Privacy

Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

By Laura De Boel, Cédric Burton, Maneesha Mithal & Rossana Fol on March 29, 2022

On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. The new Framework is yet to be set out in legal documents, which will need to be negotiated and adopted. Timing for the adoption remains unclear.
Continue Reading Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

Rules of the Road for Advertisers and Marketers: The Basics

By Maneesha Mithal on March 24, 2022

Posted in Privacy, Regulatory

As the United States cautiously emerges from the depths of the pandemic, researchers are forecasting double-digit gains in ad spending for 2022. If you’re part of the wave of companies developing new advertising campaigns, you’ll want to brush up on legal requirements designed to ensure that your ads are truthful, fair, and evidence-based. Failure to follow these rules can lead to regulator or competitive lawsuits, reputational harm, loss of consumer trust, significant fines or damages, and in some cases, requirements for corrective disclosures.
Continue Reading Rules of the Road for Advertisers and Marketers: The Basics

FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices

By Roger Li, Megan Kayo, Maneesha Mithal, Tracy Shapiro & Beth George on March 23, 2022

Posted in Cybersecurity, Privacy

On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020 (collectively, CafePress). The FTC alleged that CafePress, an online platform used by consumers who bought or sold customized t-shirts, mugs, and other merchandise, had, among other things, failed to implement reasonable security measures, and misrepresented that it would use email addresses for order notification and receipt, when in fact it used email addresses for marketing purposes. As part of the proposed settlements with Residual Pumpkin and Planet Art, each is required, among other things, to implement, annually assess, test, and monitor a comprehensive written information security program. Residual Pumpkin also would be required to pay a $500,000 penalty.
Continue Reading FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices

SEC Proposes New Cybersecurity Reporting and Enhanced Standardized Disclosure

By Megan Kayo, Matthew Staples, Jose F. Macias & Beth George on March 16, 2022

Posted in Cybersecurity, Privacy, Regulatory

On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require current and periodic reporting of material cybersecurity incidents as well as more detailed disclosure of cybersecurity risk management, expertise, and governance. This alert summarizes the proposed changes, which are subject to public comment until the later of May 9, 2022 or 30 days after publication in the Federal Register.
Continue Reading SEC Proposes New Cybersecurity Reporting and Enhanced Standardized Disclosure

FYI on NFTs: Consumer Protection and Privacy Considerations

By Dan Chase & Maneesha Mithal on March 8, 2022

Posted in Privacy, Regulatory

Thinking of creating a non-fungible token (NFT) marketplace? You’re not alone. Global NFT transactions have risen from $40.96 million in 2018 to around $25 billion in 2021. Organizations from the NBA to Taco Bell have begun implementing NFT strategies. As blockchain-native artifacts, NFTs’ immutability, digital scarcity, and transferability have catalyzed growing interest among consumers and businesses alike, inspiring companies of all sizes to explore potential use-cases ranging from standalone art pieces, to NFTs tied to physical products, to NFTs with real-world or virtual components.
Continue Reading FYI on NFTs: Consumer Protection and Privacy Considerations

EU Parliament and Council Take Next Steps to Advance Major New Rules for Digital Platforms

By Roberto Yunquera Sehwani, Laurine Daïnesi Signoret, Deirdre Carroll, Cédric Burton & Beau Buffier on February 25, 2022

Posted in European Union, Privacy, Regulatory

The EU Parliament and the EU Council recently adopted their respective versions of the Digital Markets Act (DMA) and Digital Services Act (DSA), which intend to create new antitrust-related (DMA) and regulatory (DSA) rules applicable to digital platforms.¹

The adoption of the draft amendments by the EU Parliament and the EU Council constitutes a critical step towards final adoption of these laws. Now, the EU Commission (EC), Parliament, and Council are undergoing negotiations (so-called “trilogues“) to agree on a final version of the laws. The institutions could reach an agreement on the DMA and the DSA within the coming months, but it may take some time before it is enacted.
Continue Reading EU Parliament and Council Take Next Steps to Advance Major New Rules for Digital Platforms

The Data Advisor