Digital concept of graphs

Topic: Data and cybersecurity

 Subscribe to Data and cybersecurity

Global Privacy Control Opt-Out of “Sale” – A Technical and Legal Viewpoint

September 21, 2021

According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”).

It must be as easy to reject cookies as it is to accept them: 40 additional organizations on the radar of the CNIL

September 21, 2021

As part of its global strategy to ensure compliance with its new cookies mandatory guidelines, and as announced in its priority control themes for 2021, in May 2021 the CNIL issued formal notices to over twenty organizations (including international actors in the digital economy and some public bodies) for not enabling users to accept or refuse cookies using equally easy steps. These organizations all remedied the identified breaches within the month granted, but the CNIL has identified and sent formal enforcement notices regarding the same issue to a further 40 non-compliant organizations in the meantime.

Subject Access Request: Germany’s highest court widens the scope of data subject access requests in Germany

September 21, 2021

Germany’s highest civil court, the Federal Court Of Justice (Bundesgerichtshof, the FCJ), has just published a decision specifying the scope of data subject access requests (DSARs). The FCJ held that Article 15 of the EU General Data Protection Regulation (GDPR) has a broader scope than previously understood in Germany. Pursuant to the court’s decision, Article 15 GDPR also covers information already known about the data subject, previous correspondence and notes of internal processes or internal communications related to the data subject.

"Am I a CII operator?" - New regulation in China provides more clarity

September 21, 2021

China’s Cyber Security Law (CSL), enacted in 2016, requires operators of critical information infrastructure (CII) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China. Given the more onerous obligation on CII operators, we are constantly asked the same key question by our clients who do business in China: “Am I a CII operator?”. Now, a new regulation provides more clarity on this.

China passes the Personal Information Protection Law

September 21, 2021

China passed its Personal Information Protection Law (PIPL) on 20 August 2021. The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet.

PIPL: A game changer for companies in China

September 21, 2021

China passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add another layer of complexity with respect to compliance with China’s security and data laws and regulations.

Ontario moves towards introducing new privacy law

September 21, 2021

Given global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy legislation, the Personal Health Information Protection Act (PHIPA)), is intended to enhance the public’s confidence in Ontario’s digital economy by recognizing individuals’ fundamental right to privacy and imposing strict compliance obligations and financial penalties on organizations doing business in Ontario.

GLEIF unveils issuance and infrastructure models for verifiable LEI system

February 12, 2021

On 11 February 2021, the Global Legal Entity Identifier Foundation (GLEIF) published issuance and technical infrastructure models for its recently announced verifiable LEI (vLEI) system.

GLEIF unveils issuance and infrastructure models for verifiable LEI system

February 12, 2021

On 11 February 2021, the Global Legal Entity Identifier Foundation (GLEIF) published issuance and technical infrastructure models for its recently announced verifiable LEI (vLEI) system.

New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient

December 18, 2020

On 16 December 2020, the European Commission published a new EU cybersecurity strategy.