Category Archives: Privacy and Security Litigation

Posted on November 26th, 2019 By Eduardo Ustaran Posted in Policy & Regulation, Privacy and Security Litigation

Hogan Lovells calls for an alternative approach to regulating privacy in the digital economy

LONDON, 25 November 2019 – Hogan Lovells has published a study evaluating the ongoing legislative proposal for a new ePrivacy Regulation, a law aimed at updating the current ePrivacy framework in the EU. After nearly three years of debates and negotiations, the European Union is nowhere near agreeing a position on how to achieve the right balance between the need for technological innovation, public security and the protection of privacy in the context of the digital economy. According to Hogan Lovells, this is due to the structure and legislative approach of the

Posted on November 4th, 2019 By Hogan Lovells Tech and Telecoms Posted in Cybersecurity, Data Protection & Privacy, Privacy and Security Litigation

Privacy and Cybersecurity November 2019 Events

Please join us for our November 2019 events. November 5 Your Body as Data Mark Brennan will speak on the panel, “Your Body as Data: Facial Recognition, Biometrics, and the Future of Privacy,” at the Columbus School of Law at The Catholic University of America. Location: Washington, D.C. November 5 2019 Data Protection Leadership Forum Eduardo Ustaran will speak during the session, “International Issues,” and will participate in a Q&A Session at the 2019 Data Protection Leadership Forum hosted by Arthur Cox. Location: Dublin November 20 IAPP Europe Data Protection Congress Eduardo

Posted on July 19th, 2019 By Paul Otto, Allison Holt-Ryan and Nathan Salminen Posted in Cybersecurity, Internet, Privacy and Security Litigation

IoT Webinar Series: Cyberthreats in the Internet of Things

On July 16, 2019, Nathan Salminen, Allison Holt, and Paul Otto from the Hogan Lovells Privacy and Cybersecurity and Litigation teams presented a webinar, “Cyberthreats in the Internet of Things” where they explored some techniques that can be used to exploit potential vulnerabilities in connected devices and how those types of events impact organizations from a regulatory and litigation perspective. Many of the nearly 20 billion Internet of Things (IoT) devices deployed worldwide perform critical functions or have access to networks that process highly sensitive information. The proliferation of connected

Posted on July 19th, 2019 By Mark Brennan, Adam Cooke, Alicia Paller and Joseph J. Cavanaugh Posted in Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation, Telecoms & Broadband

Ill-Suited: Private Rights of Action and Privacy Claims

“For years, the plaintiffs’ bar has conjured multibillion-dollar class action lawsuits out of largely intangible privacy harms. This wave of litigation is increasingly driven by federal and state statutes that include private rights of action and allow for excessive statutory damages. Given the willingness of some courts to let cases proceed despite a lack of allegations or evidence of concrete harm, this litigation trend shows no sign of abating.” The U.S. Chamber of Commerce Institute for Legal Reform has published “Ill-Suited: Private Rights of Action and Privacy Claims,” a white

Posted on April 8th, 2019 By Hogan Lovells Tech and Telecoms Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019

What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019? 2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the promulgation of an important GDPR-inspired national standard in China and the tabling of a draft data protection law in India that shares the same lineage. Rising public awareness of data

Posted on April 2nd, 2019 By Hogan Lovells Tech and Telecoms Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation, Technology

Privacy and Cybersecurity April 2019 Events

Please join us for our April events. April 2 Trust in data, no longer a luxury? Nicola Fulford and James Denvil will speak at the workshop,” Trust in data, no longer a luxury – Privacy, security, and consumer trust for 21st century,” at the Luxury Law London Summit. They will discuss some of the challenges of succeeding in a data-driven market that is undergoing global regulatory upheavals. Location: London April 4 Global TEC Forum Mark Brennan will speak on the panel, “California Breaks New Privacy Ground (Again): The California Consumer Privacy

Posted on March 26th, 2019 By Eduardo Ustaran Posted in Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

EDPB Joins the Dots of ePrivacy and GDPR

On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation (“GDPR”). The Belgian Data Protection Authority had, on 3 December 2018, requested that the EDPB examine the overlap between the two laws and in particular the competence, tasks, and powers of data protection authorities (“DPAs”). The EDPB adopted its Opinion in response to this request and in order to promote the consistent interpretation of the boundaries of

Posted on March 22nd, 2019 By Joke Bodewits Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

Dutch Data Protection Authority Sets GDPR Fines Structure

On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act). The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 million or 2% of global revenue and the higher of €20 million or 4% of global revenue. At both levels, the GDPR sets maximums for administrative fines and calls on

Posted on March 13th, 2019 By Joke Bodewits Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

Dutch Data Protection Authority States Cookie Walls Violate GDPR

On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website until he or she consents to the placing of tracking cookies or similar technologies. Under current Dutch cookie law, functional and analytical cookies can be used without consent. Tracking cookies like those used for advertising may only be used if a visitor has given consent. According to the Dutch DPA, the

Posted on March 13th, 2019 By Valerie Kenyon Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation, Technology

A global approach to IoT cybersecurity?

The European Telecommunications Standards Institute (ETSI) has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by Design report published by the Government in March 2018 and after consultation with industry, consumer associations, and academics. The UK Code is voluntary but the UK Government was keen to work

Posted on February 25th, 2019 By Dr. Christian Tinnefeld and Dr. Henrik Hanssen Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

GDPR Enforcement Update: Increasing Fines Expected from German DPAs | HL Chronicle of Data Protection

Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. Now that the dust of the immediate GDPR compliance rush is settling, the first details of fines imposed under the GDPR and the number of cases pending with Data Protection Authorities (DPAs) in Europe are being made public. In Germany, DPAs are investigating a broad range of non-compliance issues and showing a tendency toward increasing their enforcement activities, to the point that we expect an announcement of