Paul OttoW. James DenvilJulian Flamant

New York Enacts New Data Security Laws

On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding the scope of information covered by New York’s data breach notification law; defining breaches to include incidents involving unauthorized access to covered information, even where the … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation, privacy and security litigation, Telecoms & Broadband Mark BrennanAdam CookeAlicia PallerJoseph J. Cavanaugh

Ill-Suited: Private Rights of Action and Privacy Claims

“For years, the plaintiffs’ bar has conjured multibillion-dollar class action lawsuits out of largely intangible privacy harms. This wave of litigation is increasingly driven by federal and state statutes that include private rights of action and allow for excessive statutory damages. Given the willingness of some courts to let cases proceed despite a lack of allegations or evidence of concrete Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation

Privacy and Cybersecurity KnowledgeShare event: Sept 19, London

Join us on Thursday 19 September for our Privacy and Cybersecurity KnowledgeShare in London. We’ll share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops.

Topics will include:

  • Nailing the basics –
Continue Reading
Posted in Data Protection & Privacy

Now Available: Webinar – Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies

We have extensively covered the California Consumer Privacy Act, the first U.S. law comprehensively regulating the collection, use, and disclosure of general consumers’ personal information in the U.S.  This important legislation poses significant compliance challenges for organizations that engage with residents of California, the world’s fifth largest economy.

On June 19, 2019, Hogan Lovells partners Mark Brennan and Bret CohenContinue Reading

Posted in Cybersecurity, Data Protection & Privacy, intellectual property Andrew McGinty

China’s first Data Protection Measures lifting its veils

On May 28, 2019, the Cyberspace Administration of China released the draft Measures on the Administration of Data Security (“Data Security Measures“, see our in-house English translation here) for public consultation.

These Data Security Measures will be a great leap forward in China’s current data protection landscape, which mainly consists of scattered provisions contained in various pieces … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Internet

Privacy and Cybersecurity June 2019 Events

Please join us for our June events.

June 4
Privacy Breakfast
Paul Otto and Tim Tobin are presenting at the Hogan Lovells Munich office’s privacy breakfast, “EU General Data Protection Regulation,” on privacy topics such as the California Consumer Privacy Act (CCPA), cybersecurity and data breaches, and sector-specific issues found in the life sciences and health care, automotive, and financial … Continue Reading

Posted in Artificial Intelligence, Data Protection & Privacy Mark BrennanBret CohenFilippo Raso

NIST Seeking Input on AI Technical Standards by May 31, 2019

On May 1, 2019, the National institute of Standards and Technology (NIST) announced a Request for Information (RFI) in the Federal Register regarding ongoing efforts to develop technical standards for artificial intelligence (AI) technologies and the identification of priority areas for federal involvement in AI standards-related activities. Responses to the RFI are due by May 31, 2019.

The RFI … Continue Reading

Posted in Data Protection & Privacy, International/EU privacy, Policy & Regulation Joke Bodewits

Will Widened Class Actions Regime Boost Data Litigation in the Netherlands?

On 19 March 2019, the Dutch Senate approved legislation introducing collective damages actions in the Netherlands (the “Legislation”) which will broaden the regime even further. The Legislation introduces an option to claim monetary damages in a “US style” class action, including for violations of the GDPR. This Legislation together with the mechanisms already available under Dutch law put the Netherlands … Continue Reading

Posted in Data Protection & Privacy, International/EU privacy Eduardo Ustaran

The EDPB’s Narrow View of Contractual Necessity

The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data. The Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (adopted on April 9, 2019 and open for consultation until May 24, … Continue Reading

Posted in Consumer Privacy, Data Protection & Privacy, Policy & Regulation, TMT2020 Mark BrennanSean Spivey

Commerce Secretary Ross to FCC: Overbroad TCPA Rules Could Have a “Devastating” Impact on Federal Agencies and the 2020 Census

As we head towards 2020, it’s time once again for the decennial U.S. national Census – one of the broadest data collections that the United States federal government undertakes to learn more about its citizens, recalibrate Congressional districts, allocate public funding, and deliver critical public services. But the government’s ability to conduct the upcoming Census is under threat from an … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, International/EU privacy, Policy & Regulation, privacy and security litigation

Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019

What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019?

2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the … Continue Reading

Posted in Advertising, Data Protection & Privacy, Digital Single Market (EU) Christelle Coslin

Hosting providers of websites are not as such data controllers and only incur limited liability, French Court of Appeal says

In a decision dated March 1st, 2019, the Paris Court of Appeal reminded that specific conditions must be met for hosting providers to be held liable in case of unlawful content. The French court also ruled that hosting providers are not data controllers per se and, as such, are not subject to obligations under the Data Protection Act.

In this … Continue Reading

Posted in Data Protection & Privacy, International/EU privacy Ewa KacperekWeronika Wolosiuk

First Fine Imposed by the Polish DPA Under the GDPR

The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000; approximately USD 245,977) for failing to fulfil the company’s transparency obligations towards over six million data subjects under Article 14 of Europe’s General Data Protection Regulation (GDPR).

This is the first fine imposed by the Polish DPA under … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, privacy and security litigation, Technology

Privacy and Cybersecurity April 2019 Events

Please join us for our April events.

April 2                             Trust in data, no longer a luxury?
Nicola Fulford and James Denvil will speak at the workshop,” Trust in data, no longer a luxury – Privacy, security, and consumer trust for 21st century,” at the Luxury Law London Summit. They will discuss some of the challenges of succeeding in a data-driven … Continue Reading

Posted in Data Protection & Privacy, Internet, Policy & Regulation

Crumbs of Comfort: the Advocate-General’s Opinion on Consent and Cookies in Planet49

It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving cookies. The European Data Protection Board recently released an opinion on this topic (as we discuss here), and on 21 March the … Continue Reading

Posted in Consumer Privacy, Data Protection & Privacy, Policy & Regulation Mark BrennanSarah K. Leggin

Assessing the Evolving U.S. Privacy Landscape and the Road Ahead

New proposals to protect consumer privacy in the U.S. seem to be appearing every day. There are now more than 90 privacy proposals that federal, state, and local regulators and policymakers are considering as privacy continues to dominate the news cycle. Hogan Lovells partners Mark Brennan and Nicola Fulford led a panel of industry stakeholders at the INCOMPAS Policy Summit … Continue Reading

Posted in Data Protection & Privacy, intellectual property, Policy & Regulation, Technology

Consumer Horizons 2019 – IP in the mix

The Consumer industry is evolving at lightning speed, and the way consumer companies operate is shifting. From issues in supply chain to the digitalization of the consumer experience, companies are rapidly changing to keep up with consumer demands. Last year businesses in the consumer industry saw a wave of unprecedented disruption and transformation, and 2019 promises challenges of similar or … Continue Reading

Posted in Data Protection & Privacy, Entertainment & Content, Internet Penny ThorntonLucy AdelmanJamie Pollock

UK House of Lords Select Committee calls for a Digital Authority to regulate the online world

On 9 March 2019, the House of Lords Select Committee on Communications published its report on “Regulating in a digital World”. It included a number of recommendations to the government, including 10 guiding principles for the development of regulation online, a new public interest test for data driven mergers and a new Digital Authority, to oversee regulation of the digital … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation, privacy and security litigation Eduardo Ustaran

EDPB Joins the Dots of ePrivacy and GDPR

On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation (“GDPR”). The Belgian Data Protection Authority had, on 3 December 2018, requested that the EDPB examine the overlap between the two laws and in particular the … Continue Reading

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Joke Bodewits

Dutch Data Protection Authority Sets GDPR Fines Structure

On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act).

The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, International/EU privacy, Policy & Regulation, privacy and security litigation Joke Bodewits

Dutch Data Protection Authority States Cookie Walls Violate GDPR

On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website until he or she consents to the placing of tracking cookies or similar technologies.

Under current Dutch cookie law, functional … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, privacy and security litigation, Technology

A global approach to IoT cybersecurity?

The European Telecommunications Standards Institute (ETSI) has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by … Continue Reading

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Dr. Christian TinnefeldDr. Henrik Hanßen

GDPR Enforcement Update: Increasing Fines Expected from German DPAs | HL Chronicle of Data Protection

Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. Now that the dust of the immediate GDPR compliance rush is settling, the first details of fines imposed under the GDPR and the number of cases pending with Data Protection Authorities (DPAs) in Europe are being made … Continue Reading