Select Page

Author: Hogan Lovells International LLP

UK to Align Itself with the GDPR Despite Brexit

“A new law will ensure that the United Kingdom retains its world-class regime protecting personal data”.  This is today’s strong statement by Her Majesty The Queen reflecting the level of priority given by the UK government to privacy and data protection.  Aside from the political controversies surrounding the recent general Election and the prospect of Brexit, the Queen has confirmed that during this Parliament the government intends to pass a new Data Protection Act replacing the existing one. The stated aim of the new law is to make the UK’s data protection framework suitable for the digital age, allowing...

Read More

Malware Capable of Shutting Down Electric Grids Confirmed

Malware was recently identified that appears to have been designed and deployed by a nation-state to target and shut down electric grids. According to published reports, this malware currently appears to be capable of attacking the European grids, and parts of the Middle East and Asia grids, by targeting the specific industrial control system (ICS) network protocols used to operate those grids. With small modifications, the malware reportedly also appears to be capable of attacking the North American power grid, as well as other industries that use ICS networks (e.g., oil, gas, water, data) around the globe. The malware,...

Read More

Court Stops Pokémon GO Litigation

In May, a Florida state court dismissed a plaintiff’s claim that the terms of service for popular mobile game Pokémon GO violated Florida’s Deceptive and Unfair Trade Practices Act (FDUTPA).  The case illustrates how establishing injury continues to be a key hurdle for plaintiffs in litigation involving online services, and shows that a well-framed choice of law provision can help protect providers of online services. The plaintiff sought injunctive and declaratory relief against Niantic, Inc., the game’s developer, on grounds that the terms of service allegedly created an illusory contract, permitting Niantic to unilaterally and materially change the terms at...

Read More

Federal Financial Institutions Examination Council Releases Updated Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council (FFIEC) recently released an updated version of its Cybersecurity Assessment Tool (CAT), which, according to FFIEC, is designed to help the financial institutions voluntarily using the tool to “identify their cyber risks and determine their cybersecurity preparedness.” We explore the changes to the CAT in this post. The CAT was developed by FFIEC members to provide a “repeatable and measurable process for financial institutions to measure their cybersecurity preparedness.” Although use of the CAT is voluntary and organizations may select other frameworks or methods for identifying inherent risk and assessing cybersecurity posture, the...

Read More

EU ePrivacy Regulation Proposal Falls Short of Parliament’s Expectations

The European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs commissioned a study to assess the European Commission’s draft e-Privacy Regulation, which was published in January 2017.  The e-Privacy Regulation aims to harmonise privacy rules across the EU in the area of electronic communications, but the study has found that the draft e-Privacy Regulation does not as far as the GDPR in some respects. This contrasts with many other views expressed publicly, which regarded the Commission’s draft as a tightening of the GDPR regime.  A central theme of the study, which was carried out by academics of the...

Read More

GAO Report Highlights Security, Privacy, and Governance Challenges of the Internet of Things

Earlier this month, the Government Accountability Office (GAO) released a technology assessment of the Internet of Things (IoT) for Congressional members of the IoT Caucus. The GAO report offers an introduction to IoT; reviews the many uses and their associated benefits that connected devices may bring to consumers, industry, and the public sector; and highlights the potential implications of the use of IoT, including information security challenges, privacy challenges, and government oversight. The report also identifies areas of apparent consensus among experts regarding the challenges posed by IoT, though the appropriate responses are disputed. Accordingly, the report may act...

Read More

Privacy and Cybersecurity June 2017 Events

Please join us for our June 2017 Privacy and Cybersecurity Events. June 7 FTC and State Consumer Protection Enforcement Bret Cohen will present a webinar on “Consumer protection enforcement is #trending: How to avoid FTC and state investigations, and what to do when you get the knock on the door.” Recent developments and enforcement trends in data privacy and security, advertising and endorsements, and claim substantiation in practice before the FTC and state authorities will be discussed. Location: To register, click here.   June 7 Cyber Breach Response for In-House Counsel Harriet Pearson, Tom Connally, and Jon Talotta will...

Read More

FCC Privacy Rules Break New Ground

The Federal Communication Commission’s (FCC) long-awaited – and much debated – privacy rules for Internet Service Providers (ISPs) have now been adopted.  The agency approved the rules by a 3-2 vote along political party lines last Thursday. Several of the FCC requirements are particularly notable for being more restrictive than the Federal Trade Commission’s (FTC) standards for consumer online privacy.  In this post we provide an overview of some of the new FCC rules and highlight key areas where the FCC’s requirements diverge from the FTC’s framework. Requirements for ISPs Although the full text of the FCC’s decision has not yet been released, an agency fact sheet provides details on some of the key requirements: Transparency.  The rules require that ISPs, whether they offer mobile broadband or fixed broadband services, to: (1) notify customers about what types of information the ISP collects about customers; (2) specify how and for what purposes the ISP uses and shares this information; and (3) identify the types of entities with which the ISP shares this information. Consumer Choice.  ISPs must obtain opt-in consent to use and share “sensitive information” such as precise geolocation information, web browsing history, app usage history, the content of communications, and health information.  ISPs must also provide consumers an ability to opt out of the use and sharing of non-sensitive information.  Certain exceptions to these consent standards are provided,...

Read More
  • 1
  • 2