Time 2 Minute Read

On December 22, 2020, New York Governor Andrew Cuomo signed into law legislation that temporarily bans the use or purchase of facial recognition and other biometric identifying technology in public and private schools until at least July 1, 2022. The legislation also directs the New York Commissioner of Education (the “Commissioner”) to conduct a study on whether this technology is appropriate for use in schools.

Time 4 Minute Read

On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement (the “Trade Agreement”). For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws. For the time being, personal data can continue to be exported from the EU to the UK without implementing additional safeguards.

Time 2 Minute Read

On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.

Time 3 Minute Read

On December 18, 2020, federal financial regulatory agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency (collectively, the “Agencies”) announced a proposed rule (the “Proposed Rule”) that would require “banking organizations” to notify their primary federal regulator within 36 hours following any “computer-security incident” that rises to the level of a “notification incident.” The Proposed Rule also would require service providers to notify at least two individuals at the banking organizations they service immediately after experiencing a computer-security incident that materially disrupts, degrades or impairs the services they provide.

Time 3 Minute Read

On December 21, 2020, the European Data Protection Board (the “EDPB”) released its 2021-2023 Strategy (the “Strategy”). The Strategy aims at setting out the four main pillars of the EDPB strategic objectives through 2023 and key actions to help achieve those objectives:

Time 2 Minute Read

On December 9, 2020, the Senate Committee on Commerce, Science and Transportation held a hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows. The hearing explored the policy issues that led to the Court of Justice of the European Union’s (“CJEU”) invalidation of the Privacy Shield framework in the Schrems II ruling. The hearing also discussed effects of the CJEU’s decision on U.S. businesses and what steps the U.S. government may take to develop a successor data transfer framework, including comprehensive federal privacy legislation.

Time 3 Minute Read

On December 17, 2020, the UK Information Commissioner’s Office (“ICO”) published its Data Sharing Code of Practice (the “Code”), in accordance with its obligation to do so under the Data Protection Act 2018 (the “DPA”).

Time 2 Minute Read

On December 14, 2020, the Federal Trade Commission announced that it had issued orders to nine social media and video streaming companies, requesting information on how the companies collect, use and present personal information, their advertising and user engagement practices and how their practices affect children and teens. The orders will assist the FTC in conducting a study of these policies, practices and procedures. The FTC issued the orders pursuant to Section 6(b) of the FTC Act, which allows the agency to undertake broad studies separate from its law enforcement activities.

Time 6 Minute Read

On December 15, 2020, the Irish Data Protection Commission (“DPC”) announced its fine of €450,000 against Twitter International Company (“Twitter”), following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the EU General Data Protection Regulation (“GDPR”) to date and is also its first against a U.S.-based organization.

Time 2 Minute Read

On December 10, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing decision on standard contractual clauses (“SCCs”) to be used for the transfer of personal data from a controller or processor subject to the EU General Data Protection Regulation (“GDPR”) (i.e., a data exporter) to a controller or (sub-)processor not subject to the GDPR (i.e., a data importer).

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page