Posts from February 2019.
Time 3 Minute Read

On February 25, 2019, the European Data Protection Board (the “EDPB”) issued a statement regarding the transfer of personal data from Europe to the U.S. Internal Revenue Service (the “IRS”) for purposes of the U.S. Foreign Account Tax Compliance Act (“FATCA”).

Enacted in 2010, FATCA requires that foreign financial institutions report information about financial accounts and assets held by their U.S. account holders to the IRS. Such institutions are required to register directly with the IRS to comply with FATCA or comply with intergovernmental agreements signed between the foreign country and the U.S. government. FATCA was designed to combat tax evasion by U.S. persons holding accounts and other financial assets offshore.

Time 1 Minute Read

On February 27, 2019, the Federal Trade Commission announced a record $5.7 million civil penalty against popular video creation and sharing app Musical.ly (now known as TikTok) for violations of U.S. children’s privacy rules. According to the FTC’s complaint, Musical.ly is designed to appeal to young children (among others), and the company was aware that a significant percentage of Musical.ly users were children under the age of 13. The FTC also alleged that Musical.ly gained actual knowledge of underage use from parents who unsuccessfully sought to have their children’s ...

Time 3 Minute Read

On February 22, 2019, California state senator Hannah Beth-Jackson introduced a bill (SB-561) that would amend the California Consumer Privacy Act of 2018 (“CCPA”) to expand the Act’s private right of action and remove the 30-day cure period requirement for enforcement actions brought by the State Attorney General. The bill would not change the compliance deadline for the CCPA, which remains January 1, 2020. California Attorney General Xavier Becerra supports the amendment bill, characterizing it as “a critical measure to strengthen and clarify the CCPA.”

Time 3 Minute Read

The Belgian Data Protection Authority (the “Belgian DPA”) recently published the updated list of the types of processing activities which require a data protection impact assessment (“DPIA”). Article 35.4 of the EU General Data Protection Regulation (“GDPR”) obligates supervisory authorities (“SAs”) to establish a list of the processing operations that require a DPIA and transmit it to the European Data Protection Board (the “EDPB”).

Time 2 Minute Read

On February 20, 2019, the French data protection authority (the “CNIL”) published a set of questions and answers (“FAQs”) indicating the CNIL’s recommendations, and steps that organizations should take, to prepare for a no-deal Brexit. The CNIL’s FAQs build upon guidance the European Data Protection Board (“EDPB”) provided in its Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit.

Time 3 Minute Read

On February 12, 2019, the European Data Protection Board (the “EDPB”) released its work program for 2019 and 2020 (the “Work Program”). Following the EDPB’s endorsement of the Article 29 Working Party guidelines and continued guidance relating to new EU General Data Protection Regulation (“GDPR”) concepts, the EDPB plans to shift its focus to more specialized areas and technologies.

Time 3 Minute Read

At its plenary meeting on February 13, 2019, in Brussels, the European Data Protection Board (“EDPB”) adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit, and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.

Time 2 Minute Read

On February 12, 2019, the Federal Trade Commission announced the completion of the first regulatory review of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”) Rule (the “CAN-SPAM Rule” or “Rule”). By a vote of 5-0, the FTC voted to retain the CAN-SPAM rule with no modifications.

Time 1 Minute Read

On February 27, 2019, the U.S. Senate Committee on Commerce, Science and Transportation will hold a hearing titled “Privacy Principles for a Federal Data Privacy Framework in the United States.” The hearing will focus on potential Congressional action to “address risks to consumers and implement data privacy protections for all Americans.” Committee Chairman Sen. Roger Wicker described the hearing as an opportunity to “help set the stage for meaningful bipartisan legislation.”

Time 2 Minute Read

As we previously reported, the California Consumer Privacy Act of 2018 (“CCPA”) delays the California Attorney General’s enforcement of the CCPA until six months after publication of the Attorney General’s implementing regulations, or July 1, 2020, whichever comes first. The California Department of Justice anticipates publishing a Notice of Proposed Regulatory Action concerning the CCPA in Fall 2019.

Time 1 Minute Read

The European Commission has issued an EU-wide recall of the Safe-KID-One children’s smartwatch marketed by ENOX Group over concerns that the device leaves data such as location history, phone and serial numbers vulnerable to hacking and alteration. The watch is equipped with GPS, a microphone and speaker, and has a companion app that grants parents oversight of the child wearer. According to a February 1, 2019 alert posted on the EU's recall and notification index for nonfood products, flaws in the product could permit malicious users to send commands to any Safe-KID-One watch ...

Time 4 Minute Read

On January 23, 2019, the European Data Protection Board (“EDPB”) released an opinion on the interplay between the European Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”) (the “Opinion”). The Opinion was requested by the European Commission Directorate-General for Health and Food Safety (“DG SANTE”).

Time 1 Minute Read

As reported on the Hunton Retail Law Resource blog, on January 17, 2019, Hunton Andrews Kurth’s retail industry team, composed of more than 200 lawyers across practices, released their annual Retail Industry Year in Review publication.

Time 2 Minute Read

On January 30, 2019, the UK Information Commissioner’s Office (“ICO”) released a discussion paper on the upcoming beta phase of its regulatory sandbox initiative (the “Discussion Paper”). The ICO had launched a call for views on creating a regulatory sandbox in September 2018, and the feedback received facilitated developing systems and processes necessary to launch the beta phase.

Time 1 Minute Read

On January 25, 2019, the European Commission (the “Commission”) issued an infographic on compliance with and enforcement and awareness of the EU General Data Protection Regulation (“GDPR”) since the GDPR took force on May 25, 2018. The infographic revealed that:

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page