Archives: Global

Subscribe to Global RSS Feed

Time to Update Your Privacy Statement for GDPR

Although the EU General Data Protection Regulation comes into force in May 2018, European regulators are still producing guidance and member states are still adopting legislation to accommodate national differences. Put simply, it is unclear how to prepare for the GDPR in relation to some issues. For other issues, however, companies can confidently ac… Continue Reading

China Prohibits Unverified Internet Users to Post Online Comments

On August 25, 2017, the Cyberspace Administration of China (“CAC”) issued the Administrative Provisions for Services concerning Internet Comment Posting (the “Internet Comment Posting Provisions”) and the Administrative Provisions for Services concerning Internet Forums and Communities (the “Internet Forum and Community Services P… Continue Reading

Draft Cybersecurity Legislation Would Impose Substantial New Obligations on Vendors Selling Interconnected Devices to the U.S. Government

On Tuesday, August 1, 2017, a bipartisan group of four Senators from the Senate Cybersecurity Caucus introduced legislation designed to improve the cybersecurity of devices purchased by the U.S. government and – albeit indirectly – sold anywhere in the U.S. or the world.

The legislation – the “Internet of Things (IoT) Cybersecurity Improvemen… Continue Reading

How to Use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

How to use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

Ample bandwidth has been eaten by panicky commentary over the fines possible under the EU’s upcoming General Data Protection Regulation (GDPR). Sure, the GDPR arms EU data protection authorities with a hefty compliance stick. Yet the focus on exorbitant fines seems a bi… Continue Reading

The Chinese Government Issues Draft Cybersecurity Regulations to Protect Critical Information Infrastructure

On June 10, 2017, the Cyberspace Administration of China (the “CAC”) released the Draft Regulations on the Security Protection of Critical Information Infrastructure (the “Draft Regulations” 《关键信息基础设施安全保护条例(征求意见稿)》). The CAC is seeking public comments with a deadline of August 10, 201… Continue Reading

Data-Driven Marketing and the GDPR: the Data Brokers’ Conundrum

The digital marketing industry is powered by information about individuals (“personal data”) that pulses through a supply web. As this FTC infographic shows, some industries such as retail, energy, financial services, and health care, have direct relationships with those individuals. Other industries, such as data marketing, generally are at l… Continue Reading

Private Right of Action Under Canadian Anti-Spam Legislation Suspended Indefinitely

On June 7, 2017, the Canadian government announced that it is suspending indefinitely the private right of action provided for by Canada’s Anti-Spam Legislation (“CASL”), which sets forth the country’s regime of disclosures, consent, and unsubscribe requirements for commercial electronic messages and installation of computer programs, w… Continue Reading

GDPR matchup: The Health Insurance Portability and Accountability Act

This article first published in the IAPP’s Privacy Tracker blog.

In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your effo… Continue Reading

China’s Cybersecurity Regulators Issue Procedural Rules to Strengthen Enforcement Power

For the past several years, the Cyberspace Administration of China (the “CAC”) has risen to a very important status among the Chinese national government’s agencies. However, it lacks a specific procedural law to empower it with specific enforcement actions. Against this background, the CAC issued the Provisions on Administrative Law Enforcem… Continue Reading

What Does China’s New Cyberspace Sovereignty Mean, and is Your Company Ready?

On Nov. 7, 2016, the official and finalized version of the Cyberspace Security Law (the “CSL”) was approved by the Standing Committee of the National People’s Congress and signed off by Chinese President Xi Jinping. Under the CSL, the Chinese government has, for the first time, claimed sovereignty over cyberspace, asserting all the attendant righ… Continue Reading

Is Your Business Ready to Wield the Privacy Shield?

Beginning August 1, U.S.-based companies that self-certify their compliance with the EU-U.S. Privacy Shield will be able to import data under the new data transfer framework. But how can your company best prepare?

Companies in the United States may be excited that the EU-U.S. Privacy Shield – the new trans-Atlantic data transfer compact approved by th… Continue Reading

Breaking: EU Officially Approves Privacy Shield

U.S. companies will be able to import data from the EU under the streamlined data transfer regime starting August 1

Personal data transfers from the European Union are about to get easier for U.S. companies.

On July 12, 2016, the European Commission announced that it officially approved the EU-U.S. Privacy Shield, paving the way for the new trans-Atlantic … Continue Reading

EU Data Supervisor: Privacy Shield Needs “Robust Improvements”

The push for the European Union and the United States to reopen negotiations over the EU-U.S. Privacy Shield may have just become a shove, due to a recent opinion released by the European Data Protection Supervisor (EDPS) assessing the data protections offered and recommending a series of substantial changes to the new data transfer framework.

On May 30, t… Continue Reading

EU Parliament: EU, U.S. Must Improve Privacy Shield

On May 26, 2016, the European Parliament passed a resolution (2016/2727 (RSP)) calling on the European Commission (EC) to reopen negotiations with the United States to improve perceived “deficiencies” in the EU-U.S. Privacy Shield, the successor trans-Atlantic data transfer arrangement drafted by the U.S. and the EU after the Court of Justice of t… Continue Reading

EU Publishes Final Text of GDPR

Enforcement of Europe’s new data protection regime will begin May 25, 2018

On May 4, 2016, the final version of the European Union’s General Data Protection Regulation (“GDPR”) was published in the Official Journal of the EU. The GDPR, which will replace the EU’s current Data Protection Directive, will enter into force on May 25, 2016; however, … Continue Reading

Top Takeaways from IAPP

The world of privacy grows every day as more data goes through the cloud. The new trends and weekly data breaches make conferences like the Global Privacy Summit all the more relevant.

Earlier this month we went to IAPP’s annual event and networked with many professionals in the privacy sphere. Here were some of our key takeaways:

1. Connect with your FBI Continue Reading

Advisory Alert: Negotiators Announce “EU-U.S. Privacy Shield,” Replacing Safe Harbor for EU Data Transfers to the U.S.

The European Commission announced on February 2 that the European Union and the United States had resolved months of negotiations and approved the new EU-U.S. Privacy Shield, a replacement for the U.S.-EU Safe Harbor Framework, which thousands of American companies relied upon to receive personal data from European customers and suppliers but which … Continue Reading

Has Your Website’s EU Safe Harbor Expired?

FTC proposes twenty-year compliance program for two companies that have settled charges that they misrepresented that they are currently compliant with the US-EU Safe Harbor Framework.

Does your company rely on the US-EU Safe Harbor Framework in order to transfer personal consumer data about EU residents outside of Europe?  If so, you probably have a s… Continue Reading

Canada Issues First Penalties Under Anti-Spam Law

CRTC imposes over US$900,000 in fines against two companies, reminding U.S.- and foreign-based businesses about possible liability under Canada’s Anti-Spam Law

This month marks the issuance of the first two enforcement actions under Canada’s Anti-Spam Law (CASL) since provisions governing commercial electronic messages (CEMs), software dow… Continue Reading

LexBlog