UK

The UK’s New Data Protection Bill: Common Sense Reform or Significant Divergence?

By David Naylor & Malcolm Dowden on March 16, 2023

Posted in Data Privacy, EU, General, General Data Protection Regulation (GDPR), UK

On 8 March 2023 the UK government heralded its new Data Protection and Digital Information (No 2) Bill (the Bill) as a “new common-sense-led version of the EU’s GDPR” that would save the UK economy more than £4 billion over the next 10 years and ensure that privacy and data protection are securely protected”.…

Online Webinar Now Available: Navigating Cross-border Challenges Relating to HR Data Protection and Employee Right-to-Work Compliance

By Kristin Bryan on October 21, 2022

Posted in CCPA, Data Privacy, EU, GDPR, UK, US, Webinar

Last week, CPW’s Alan Friel and David Naylor were joined by Squire Patton Boggs employment and immigration lawyers Gregory Wald, Michael Kelly and Annabel Mace for timely webinar in connection with the British American Business Counsel. A recording of the webinar is now available at this link.
Continue Reading Online Webinar Now Available: Navigating Cross-border Challenges Relating to HR Data Protection and Employee Right-to-Work Compliance

Protecting Electronic Communications Networks and Services from Cyber-Attack and Data Breach: Enhanced Obligations and Board-level Accountability

By Malcolm Dowden & Lucia Rubio Robustillo on October 14, 2022

Posted in Compliance, Consumer Protection, Cybersecurity, Data Breach, Data Privacy, EU, Telecommunications, Telecommunications Security Code of Practice, UK

The UK’s Electronic Communications (Security Measures) Regulations 2022 (the Regulations) came into force on 1 October 2022, together with the Telecommunications Security Code of Practice (the Code of Practice). The Regulations reflect the increased risk of cyber-attack and data breaches, whether for criminal purposes or by potentially hostile states. They supplement general duties imposed on providers of public electronic communications networks and services by the Communications Act 2003, sections 105A and 105C, and provide Ofcom with new powers to monitor and enforce enhanced obligations affecting:

providers of public electronic communications networks (“network providers”); and
providers of public electronic communications services (“service providers”).

…
Continue Reading Protecting Electronic Communications Networks and Services from Cyber-Attack and Data Breach: Enhanced Obligations and Board-level Accountability

CPW Week in Review

By Kristin Bryan on September 26, 2022

Posted in AI, Articles, Biometric data, BIPA, California, California Age-Appropriate Design Code Act (AADC), California Privacy Rights Act, California Privacy Rights Act (CPRA), CCPA, CCPA, CEF, Colorado, Colorado Privacy Act, Compliance, Connecticut, Connecticut Privacy Act (CTPA), Consumer Protection, COPPA, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Data Retention, Digital Technology, EU, European Court of Justice, GDPR, GDPR, General, Litigation, Privacy Litigation, Standard Contractual Clauses (SCCs), Team News, UK, UK Data Transfer Agreement, US, US, Utah, Utah Consumer Privacy Act (UCPA), Virginia Consumer Data Protection Act (VCDPA), Women in Data

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end

Malcolm Dowden and Niloufar Massachi Discuss Vendor…

Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR

By Malcolm Dowden & Niloufar Massachi on September 23, 2022

Posted in California, CCPA, Colorado, Compliance, Connecticut, Cybersecurity, Data Breach, Data Privacy, EU, GDPR, Standard Contractual Clauses (SCCs), UK, UK Data Protection Act 2018;, US, Utah

In a CLE webinar earlier this week, Malcolm Dowden (Partner, London) and Niloufar Massachi (Associate, Los Angeles) discussed evaluating, drafting, and updating vendor agreements to meet the privacy and security requirements of new US privacy laws and the GDPR.
…
Continue Reading Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR

Dark Patterns under the Regulatory Spotlight Again

By Kyle Dull & Sasha Kiosse on September 20, 2022

Posted in California, California Age-Appropriate Design Code Act (AADC), California Privacy Rights Act, CCPA, Compliance, Consumer Protection, COPPA, CPRA, Data Privacy, Data Privacy, Digital Technology, EU, FTC, Targeted Advertising, UK, US

The Federal Trade Commission (FTC) has released a staff report, Bringing Dark Patterns to Light, which discusses misleading and manipulative design practices—dark patterns—in web and mobile apps. These design choices take advantage of users’ cognitive biases to influence their behavior and prevent them from making fully informed decisions about their data and purchases. Dark patterns are employed to get users to surrender their personal information, unwittingly sign up for services, and purchase products they do not intend to purchase. The consequences of dark patterns have been increasingly noticed in the regulatory and legislative sphere, both in the United States and Europe.
…
Continue Reading Dark Patterns under the Regulatory Spotlight Again

CPW Week in Review

By Kristin Bryan on September 19, 2022

Posted in AI, American Data Privacy and Protection Act (ADPPA), Arbitration, Article III, Artificial Intelligence, Biometric, BIPA, California, California Attorney General, California Invasion of Privacy Act, California Privacy Protection Agency, California Privacy Rights Act, California Privacy Rights Act (CPRA), Capture or Use of Biometric Identifier Act (CUBI), CCPA, Colorado, Colorado Privacy Act, Compliance, Connecticut, Connecticut Privacy Act (CTPA), Consumer Protection, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Delaware, Digital Advertising, Digital Markets, Digital Markets Act, Digital Technology, Discovery, DPO, DPPA, Events, FCC, FDCPA, Federal Communications Commission, Federal Question, Florida, FTC, GDPR, HIPAA, ICO, ICO, Idaho, Illinois, Injury in Fact, Litigation, Multidistrict Litigation, New York, Ohio, Privacy Litigation, Ransomware, SEC, Settlement, Standing, TCPA, Team News, Texas, UK, US, Utah Consumer Privacy Act (UCPA), Virginia Consumer Data Protection Act (VCDPA), Virtual Try-On (VTO), Washington, Webinar, Wisconsin, Women in Data

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly…

Data Protection and Digital Information Bill Delayed – Aspects to Consider While We Wait

By Lucia Rubio Robustillo on September 14, 2022

Posted in Compliance, Consumer Protection, Cybersecurity, Data Breach, Data Privacy, Data Protection and Digital Information Bill, DPIA, DPO, EU, GDPR, General, ICO, ICO, UK

The second reading of the Data Protection and Digital Information Bill (the Bill) has been delayed following the election of the new Conservative Party leader. The new date is yet to be announced, but in the meantime, it is worth analysing some of the key changes the Bill proposes. While it promises more flexibility and less ambiguity, practically speaking, the Bill may not represent a fundamental divergence from the current regime.
…
Continue Reading Data Protection and Digital Information Bill Delayed – Aspects to Consider While We Wait