The Washington Privacy Act (WPA) gained significant traction in the legislature in 2019, passing the state Senate almost unanimously, but ultimately failing in the state House of Representatives due to discussions around facial recognition and compliance challenges. State Senator Reuven Carlyle has now released a revised draft of the WPA for 2020. If enacted as drafted, this new version of the WPA would come into effect on 31 July 2021.
In recent months, the Personal Information Protection Commission (PPC) has been proactive in publicising cases of data breaches that have had a significant social impact, together with the names of the companies, even when the PPC did not exercise its supervisory authority over the companies in question. Whether this trend will continue should be carefully monitored.
The Cyberspace Administration of China recently published the Administration Measures for Releasing Cybersecurity Threat Information (Draft for Comments) to solicit public opinions. According to the draft measures, the publication of cybersecurity threat information must be reported to regulators in a number of specific circumstances.
Cybersecurity is being taken increasingly seriously in Switzerland – both by the federal government and medium and large businesses. With the Federal Data Protection Act set to be revised in 2020 and additional measures in this space expected, companies are likely to continue investing significant resources into combating cyber risks in 2020 and beyond. This video discusses some of the key issues that have been affecting the Swiss cybersecurity space in 2019 and what to expect in 2020.
The Information Commissioner's Office recently published its draft Code of Practice on Direct Marketing. Covering traditional e-marketing but also newer tools increasingly relevant to marketers such as social media and adtech, the code is essential reading for those engaging in direct marketing activities in the United Kingdom. It includes important clarifications and updates to previous guidance, particularly in relation to in-app marketing messages, refer-a-friend schemes and marketing via social network platforms.
The Chinese government has been cracking down on the unreasonable collection of personal data, introducing a number of new guidelines to ensure compliance in this regard. On the horizon in 2020 is the potential finalisation of the cross-border transfer rules, which – in their current form – impose stringent requirements on affected companies. This video looks at China's recent approach to cybersecurity and what companies should do to ensure compliance.
On 1 January 2020 the Swiss Financial Market Supervisory Authority implemented various revised rules primarily targeting small banks (the so-called 'small banks regime'). Among other aspects, this will result in a relaxation of IT outsourcing requirements for financial institutions. The amendments are positive and a step in the right direction, as they will allow financial institutions to enjoy more leeway to benefit from IT outsourcing services.
A shift in Guernsey's corporate and individual attitude towards the misuse of data is now central to the Office of the Data Protection Authority's (ODPA's) future approach to governance and enforcement in Guernsey. This article rounds up the key issues which the ODPA has communicated and which will dictate its approach, including changes in workplace culture and the delayed introduction of the self-funded charging system.
The Ministry of Education recently published the Administrative Measures for the Filing of Educational Apps. The administrative measures require providers of educational apps and institutional users of educational apps to go through filing procedures and indicate that the ministry is tightening controls on educational apps in China.
The European Data Protection Board (EDPB) recently adopted its final guidelines on the territorial scope of the EU General Data Protection Regulation (GDPR). In principle, the EDPB's guidelines are not binding for companies. Nevertheless, they play an important role in the interpretation of the GDPR by the courts and data protection authorities.
The Administrative Provisions on Online Audiovisual Information Services, which were jointly issued by the Cyberspace Administration of China and two other departments in November 2019, recently came into effect. The provisions set out requirements for the creation, distribution and transmission of audio videos based on new technologies and applications such as deep learning and virtual reality.
The Influencer Marketing Hub recently published The State of Influencer Marketing 2019: Benchmark Report, which showed that influencer marketing has grown exponentially in the past few years. According to the report, the market for influencer marketing was worth $4.6 billion in 2018 and this is projected to increase to $6.5 billion by the end of 2019. Until recently, influencers were unclassifiable under the law and therefore unregulated; however, their social media activity is now considered subject to regulation.
The Shanghai Cyberspace Administration recently released the 2019 Network Security Incident Contingency Plan. According to the contingency plan, network security incidents in Shanghai are classified as Grade I, Grade II, Grade III and Grade IV. If a network security incident occurs, the relevant entity must report it to the competent authority verbally within half an hour and in writing within one hour.
While many countries have introduced far-reaching obligations to report cyber incidents, Switzerland has not yet followed this lead. However, the Federal Council recently adopted a report which considers key issues with regard to the introduction of a general reporting obligation for operators of critical infrastructure. The report also discusses possible implementation models.
With the adoption of the EU General Data Protection Regulation, the EU legislature intended to strengthen the rights of individuals (ie, data subjects or applicants) by giving them greater control over how their personal data is used. Applicants must be informed of the processing of their personal data and be able to verify whether such processing is lawful. Accessing documents is not necessary to achieve that goal. This view is supported by two recent Austrian decisions.
The Standing Committee of the National People's Congress recently approved the Cryptography Law. Under the law, cryptography is divided into core cryptography, ordinary cryptography and commercial cryptography. If a commercial cryptography product concerns state security, the national economy, people's livelihoods or social public interests, it will be included in the catalogue of critical network equipment and dedicated cybersecurity products under the law.
The Federal Council recently adopted a dispatch message to improve the legal framework governing distributed ledger technologies (DLT) in Switzerland. The Federal Council's objective is to increase legal certainty, remove obstacles to DLT-based applications and limit the risk of abuse. The Swiss parliament will examine the dispatch message in early 2020.
Keywords play an important role in e-marketing. After typing a specific product name, company name or brand in a search engine, potential customers and users may view specific offers and data, including ads. Further, the list of offers may represent certain keywords selected by an advertiser. Unsurprisingly, the selection and reproduction of designations as keywords can trigger various trademark use concerns that inevitably lead to enforcement issues.
The App Governance Panel recently published a new draft of the Information Security Technology – Basic Specification for Collecting Personal Information in Mobile Internet Applications. Among other things, the new draft sets out requirements for apps that contain third-party codes or plug-ins which can collect personal data and revises the list of 'necessary' personal data for a variety of apps.
A new state-owned company has been established to provide free internet services to all citizens in Mexico. The company aims to provide telecoms services without charge and guarantee the right of access to information technologies and communication (including internet and broadband), particularly to people without access to such services in Mexico.