Cybersecurity

Subscribe to Cybersecurity via RSS

On May 1, 2019, WSGR convened a panel of regulators and experts to discuss recent developments in European data protection law. The panel, moderated by Cédric Burton, featured Bruno Gencarelli, head of the International Data Flows and Protection Unit of the European Commission, Isabelle Vereecken, head of the Secretariat of the European Data Protection Board (EDPB), and Dr. Christopher Kuner, senior privacy counsel at WSGR.
Continue Reading WSGR Event Recap: The State of Play in European Data Protection Law

On May 1, 2019, WSGR held a panel discussing state and federal legislative privacy developments, including the California Consumer Privacy Act (CCPA). The panel, moderated by Chris Olsen, featured Ashkan Soltani, former chief technologist at the Federal Trade Commission (FTC), and Shaundra Watson, the senior director for policy at BSA (The Software Alliance). Here are the key takeaways from the discussion:
Continue Reading WSGR Event Recap: Key State and Federal Legislative Privacy Developments

On May 1, 2019, WSGR held an event in which regulators and experts discussed privacy developments in the U.S. and Europe. The first session featured a fireside chat with the Federal Trade Commission’s (FTC’s) Bureau of Consumer Protection Director, Andrew Smith, on “The State of Play at the FTC on Privacy.” In case you missed it, here are the key takeaways from the discussion:

  • More specificity in data security orders. Director Smith noted that we should expect to see more specificity in data security orders moving forward, particularly after the Eleventh Circuit’s decision in LabMD.1 He mentioned that the FTC’s approach to post-LabMD orders is still evolving, but the next data security order entered will likely reflect the FTC’s new approach.

Continue Reading WSGR Event Recap: The State of Play at the FTC on Privacy

On March 21, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued an opinion (opinion) in the Planet49 case[1] on what constitutes valid consent for cookies under the Data Protection Directive, the GDPR, and the e-Privacy Directive.

In particular, the AG opines that: 1) a pre-ticked checkbox that users must untick to refuse consent does not constitute valid consent; 2) consent for cookies should not be bundled with other consents; and 3) users must be informed about the cookies’ lifespan and the third parties accessing the cookies. AG opinions are not binding on the CJEU, but are often influential. If the CJEU follows the AG Opinion, it will likely impact widely-adopted cookie consent practices in the EU and underlying business models that rely on such consent.
Continue Reading CJEU Advocate General Opinion Calls for Active and Separate Cookie Consents

On January 23, 2019, the European Data Protection Board (EDPB) issued an opinion (Opinion) on the interplay between the Clinical Trial Regulation (CTR) and the General Data Protection Regulation (GDPR), an issue which has been the subject of intense debate and that resulted in a draft, and still non-public, FAQ prepared by the EU Commission. The Opinion comments on the draft FAQ and provides some insight on data protection regulators’ view on how the GDPR applies to patient data collected as a part of a clinical trial.

In short, the EDPB takes the position that consent under the GDPR, and informed consent under the CTR, are different concepts, and that various legal grounds, including consent, are available under the GDPR to process patient personal data in the clinical trial context. Practically speaking, organizations will have to conduct a case-by-case assessment of the various options available.
Continue Reading EDPB Opinion on Consent and Legal Basis in Clinical Trials