
Topic: Data and cybersecurity
Subscribe to Data and cybersecurityGlobal Privacy Control Opt-Out of “Sale” – A Technical and Legal Viewpoint
September 21, 2021
According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”).
It must be as easy to reject cookies as it is to accept them: 40 additional organizations on the radar of the CNIL
September 21, 2021
As part of its global strategy to ensure compliance with its new cookies mandatory guidelines, and as announced in its priority control themes for 2021, in May 2021 the CNIL issued formal notices to over twenty organizations (including international actors in the digital economy and some public bodies) for not enabling users to accept or refuse cookies using equally easy steps. These organizations all remedied the identified breaches within the month granted, but the CNIL has identified and sent formal enforcement notices regarding the same issue to a further 40 non-compliant organizations in the meantime.
Subject Access Request: Germany’s highest court widens the scope of data subject access requests in Germany
September 21, 2021
Germany’s highest civil court, the Federal Court Of Justice (Bundesgerichtshof, the FCJ), has just published a decision specifying the scope of data subject access requests (DSARs). The FCJ held that Article 15 of the EU General Data Protection Regulation (GDPR) has a broader scope than previously understood in Germany. Pursuant to the court’s decision, Article 15 GDPR also covers information already known about the data subject, previous correspondence and notes of internal processes or internal communications related to the data subject.
"Am I a CII operator?" - New regulation in China provides more clarity
September 21, 2021
China’s Cyber Security Law (CSL), enacted in 2016, requires operators of critical information infrastructure (CII) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China. Given the more onerous obligation on CII operators, we are constantly asked the same key question by our clients who do business in China: “Am I a CII operator?”. Now, a new regulation provides more clarity on this.
China passes the Personal Information Protection Law
September 21, 2021
China passed its Personal Information Protection Law (PIPL) on 20 August 2021. The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet.
PIPL: A game changer for companies in China
September 21, 2021
China passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add another layer of complexity with respect to compliance with China’s security and data laws and regulations.
Ontario moves towards introducing new privacy law
September 21, 2021
Given global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy legislation, the Personal Health Information Protection Act (PHIPA)), is intended to enhance the public’s confidence in Ontario’s digital economy by recognizing individuals’ fundamental right to privacy and imposing strict compliance obligations and financial penalties on organizations doing business in Ontario.
GLEIF unveils issuance and infrastructure models for verifiable LEI system
February 12, 2021
On 11 February 2021, the Global Legal Entity Identifier Foundation (GLEIF) published issuance and technical infrastructure models for its recently announced verifiable LEI (vLEI) system.
GLEIF unveils issuance and infrastructure models for verifiable LEI system
February 12, 2021
On 11 February 2021, the Global Legal Entity Identifier Foundation (GLEIF) published issuance and technical infrastructure models for its recently announced verifiable LEI (vLEI) system.
New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient
December 18, 2020
On 16 December 2020, the European Commission published a new EU cybersecurity strategy.