Cybersecurity

Subscribe to Cybersecurity via RSS

Given Broad Definitions, the Law Could Apply to Businesses That Do Not Consider Themselves Data Brokers

While amending the California Consumer Privacy Act of 2018 (CCPA) last term, the California legislature also passed a CCPA-related privacy bill that applies to “data brokers.” Assembly Bill 1202 (AB 1202) requires businesses that qualify as data brokers to register, pay a fee, and provide certain information to the California attorney general. Because AB 1202 relies on the CCPA’s broad definitions of “sell” and “personal information,” many businesses that might not otherwise consider themselves to be data brokers may fall within the data broker definition.
Continue Reading Data Brokers Must Register with California Attorney General by January 31

On October 10, 2019, the California Attorney General’s office issued the proposed text of its California Consumer Privacy Act (CCPA) regulations (the Regulations). The Regulations propose detailed rules regarding required notices for consumers, business practices for handling consumer requests, verification of requests, special rules regarding minors, and non-discrimination. Accompanying the Regulations are the Attorney General’s Initial Statement of Reasons, which provide the justifications for each requirement.
Continue Reading Proposed CCPA Regulations: Clarity or Confusion?

On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through social media buttons and other embedded plugins. Although the ECJ found the operator and plugin provider to be jointly liable, the court placed the burden on the website operator to provide notice and, where necessary, obtain consent for the joint activity. Further, the court found the plugin provider to be independently responsible for any subsequent use of the data. The decision will likely prompt regulators to closely scrutinize the use of third-party plugins.
Continue Reading Website Operator Jointly Liable for Data Collection and Transmission Through Facebook “Like” Button

On July 5, 2019, the UK’s Data Protection Authority (ICO) issued its “Guidance on the use of cookies and similar technologies” (the Guidance) along with a brief explanatory blog post. At the same time the ICO updated its own website cookie notice and consent, leading by example. The ICO’s blog post makes clear that cookie compliance will increasingly be a regulatory priority, and that companies should start working towards compliance now.
Continue Reading The ICO Issues Its Cookies Guidance: Clarified Stance and Enforcement Priorities

In a notice issued July 17, 2019, the Federal Trade Commission (FTC) is seeking public comment on a wide range of issues related to the Children’s Online Privacy Protection Act and implementing Rule (COPPA). The FTC has also announced a public workshop to review the COPPA Rule, to be held on October 7, 2019.
Continue Reading FTC Seeks Public Comment on Children’s Online Privacy Protection Rule

On July 8, 2019, the UK Information Commissioner’s Office (ICO) announced its intention to fine British Airways GBP 183.39 million over a data breach in which the personal data of approximately 500,000 customers was compromised.[1] If made final, the fine—equivalent to approximately U.S. $230 million—would be the biggest fine ever issued by the ICO as well as any Supervisory Authority (SA) in the European Union.
Continue Reading Massive GDPR Fine Proposed by UK ICO Confirms Trend of Increased Focus on EU Data Breaches