Privacy & Information Security Law Blog

On December 17, 2020, the UK Information Commissioner’s Office (“ICO”) published its Data Sharing Code of Practice (the “Code”), in accordance with its obligation to do so under the Data Protection Act 2018 (the “DPA”).

On December 14, 2020, the Federal Trade Commission announced that it had issued orders to nine social media and video streaming companies, requesting information on how the companies collect, use and present personal information, their advertising and user engagement practices and how their practices affect children and teens. The orders will assist the FTC in conducting a study of these policies, practices and procedures. The FTC issued the orders pursuant to Section 6(b) of the FTC Act, which allows the agency to undertake broad studies separate from its law enforcement activities.

On December 15, 2020, the Irish Data Protection Commission (“DPC”) announced its fine of €450,000 against Twitter International Company (“Twitter”), following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the EU General Data Protection Regulation (“GDPR”) to date and is also its first against a U.S.-based organization.

On December 10, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing decision on standard contractual clauses (“SCCs”) to be used for the transfer of personal data from a controller or processor subject to the EU General Data Protection Regulation (“GDPR”) (i.e., a data exporter) to a controller or (sub-)processor not subject to the GDPR (i.e., a data importer).

Hunton attorneys Dora Luo and Yanchen Wang recently published a new Guidance Note for OneTrust DataGuidance on China’s data protection laws.

On December 10, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing decision on standard contractual clauses (“SCCs”) between controllers and processors for purposes of Article 28 of the EU General Data Protection Regulation (the “GDPR”). Article 28 of the GDPR sets out specific provisions that must be executed between data controllers and processors when personal data is shared.

Hunton Andrews Kurth is pleased to announce the release of Sweet & Maxwell’s fifth edition of Data Protection Law and Practice, written by Rosemary Jay, Hunton Andrews Kurth’s senior consultant attorney. This edition has been re-written to provide a thorough review of the current state of data protection law in the UK, along with details of relevant background context.

On December 10, 2020, the French Data Protection Authority (the “CNIL”) announced that it has levied fines of €60 million on Google LLC and €40 million on Google Ireland Limited under the French cookie rules for their alleged failure to (1) obtain the consent of users of the French version of Google's search engine (google.fr) before setting advertising cookies on their devices; (2) provide users with adequate information about the use of cookies; and (3) implement a fully effective opt-out mechanism to enable users to refuse cookies. On the same date, the CNIL announced that it has levied a fine of €35 million on Amazon Europe Core under the same rules for its alleged failure to (1) obtain the consent of users of the amazon.fr site before setting advertising cookies on their devices; and (2) provide adequate information about the use of cookies.

On December 10, 2020, the California Attorney General (“AG”) issued a fourth set of proposed modifications to the regulations implementing the California Consumer Privacy Act of 2018 (“CCPA”). This set of modifications builds upon the third draft set previously issued on October 12, 2020, which had not been finalized. Specifically, the modifications would revise portions of the regulations relating to the notice of right to opt-out.

According to the AG’s website, the fourth set of modified draft regulations are subject to another public comment period. The ...

On December 2, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the UK Department for Digital, Culture, Media and Sport’s (“DCMS”) UK National Data Strategy  (“NDS”) consultation.