Latest updates

PBC further enhances its management of security measures for credit information
AnJie Law Firm
  • China
  • June 05 2018

The People's Bank of China (PBC) recently released its Circular on Further Intensifying the Management of Credit Information Security. According to the circular, the PBC will intensify its management of credit information security by, among other things, practically raising awareness around the management of such information and strengthening information subjects' responsibilities in this regard. It will also optimise operational and control procedures for credit-related businesses.

MIIT continues campaign to clear and regulate internet access service market
AnJie Law Firm
  • China
  • May 29 2018

The Ministry of Industry and Information Technology (MIIT) recently released its Notice to Further Clear and Regulate the Internet Access Service Market. According to the notice, the campaign to clear and regulate the internet access service market has been extended to March 31 2019 in order to solidify the accomplishments achieved and investigate the issues found thus far pursuant to the notice of the same name issued by the MIIT in January 2017.

FTC warns foreign companies: hands off US kids' geolocation data
Hunton Andrews Kurth LLP
  • USA
  • May 22 2018

The Federal Trade Commission has sent warning letters to two foreign companies that market wearable technology for children that collects geolocation data, allowing parents to monitor and communicate with their children. The letters warned the companies to review compliance with the Children's Online Privacy Protection Act, which requires parental notice and consent before collecting, using or sharing personal information from a child under 13 years old.

New measures introduced to regulate scientific data sharing and management
AnJie Law Firm
  • China
  • May 15 2018

The General Office of the State Council recently issued the Measures for the Management of Scientific Data, which aim to improve and standardise the management of scientific data, safeguard scientific data security and encourage transparency and the sharing of scientific data. This is the first time that China has released measures which regulate scientific data at the national level. However, compared with some European countries and the United States, China still has far to go in this regard.

Privacy-related representations in M&A agreements
Schoenherr Attorneys at Law
  • Austria
  • May 15 2018

Companies regularly store information about their customers, clients, employees, investors, partners and vendors. Privacy and data security are therefore important aspects of most M&A transactions. Although the risk of non-compliance with privacy laws may result in severe negative consequences, many M&A agreements still lack adequate privacy-related representations and warranties.

Key issues when contracting for cloud services
Hunton & Williams LLP
  • USA
  • May 01 2018

Retailers are increasingly deploying cloud services solutions to realise cost savings, gain efficiency and enable scalability across numerous functions. However, while the benefits and popularity of cloud services are clear, cloud solutions are not without risks and challenges. In addition to the normal risks inherent in licensing and using technology, there are a number of issues that retailers should keep in mind when contracting for cloud services solutions.

CCS guidance to suppliers on GDPR
DAC Beachcroft
  • United Kingdom
  • May 01 2018

The Crown Commercial Service (CCS) has issued a guide to CCS suppliers about the actions which they must take in light of the implementation of the General Data Protection Regulation (GDPR). Under the GDPR, data processors will face direct legal obligations and can be fined by the Information Commissioner's Office for non-compliance. In addition, data processors will face claims for compensation if they fail to comply with their obligations.

Compliance challenges facing internet undertakings
AnJie Law Firm
  • China
  • April 24 2018

Following a media report that certain mobile phone application software was infringing user privacy, the Ministry of Industry and Information Technology organised talks with three internet companies. The ministry pointed out that the companies had collected and used users' personal information without fully disclosing the purpose of its use. The companies must now conduct rectifications to fully protect users' rights to be informed.

Revised domain name rules grant further powers to registries and anti-cybercrime services
Walder Wyss
  • Switzerland
  • April 24 2018

A revised version of the federal Ordinance on Internet Domains recently entered into force. It gives the responsible registries the possibility of temporarily blocking the top-level domain names '.ch' and '.swiss' where they are being used for phishing or malware activities. In addition, anti-cybercrime services can request that registries block the domain names. However, these services require prior recognition from the Swiss Federal Office of Communications.

Proposals to alter national Data Protection Act
Schoenherr Attorneys at Law
  • Austria
  • April 24 2018

Members of Parliament recently filed an application to amend the Data Protection Act 2018 in order to clarify certain aspects which have led to confusion over the past couple of months. In addition to several provisions relating to competence, the proposed act, among other things, contains a rephrased version of the fundamental right to data protection, introduces the mandatory appointment of data protection officers and suggests enabling the matching of images with explicit consent.

Despite growing value of bitcoin, retailers and merchants take cautious approach
Hunton & Williams LLP
  • USA
  • April 03 2018

Bitcoin has received considerable media attention in recent months as its value soared to $20,000 in December 2017, then retreated to around $9,000 in February 2018. While some investors embrace bitcoin, many members of the general public struggle to understand it. Despite the interest in cryptocurrency by investors, very few retailers and merchants accept cryptocurrency as a form of payment. Retailers and merchants appear to be taking a cautious approach.

Compensation claims under GDPR – an overview of the brewing storm
DAC Beachcroft
  • United Kingdom
  • March 06 2018

The EU General Data Protection Regulation and the incoming Data Protection Bill (UK) will introduce a range of new liabilities into the data protection landscape. Data controllers have been warned of a corresponding increase in data protection claims under the new regulatory regime for some time. These warnings have largely focused on the level of fines and new data breach response requirements. However, the brewing perfect storm surrounding compensation claims should also be firmly on solicitors' radars.

Major changes to privacy laws: implications for New Zealand businesses
  • New Zealand
  • March 06 2018

The EU General Data Protection Regulation (GDPR) will come into full effect on May 25 2018 and will impact New Zealand businesses that do business with EU residents or entities or have a presence in the European Union. In addition, the privacy commissioner recently released a report recommending that the Privacy Act be substantially amended (including to comply with the GDPR) and the Ministry of Justice has indicated that privacy reform is a key initiative.

GDPR implementation grows nearer: will Croatia be ready?
  • Croatia
  • February 27 2018

The European Commission's recent communication shows that only two member states have adopted the national legislation required to implement the EU General Data Protection Regulation. Others, Croatia included, are at different stages of the process. To meet the May 25 2018 deadline, Croatia should promptly address its national approach to open issues – in particular, its policies surrounding administrative fines.

FTC settles first children's privacy case involving connected toys
Hunton Andrews Kurth LLP
  • USA
  • January 23 2018

The Federal Trade Commission has announced an agreement with electronic toy manufacturer VTech Electronics Limited and its US subsidiary settling charges that VTech violated the Children's Online Privacy Protection Act by collecting personal information from hundreds of thousands of children without providing direct notice or obtaining their parent's consent and failing to take reasonable steps to secure the data that it had collected.

Are your contracts GDPR compliant? PPN published in relation to new data protection legislation
DAC Beachcroft
  • United Kingdom
  • January 23 2018

The Crown Commercial Service has published a procurement policy note (PPN) in relation to the new data protection legislation that will be implemented shortly. The PPN highlights the fact that the EU General Data Protection Regulation now strikes a more even balance between data processors and data controllers and requires organisations to act immediately to ensure compliance. As the new legislation will apply to the wider public sector, other public bodies may wish to apply the principles of the PPN.

Cyber breach securities suits look to tap D&O coverage
Hunton Andrews Kurth LLP
  • USA
  • January 09 2018

To date, data breach plaintiffs have struggled to find a way to access insurance monies in directors and officers (D&O) liability insurance policies. Recently, plaintiffs have pivoted to securities suits as a potential new way to trigger the deeper pockets associated with D&O policies. Insurers are no doubt monitoring this growing trend of litigation, so insureds should pay close attention to cyber-related exclusions in their D&O policies.

GDPR: what should businesses be doing to prepare for enhanced data protection regime?
DAC Beachcroft
  • United Kingdom
  • January 09 2018

The recently announced Data Protection Bill (which will replace the existing Data Protection Act) will transpose the EU General Data Protection Regulation (GDPR) into UK law and will be applicable despite Brexit. The new enhanced regime will affect all businesses that process data relating to an identified or identifiable natural person. Companies need to be actively preparing to ensure that they are GDPR compliant by identifying what steps are needed to comply with the regime.

Internet neutrality
  • USA
  • December 19 2017

The chair of the US Federal Communications Commission recently outlined plans to bury the internet rules promulgated under the Obama administration that required internet service providers (ISPs) to treat all web traffic equally. Under the proposed changes, ISPs would be allowed to offer web-based services at different speeds and differing service quality. In addition, they could enable more favourable speed or quality, or both, for websites that pay a fee.

Subject access requests under GDPR: much ado about nothing?
DAC Beachcroft
  • United Kingdom
  • December 19 2017

The extent to which the data subject access request (DSAR) regime will change under the EU General Data Protection Regulation and how this will affect employers is becoming clear. For example, the fee for responding to a DSAR will be abolished and the deadline for compliance will be reduced. While there will be some practical differences, an employer that has appropriate systems and procedures in place to deal with DSARs under the existing regime will not need to radically rethink its approach.

Current search

Refine search

Type

Work area

Jurisdiction

Firm