Cybersecurity

Subscribe to Cybersecurity via RSS

On July 18, 2022, the EU Council formally adopted the EU Digital Markets Act (DMA), following approval by the EU Parliament earlier this month (the press releases are available here and here). The final DMA text as approved is available here.

As next steps, the final text of the law will be signed by the Parliament and Council Presidents and will be published in the EU Official Journal. The Publications Office still needs to make some further technical edits to the text before it can be published, including to clarify the date of application (i.e., add a specific date, given that the text currently states “[6 months after entry into force]”). We expect that final publication in the EU Official Journal will take place this fall.
Continue Reading EU Parliament and EU Council Approve the DMA

On June 3, 2022, members of the U.S. Congress released a bipartisan, bicameral discussion draft of a comprehensive national data privacy and data security framework. The draft is notable in that it reflects a compromise on the two issues that have for years vexed lawmakers angling for federal privacy legislation: preemption and private right of action. The House Energy and Commerce Committee has announced a hearing for June 14 to discuss the draft.

The discussion draft has become widely known as the “three corners” bill, because it has the support of three of the four “corners” of the relevant committees: the Chair and Ranking Member of the House Energy and Commerce Committee and the Ranking Member of the Senate Commerce Committee. Notably, the fourth “corner,” Senate Commerce Committee Chair Maria Cantwell, is circulating her own draft.[1] While there are similarities between the two drafts, the differences reflect the likely sticking points among the negotiators.Continue Reading Privacy Legislation Update: The “Three Corners” Bill and the Cantwell Draft

On May 27, 2022, the California Privacy Protection Agency (CPPA) released a much-anticipated first draft of some of the anticipated regulations implementing the California Privacy Rights Act (CPRA).[1] The release accompanied the CPPA’s announcement of its next public meeting on June 8, 2022, where the agency will, among other agenda items, consider possible action regarding the draft regulations and the delegation of rulemaking authority functions to the CPPA’s executive director. Ahead of this meeting, on June 3, the CPPA released a draft Initial Statement of Reasons (ISOR) to accompany the draft regulations, which provides an explanation of the purpose and necessity of the draft regulations, along with an FAQ offering further information about the draft regulations and rulemaking process. While the formal CPRA rulemaking process has not yet officially begun, we expect to learn more about a potential schedule for the notice and comment period for the regulations at the CPPA’s June 8 meeting.

For a more high-level overview of the draft regulations’ key takeaways, please see our Wilson Sonsini Alert.
Continue Reading California Privacy Protection Agency Releases Draft CPRA Regulations – An In-Depth Analysis

COVID-19 has rapidly accelerated our expectations that virtual connection can deliver better and more economical care. As a result, digital health companies have an unprecedented opportunity to innovate, but with that opportunity also comes significant regulatory challenges related to the collection and processing of personal health information. What legal requirements apply to processing of health information? What are the risks associated with noncompliance? In this brief primer, we provide answers to these questions, and a window to what may lay next on the horizon.
Continue Reading Privacy and Security of Health Information: A Primer for Digital Health Companies

As a fintech company, platform offering payment services, or a cryptocurrency business, you may be used to operating in uncharted waters; the Consumer Financial Protection Bureau (CFPB), however, is ready to start drawing some maps. It has announced that it will begin to exercise its supervisory authority over non-bank consumer financial entities that the CFPB has reason to believe pose risks to consumers. It also announced a new procedural rule to govern when CFPB decisions related to these supervisory actions will be made available to the public.
Continue Reading CFPB and Fintech Companies: Charting a New Course on Regulatory Supervision

The EU is close to finalizing the adoption of the Digital Services Act (DSA), which will impose new obligations on digital platforms regarding content moderation, due diligence for illegal content, and advertising transparency. It will entail significant changes to existing EU law in these areas and will impose substantial new compliance burdens on companies in regard to online content.
Continue Reading EU Reaches Political Agreement on Additional New Rules for Digital Platforms in the Digital Services Act