The European Commission has adopted today the long-awaited new sets of Standard Contractual Clauses: one for use between controllers and processors in the EU/EEA and one for the transfer of personal data to third countries.
On May 12, 2021, the US president issued an “Executive Order on Improving the Nation’s Cybersecurity.” The EO follows on the heels of the Colonial Pipeline ransomware attack, along with the Codecov and Solar Winds supply-chain attacks. While the EO focuses primarily on internal-government actions, the presidential order expresses hope […]
Federal Trade Commission (FTC) staff published a blog post that highlights increased cybersecurity threats and emphasizes the key role corporate boards play in a successful cybersecurity program: “Corporate boards: don’t underestimate your role in data security oversight.” Boards that are not actively considering cybersecurity risks should take notice.
The FTC’s toolkit to enforce unfair and deceptive practices in the privacy and cybersecurity realm was reduced last week when the Supreme Court ruled that Section 13 of the FTC Act does not allow for monetary relief. Read more about the decision and its impact. The FTC retains authority to […]
Earlier this week, the United States Court of Appeals for the Second Circuit held that where personal information is disclosed without authorization, impacted individuals may have standing to sue if they can show an “increased risk” of identity theft or fraud, even if this hasn’t yet happened. The court, which […]
EU proposal extends product safety, data protection and cybersecurity concepts to groundbreaking AI regulation What has happened? The European Commission has finally published its much-anticipated proposal for a broad regulation to cover the use of artificial intelligence in the EU. This is a world-first – no other jurisdiction has yet […]
European Data Protection Board Publishes Opinions on European Commission’s Draft UK Adequacy Decision
The European Commission published on February 19, 2021 its draft decision granting data protection adequacy status to the UK under Article 45(3) of the GDPR. Once published, the European Commission submitted the draft decision to the European Data Protection Board for its review, which has just issued two opinions: Opinion […]
The last months of 2020 saw impressive legislative activity by the European Commission, as it rolled out proposals for several regulations (namely, the Data Governance Act, the Digital Services Act and the Digital Markets Act), as well as proposed new Standard Contractual Clauses for international data transfers (expected to be […]
The New York State Department of Financial Services recently issued guidance for New York-regulated property and casualty insurers to effectively manage the cyber insurance risk present in their insurance portfolio. The DFS’ guidance signals an effort to reduce overall volatility in the cyber insurance market, which has been compounded by […]
On 15 December 2020, the EU data protection regulator – the European Data Protection Board – adopted its Strategy for 2021-2023, which outlines its objectives and key actions for the upcoming years. At the outset, the EDPB recalls that its strategy, as well as its work in general, are guided […]