Privacy

Subscribe to Privacy via RSS

On December 15, 2020, the European Commission (EC) unveiled a set of proposals to regulate digital platforms. The draft laws include antitrust-related requirements, addressed by the Digital Markets Act (DMA) and more general regulatory requirements, addressed in the Digital Services Act (DSA). The DMA/DSA package will apply to all digital services, including social media, online marketplaces, and other online platforms, meaning tech companies active in Europe will have a new set of rules to follow.
Continue Reading European Commission Proposes New Rules for Digital Platforms

On December 24, 2020, the European Commission (EC) and UK government announced the long-awaited EU-UK Trade and Cooperation Agreement (the Brexit Agreement), which sets out the future relations between the EU and the UK. If approved, the Brexit Agreement will become effective on January 1, 2021, and will have the following repercussions:
Continue Reading The Privacy Impact of the New Brexit Deal

Apple recently announced that app developers must check a series of yes/no boxes that will generate a “nutrition label”-style summary of the app’s privacy practices. This new summary, formally called “App Privacy,” will be shown to users within the App Store before they install an app. This is the latest move in Apple’s ongoing effort to make privacy practices more transparent, and it requires app developers to take action now to ensure they can continue to update their apps after December 8, 2020. If developers take no action, their apps will essentially be frozen as they exist on that date.
Continue Reading Apple Requires Apps to Include New Privacy “Nutrition Label” by December 8, Delays Opt-In for Tracking Requirement Until Early 2021

On December 8, 2020, the Supreme Court heard argument in Facebook, Inc. v. Duguid,1 a case addressing a split among federal circuit courts as to what constitutes an “automatic telephone dialing system”—often referred to as an “autodialer”—under the Telephone Consumer Protection Act (TCPA).2 The Court’s decision could significantly reduce the risk of TCPA litigation directed at online platforms and apps with text messaging functionality.
Continue Reading U.S. Supreme Court Hears Argument over Frequently Litigated Provision of the TCPA

In a security advisory this past weekend, SolarWinds disclosed that its systems experienced a highly sophisticated supply chain attack on versions of its Orion network monitoring products released between March and June 2020. The New York Times has reported that it is highly likely that the Russian intelligence unit known as Cozy Bear, or A.P.T. 29, carried out the attack, which involved inserting malicious code into automatic product updates to allow the attackers to gain a foothold in networks, impersonate highly privileged accounts, and blend their reconnaissance traffic with legitimate activity. The U.S. government has not commented on attribution at this time.
Continue Reading Does the SolarWinds Supply Chain Attack Affect Your Company? Legal Considerations for Responding to the Massive Cybersecurity Incident

On November 12, 2020, the European Commission (EC) issued a draft version of a new set of Standard Contractual Clauses (New SCCs). The long-awaited New SCCs include several modules that companies can use depending on the transfer scenarios, such as controller-to-controller, controller-to-processor, and processor-to-processor data exports. The New SCCs have also been updated to reflect the high standard for data protection set forth in the General Data Protection Regulation (GDPR) and to take into account the requirements resulting from the Schrems II ruling.
Continue Reading European Commission Issues New SCCs for Data Transfers to Third Countries