EU Introduces Legislative Proposal to Collect Data from Short-Term Accommodation Platforms

On November 7, 2022, the European Commission (EC) published its proposal for a regulation on data collection and sharing for short-term accommodation rental services (proposal). The proposal includes data sharing and website design requirements for online platforms providing short-term accommodation rental services. It also prompts EU countries to create a harmonized registration process for hosts providing such services. Continue Reading

UK Government Publishes New Code of Practice for App Store Operators and App Developers

On December 9, 2022, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published a voluntary Code of Practice for App Store Operators and App Developers (Code). The Code sets out eight core principles to be followed by in-scope entities and is intended to help protect end users from malicious and poorly designed apps by setting minimum security and privacy requirements. These principles have been arrived at following a public consultation launched in May 2022. Continue Reading

Some Light Holiday Reading: Draft Procedural Guidance on the EU’s Digital Market Act Open for Consultation

On December 9, 2022, the European Commission (EC) published its draft Digital Markets Act (DMA) Implementing Regulation, which will be open for public comment until January 6, 2023. The package is designed to give guidance on the practical aspects of gatekeeper designation and sets out the information required from gatekeepers and their procedural rights. The designation process draws heavily from the EU’s merger control framework and envisages a similar pre-notification phase (including mirroring the EC’s “Form CO” for merger notifications with a “Form GD” for gatekeeper designations). Further guidance on substantive aspects is expected at a later stage. Continue Reading

FTC Extends Deadline to Comply with the Updated Safeguards Rule Until June 9, 2023

On November 15, 2022, the Federal Trade Commission (FTC) announced it is extending the deadline for covered financial institutions to comply with the updated Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) by six months.

The FTC originally published updates to the Safeguards Rule in October 2021. Under the updated rule, covered financial institutions had until December 9, 2022, to comply with certain requirements intended to increase security and further protect customer information. Continue Reading

California Privacy Protection Agency Releases Modified Proposed CPRA Regulations: An In-Depth Analysis

Written Comments Due by November 21

On November 3, 2022, the California Privacy Protection Agency (CPPA, or the Agency) issued modified proposed regulations implementing the California Privacy Rights Act (CPRA),[1] which revise the initial proposed regulations released on July 8, 2022. The Agency’s Notice of Modifications to Text of Proposed Regulations triggers a 15-day public comment period, which ends on November 21, 2022. Below we identify and analyze the key changes from the initial proposed regulations introduced by the modified proposed regulations and discuss the potential topics to be covered in future regulations as discussed during the CPPA Board meeting held on October 28-29, 2022 (“the CPPA October Board Meeting”).

Continue Reading

EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations

On September 20, 2022, an adviser to the EU’s top court opined that competition authorities may consider a company’s compliance with the EU’s data protection rules as part of an abuse of dominance investigation.

In his Opinion (Opinion), Advocate General (AG) Athanasios Rantos of the EU’s Court of Justice (CJEU) noted that competition authorities do not have direct jurisdiction to enforce non-antitrust legal frameworks, including the EU’s General Data Protection Regulation (GDPR). However, they may review a company’s privacy practices and take these into account as a factor (or as an “incidental question”) to determine if a company is abusing its dominant position. AG Opinions are non-binding, but the CJEU follows them in the majority of cases. If confirmed, the Opinion could empower the European Commission (EC) and national competition authorities to assess data protection violations as evidence of an abuse of dominance. Continue Reading


We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree