On 18th December we hosted the final instalment in our Internet of Things Webinar series for 2018 (more to come in 2019!). Michele Farquhar, Tim Tobin, Mark Parsons, and Valerie Kenyon provided a round-up of the hot topics from 2018, including key regulatory and legal developments in the U.S., Europe, and Asia, in areas such as connected vehicles, drones, smart … Continue Reading
Class actions have become an increasingly common means to seek redress in data privacy cases. With data breaches and data privacy claims on the rise, we asked our lawyers in France and the U.S. what you should bear in mind.
How real is the risk of class actions in data privacy?
Michelle Kisloff, U.S.: Class actions have long been … Continue Reading
On December 4, 2018, the New York Attorney General (NYAG) announced that Oath Inc., which was known until June 2017 as AOL Inc. (AOL), has agreed to pay a $4.95 million civil penalty to settle allegations that AOL’s ad exchange practices violated the Children’s Online Privacy Protection Act (COPPA). The $4.95 million penalty is the largest ever assessed by any … Continue Reading
An ever increasing variety of companies are incorporating machine learning into their products and services. Machine learning provides the ability to quickly and accurately perform, in parellel, a large number of well-defined tasks. The accuracy will improveover time as additional data is obtaied and the machine learning model continues to “learn”. Many companies, however, are struggling with the best way … Continue Reading
This is the seventh installment in Hogan Lovells’ series on the California Consumer Privacy Act.
The application of the California Consumer Protection Act of 2018 (“CCPA”) to employee data has been the subject of much debate since the first version of the bill was introduced on June 21, 2018 (just days prior to its enactment on June 28). Under a … Continue Reading
Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. Starting on January 1, 2020, manufacturers of regulated connected devices are required to equip such devices with “reasonable security features” designed to protect a connected device and any information it holds from “unauthorized access, destruction, … Continue Reading
On October 2, 2018, Hogan Lovells hosted the most recent instalment in its Internet of Things Webinar (IoT) Series. Two of our experienced litigation partners, Christine Gateau in Paris and Michelle Kisloff in Washington DC, discussed current regulatory actions and cutting-edge IoT litigation debates in the U.S. and Europe, as well as litigation risks to keep in mind when designing … Continue Reading
This is the sixth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences companies. Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical … Continue Reading
This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). At first glance, it is clear that the drafters of the … Continue Reading
This is the fourth installment in Hogan Lovells’ series on the California Consumer Privacy Act
This post discusses litigation exposure that businesses collecting personal information about California consumers should consider in the wake of the California Legislature’s passage of the California Consumer Privacy Act of 2018 (CCPA).
For several years, the plaintiffs’ bar increasingly has relied on statutes like the … Continue Reading
In stark contrast to the rapid development of e-commerce in China, it has taken nearly five years and no less than four drafts for China to finalise its first e-Commerce Law. The new law will enter into force on 1 January 2019.
This new law has a remarkably broad scope, encompassing many aspects of e-commerce, including, for example, e-payments, … Continue Reading
This is the third installment in Hogan Lovells’ series on the California Consumer Privacy Act.
What personal information do you have about California consumers and households?
The California Consumer Privacy Act of 2018 (“CCPA”) provides a series of new compliance obligations and operational challenges for companies doing business in California. A vital first step for any company subject to the … Continue Reading
This is the second installment in Hogan Lovells’ series on the California Consumer Privacy Act.
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. Legislative history can speak volumes about those word choices, and the unique legislative history of the California Consumer … Continue Reading
We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, 2018. Our experience to date has confirmed the compliance challenge ahead for organizations that engage with the residents of the world’s fifth-largest economy.
We will explore the ramifications for businesses of this seminal legislation … Continue Reading
On 4 September, the Legislative Decree no. 101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. The approach of the legislator was to maintain the structure of former Legislative Decree 196/2003 (the “Privacy Code”) which, however, has been extensively amended and … Continue Reading
We are pleased to invite you to the next webinar in our Internet of Things (IoT) series. As IoT technology and devices continue their rapid advancement, they will have a very real role in litigation. In this 60-minute webinar, we’ll help you prepare for the expected and the unexpected, focusing on risk assessment, rising issues, and key challenges, so you … Continue Reading
Please join us for our September 2018 Privacy and Cybersecurity Events.
In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR. A link to the video of his presentation can be found here and a detailed report of the presentation is available here.… Continue Reading
India’s Committee of Experts, under the chairmanship of Justice B.N. Srikrishna (the Srikrishna Committee), has submitted a draft Data Protection Bill (the Bill) for review by the Ministry of Electronics and Information Technology. The Srikrishna Committee tabled the Bill alongside a report entitled “A Free and Fair Digital Economy – Protecting Privacy, Empowering Indians” (the committee report).
India Charts its … Continue Reading
Over the past few years, there has been a surge in class actions challenging companies’ privacy and data security practices. But, while the number of class actions continues to grow, the suits face several significant challenges, have afforded limited relief to individual consumers, and have provided no coherent privacy standards in the US By comparison, the primary government regulator, the … Continue Reading
More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2.
Both the French Council of State in its annual report for 2014 as well as the National Digital Council (hereinafter, “CNNum”) in its “Digital Ambition” report voiced support for the creation of an action enabling consumers to collectively seek redress for violations of regulations protecting personal data.
However, their recommendations are different regarding the goal of this action.
After some … Continue Reading
Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU.
In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that … Continue Reading
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.
To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we analyse in our user guide.
The infrastructure phase
Here, the guide covers:
- Identify the entity that is