Archives: Privacy & Data Security

Subscribe to Privacy & Data Security RSS Feed

Final Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021

By Benjamin Haley, Dan Cooper, Deon Govender, Ahmed Mokdad, Shivani Naidoo and Kgabo Mashalane on Posted in Cross-Border Data Transfers, Data Privacy, Internet of Things (IoT), Privacy & Data Security
In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate and the implementation of data protection legislation in South Africa.  Now, with less than a month to go before South Africa’s Protection of Personal Information Act, 2013 (“POPIA”) takes full … Continue Reading

IoT Update: The Road Ahead for Connected and Automated Vehicle Developments in Washington

By Jennifer Johnson, Rebecca Yergin and Nira Pandya on Posted in Autonomous Vehicles, Emerging Technologies, FCC, Innovation, Internet of Things (IoT), Political, Privacy & Data Security, Spectrum & Mobile
Connected and automated vehicle (“CAV”) developments in Washington are likely to pick up speed as 2021 rolls in. Indeed, a new presidential administration, new agency leadership, and a new Congress may drive new CAV regulation while also spurring innovation in an industry that many believe can enhance road safety, mobility, and accessibility. For instance, John Porcari, … Continue Reading

EDPB adopts recommendations on international data transfers following Schrems II decision

By Dan Cooper, Lisa Peets, Marty Hansen and Sam Jungyun Choi on Posted in Cross-Border Data Transfers, European Data Protection Board, General Data Protection Regulation, Privacy & Data Security
On 11 November 2020, the European Data Protection Board (“EDPB”) issued two draft recommendations relating to the rules on how organizations may lawfully transfer personal data from the EU to countries outside the EU (“third countries”).  These draft recommendations, which are non-final and open for public consultation until 30 November 2020, follow the EU Court … Continue Reading

FCC Announces Section 230 Rulemaking

By Matthew DelNero, Yaron Dori and Corey Walker on Posted in Emerging Technologies, FCC, Privacy & Data Security, Social Media, Telecommunications
FCC Chairman Pai announced today that the FCC will move forward with a rulemaking to clarify the meaning of Section 230 of the Communications Decency Act (CDA).  To date, Section 230 generally has been interpreted to mean that social media companies, ISPs, and other “online intermediaries” have not been subject to liability for their users’ … Continue Reading

FCC Reevaluating Certain TCPA Compliance Exemptions

By Rafael Reyneri on Posted in FCC, Privacy & Data Security, Robocalls, TCPA
Last week, the Federal Communications Commission (FCC) issued a notice of proposed rulemaking (NPRM) seeking comment on a proposal to review and potentially revise a number of existing exemptions that the FCC has adopted with respect to certain Telephone Consumer Protection Act (TCPA) requirements.  The FCC’s review could end up narrowing or eliminating some of these longstanding … Continue Reading

AI Update: EU High-Level Working Group Publishes Self Assessment for Trustworthy AI

By Alexandra Scott, Sam Jungyun Choi, Marty Hansen, Anna Oberschelp de Meneses, Lisa Peets, Lee Tiedrich, Lindsey Tonsager and Kristof Van Quathem on Posted in Artificial Intelligence (AI), Data, European Union, Privacy & Data Security
On July 17, 2020, the High-Level Expert Group on Artificial Intelligence set up by the European Commission (“AI HLEG”) published The Assessment List for Trustworthy Artificial Intelligence (“Assessment List”). The purpose of the Assessment List is to help companies identify the risks of AI systems they develop, deploy or procure, and implement appropriate measures to mitigate those … Continue Reading

U.S. AI, IoT, and CAV Legislative Update – Second Quarter 2020

By U.S. AI and IoT Legislative Tracking Team on Posted in Artificial Intelligence (AI), Autonomous Vehicles, COVID-19, Internet of Things (IoT), Privacy & Data Security
In this update, we detail the key legislative updates in the second quarter of 2020 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), cybersecurity as it relates to AI and IoT, and connected and automated vehicles (“CAVs”). The volume of legislation on these topics has slowed but not ceased, as lawmakers increasingly focus … Continue Reading

Lawful Access to Encrypted Data Act Introduced

By Trisha Anderson, Alexander Berengaut, Jim Garland and Chloe Goodwin on Posted in Big Data, Cybersecurity, Data, Internet of Things (IoT), Privacy & Data Security
Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data.  The bill would apply to law enforcement efforts to obtain data at rest as well as data … Continue Reading

French CNIL Publishes Paper on Algorithmic Discrimination

By Anna Oberschelp de Meneses and Kristof Van Quathem on Posted in Artificial Intelligence (AI), European Union, Privacy & Data Security
On June 2, 2020, the French Supervisory Authority (“CNIL”) published a paper on algorithmic discrimination prepared by the French independent administrative authority known as “Défenseur des droits”.  The paper is divided into two parts: the first part discusses how algorithms can lead to discriminatory outcomes, and the second part includes recommendations on how to identify … Continue Reading

IoT Update: COVID-19 Drives Forward Connected and Automated Vehicle Legislative and Regulatory Efforts

By Jennifer Johnson, Rebecca Yergin and Nira Pandya on Posted in Artificial Intelligence (AI), Autonomous Vehicles, COVID-19, Privacy & Data Security
The COVID-19 pandemic has created both speed bumps and accelerants for connected and automated vehicle (“CAV”) developments in the United States.  In our Quarterly Update earlier this month, we covered recent legislative and regulatory activity around CAVs, both specifically targeted efforts and those impacting AI and IoT technologies generally.  Although some CAV legislative efforts have … Continue Reading

IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

By Hannah Lepow and Jayne Ponder on Posted in Cybersecurity, Data, Internet of Things (IoT), Privacy & Data Security
On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these … Continue Reading

Centre for Data Ethics and Innovation publishes final report on “online targeting”

By Dan Cooper, Paul Maynard and Jonathan Benjamin on Posted in Centre for Data Ethics and Innovation, Data, Emerging Technologies, Ethics, Online Targeting, Privacy & Data Security, United Kingdom
On February 4, 2020, the United Kingdom’s Centre for Data Ethics and Innovation (“DEI”) published its final report on “online targeting” (the “Report”), examining practices used to monitor a person’s online behaviour and subsequently customize their experience. In October 2018, the UK government appointed the DEI, an expert committee that advises the UK government on … Continue Reading

U.S. AI and IoT Quarterly Legislative Update: Fourth Quarter 2019

By U.S. AI and IoT Legislative Tracking Team on Posted in Artificial Intelligence (AI), Autonomous Vehicles, Congress, Cybersecurity, Emerging Technologies, Internet of Things (IoT), Privacy & Data Security, Spectrum & Mobile
U.S. federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the fourth quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our fourth AI … Continue Reading

IoT Update: DOT Introduces Fourth Round of Automated Vehicles Guidance (AV 4.0)

By Jake Levine and Rebecca Yergin on Posted in Autonomous Vehicles, Innovation, Internet of Things (IoT), Privacy & Data Security, Spectrum & Mobile
This month, situated among foldable tablet computers and flying taxis, the U.S. Secretary of Transportation, Elaine Chao, unveiled at the Consumer Electronics Show (“CES”) the U.S. Department of Transportation’s (“DOT”) long-anticipated fourth round of automated vehicles guidance, “AV 4.0.”  Formally entitled, “Ensuring American Leadership in Automated Vehicle Technologies,” AV 4.0 is less regulatory guidance and more … Continue Reading

New E-Privacy Proposal on the Horizon?

By Lisa Peets, Paul Maynard and Sam Jungyun Choi on Posted in Data, European Union, Privacy & Data Security
On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November … Continue Reading

AI/IoT Update: UK’s Information Commissioner issues opinion on use of live facial recognition technology by police forces

By Sam Jungyun Choi on Posted in Emerging Technologies, Privacy & Data Security, United Kingdom
On October 31, 2019, Elizabeth Denham, the UK’s Information Commissioner issued an Opinion and an accompanying blog urging police forces to slow down adoption of live facial recognition technology and take steps to justify its use.  The Commissioner calls on the UK government to introduce a statutory binding code of practice on the use of … Continue Reading

IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices

By Micaela McMurrough on Posted in Internet of Things (IoT), Privacy & Data Security
Earlier this month the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products, for public comment. NIST will accept public comments on the report through November 1, 2019.… Continue Reading

AI and IoT Legislative Developments: Third Quarter 2019

By U.S. AI and IoT Legislative Tracking Team on Posted in Artificial Intelligence (AI), Autonomous Vehicles, Congress, Cybersecurity, Internet of Things (IoT), Privacy & Data Security
Federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the third quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our third AI & … Continue Reading

European Parliament Publishes Study on Blockchain and the GDPR

By Dan Cooper and Gemma Nash on Posted in European Union, General Data Protection Regulation, Privacy & Data Security
On July 24, 2019, the European Parliament published a study entitled “Blockchain and the General Data Protection Regulation: Can distributed ledgers be squared with European data protection law?”  The study explores the tension between blockchain technology and compliance with the General Data Protection Regulation (the “GDPR”), the EU’s data protection law.  The study also explores how blockchain … Continue Reading

CJEU rules that Facebook and website operators are joint controllers if the website embeds Facebook’s “Like” button

By Dan Cooper, Sam Jungyun Choi and Anna Oberschelp de Meneses on Posted in Data, European Union, General Data Protection Regulation, Privacy & Data Security, Social Media
On July 29, 2019, the Court of Justice of the European Union (“CJEU”) handed down its judgment in the Fashion ID case (Case C-40/17).   The CJEU found that when a website operator embeds Facebook’s “Like” button on its website, Facebook and the website operator become joint controllers. The case clarifies the relationship between website operators … Continue Reading

ICO Launches Public Consultation on New Data Sharing Code of Practice

By Dan Cooper, Sam Jungyun Choi and Nicholas Shepherd on Posted in Data, General Data Protection Regulation, Privacy & Data Security, United Kingdom
On July 16, 2019, the UK’s Information Commissioner’s Office (“ICO”) released a new draft Data sharing code of practice (“draft Code”), which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws.  The draft Code focuses on the sharing of personal data between controllers, with a section referring … Continue Reading

AI and IoT Legislative Update: Second Quarter 2019

By U.S. AI and IoT Legislative Tracking Team on Posted in Artificial Intelligence (AI), Autonomous Vehicles, Internet of Things (IoT), Privacy & Data Security
Federal and state policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the second quarter of 2019, including by introducing both substantive measures that would regulate the use of the technology and by supporting funding bills aimed at increasing investment. In our second AI & IoT Quarterly Legislative Update, … Continue Reading

AI and IoT Legislative Developments: First Quarter 2019

By U.S. AI and IoT Legislative Tracking Team on Posted in Artificial Intelligence (AI), Autonomous Vehicles, Internet of Things (IoT), Privacy & Data Security
Federal and state policymakers introduced a range of new measures on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the first quarter of 2019. In our initial AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, … Continue Reading

IoT Update: EU Commission Issues Recommendation on Cybersecurity in the Energy Sector

By Mark Young on Posted in Data, Emerging Technologies, Internet of Things (IoT), Privacy & Data Security
The European Commission (“Commission”) has published a Recommendation on cybersecurity in the energy sector (“Recommendation”). The Recommendation builds on recent EU legislation in this area, including the NIS Directive and EU Cybersecurity Act (see our posts here and here). It sets out guidance to achieve a higher level of cybersecurity taking into account specific characteristics … Continue Reading
LexBlog