Supreme Court Curtails FTC Authority to Obtain Monetary Relief via Section 13(b)

The FTC’s toolkit to enforce unfair and deceptive practices in the privacy and cybersecurity realm was reduced last week when the Supreme Court ruled that Section 13 of the FTC Act does not allow for monetary relief. Read more about the decision and its impact. The FTC retains authority to […]

Second Circuit Rules Individuals Have Standing to Sue for ‘Increased Risk’ of Identity Theft

Earlier this week, the United States Court of Appeals for the Second Circuit held that where personal information is disclosed without authorization, impacted individuals may have standing to sue if they can show an “increased risk” of identity theft or fraud, even if this hasn’t yet happened. The court, which […]

EU’s Artificial Intelligence Regulation – Tough Tests for Smart Products

EU proposal extends product safety, data protection and cybersecurity concepts to groundbreaking AI regulation What has happened? The European Commission has finally published its much-anticipated proposal for a broad regulation to cover the use of artificial intelligence in the EU. This is a world-first – no other jurisdiction has yet […]

European Data Protection Board Publishes Opinions on European Commission’s Draft UK Adequacy Decision

The European Commission published on February 19, 2021 its draft decision granting data protection adequacy status to the UK under Article 45(3) of the GDPR. Once published, the European Commission submitted the draft decision to the European Data Protection Board for its review, which has just issued two opinions: Opinion […]

Virginia Becomes Second US State to Enact Comprehensive Privacy Law

Last week, Virginia’s governor signed into law the Consumer Data Protection Act, which will take effect on January 1, 2023. This makes Virginia the second state in the US to pass a comprehensive data privacy law. California became the first with the enactment of the California Consumer Privacy Act of […]

European Commission Proposes Stricter, More Encompassing Cybersecurity Obligations for Companies

The last months of 2020 saw impressive legislative activity by the European Commission, as it rolled out proposals for several regulations (namely, the Data Governance Act, the Digital Services Act and the Digital Markets Act), as well as proposed new Standard Contractual Clauses for international data transfers (expected to be […]

The European Commission Publishes Draft UK Adequacy Decision

What has happened? The European Commission has published its draft decision on February 19, 2021 granting data protection adequacy status to the UK under Article 45(3) of the GDPR. The draft decision is currently under review by the European Data Protection Board, which will issue its opinion (not binding) in […]

Improving Cyber Insurance Practice Should Be a Company’s Priority

The New York State Department of Financial Services recently issued guidance for New York-regulated property and casualty insurers to effectively manage the cyber insurance risk present in their insurance portfolio. The DFS’ guidance signals an effort to reduce overall volatility in the cyber insurance market, which has been compounded by […]

FTC Requires App Developer to Obtain Users’ Express Consent for Use of Facial Recognition

The Federal Trade Commission announced on January 11 that Everalbum, the developer of the photo storage application called Ever, settled allegations that it deceived users about its use of facial recognition technology and retained photos and videos from users who had deactivated their accounts in violation of its own privacy policy. […]

European Regulator Announces Strategic Data Protection Objectives for Upcoming Years

On 15 December 2020, the EU data protection regulator – the European Data Protection Board – adopted its Strategy for 2021-2023, which outlines its objectives and key actions for the upcoming years. At the outset, the EDPB recalls that its strategy, as well as its work in general, are guided […]