The Colorado Privacy Act is enforceable since July 1, 2023. Just as the California Attorney General has done through several sweeps (see here and here), the Colorado Attorney General, Phil Weiser, has announced through letters sent to business that enforcement of the Colorado Privacy Act has begun. The initial round of letters are meant to educate businesses on their new obligations, with particular emphasis on the collection and use of sensitive data and related prior…
The Information Commissioner’s Office (ICO) has published an update confirming its plans to cease enforcement of certain breaches of regulation 5A of the Privacy and Electronic Communications Regulations 2003 (PECR) against public electronic communications service providers (CSPs). Regulation 5A PECR requires CSPs to notify the ICO within 24 hours of becoming aware of a personal data breach. The ICO initially published a statement on 20 January 2023 which stated that it had decided to stop…
In recent years, CDA 230 has come under scrutiny for its alleged impact on freedoms of speech, online safety, and misinformation. We describe recent examples of lawmakers and authorities seeking to impose more onerous content moderation restrictions or obligations on digital platforms.
Children now spend a lot of time playing games online, but the gaming industry has received less scrutiny than social media or streaming platforms over privacy concerns. As gaming grows, the scale of user vulnerability increases as well. Many young people do not understand the data risks posed by online games. Luckily, privacy regulators are increasingly focusing efforts toward protecting children’s safety and autonomy online. Young people enjoy online games because they allow for play, learning and…
El Parlamento Europeo aprobó el 5 de julio el articulado final del Reglamento de Servicios Digitales (DSA) y del Reglamento de Mercados Digitales (DMA). Estas normas regulan la posición jurídica de proveedores de servicios digitales de intermediación (p. e. plataformas como marketplace, motores de búsqueda, redes sociales, servicios de hosting, etc.) y, consecuentemente, afectan también a todos los demás players (usuarios y empresas de todos los tamaños) que interactúan a través de sus servicios.…
Friday 28 January 2022 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2022, our Global Data Privacy and Security Team have provided a roundup of key trends and developments across the globe from a data protection perspective as well as looking ahead to what to expect in 2022. There are new laws and developments to keep…
Brian Hengesbaugh and Partner Paul Glass dissect the recent guidance issued by the ICO in response to the SoldWinds cyber attack. Listen to hear: an overview of what the guidance sayswhy the ICO decided to release guidance in regards to this incidenthow companies should best approach the 72-hour notification rule https://open.spotify.com/episode/5ufO2qYMt4rPOQiVOKHo4n?si=ZMqpxKVpRvKsT8G7jo6o-A
A global conversation exploring the key issues re-shaping the workforce in light of heightened disruption, technological advancements and cultural shifts. Companies are facing critical business challenges in regard to their most important asset – their people. While workforce transformation is not a new concept for global organizations, the pandemic has forced us to rapidly adapt our standard ways of working and how we engage with employees to ensure the long-term viability of the business. We…
Disruptive cyber-attacks aimed at supply chains are on the rise, as the recent SolarWinds security breach has so prominently brought to light. While your immediate IT infrastructure may not have been directly impacted by that breach, now may be a good time to check-in with you key service providers. If they host or in any way process digital assets on your behalf, there is reason for concern in light of the devastating SolarWinds security breach.…
In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…