On November 7, 2022, the European Commission (EC) published its proposal for a regulation on data collection and sharing for short-term accommodation rental services (proposal). The proposal includes data sharing and website design requirements for online platforms providing short-term accommodation rental services. It also prompts EU countries to create a harmonized registration process for hosts providing such services. Continue Reading
On December 9, 2022, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published a voluntary Code of Practice for App Store Operators and App Developers (Code). The Code sets out eight core principles to be followed by in-scope entities and is intended to help protect end users from malicious and poorly designed apps by setting minimum security and privacy requirements. These principles have been arrived at following a public consultation launched in May 2022. Continue Reading
On December 9, 2022, the European Commission (EC) published its draft Digital Markets Act (DMA) Implementing Regulation, which will be open for public comment until January 6, 2023. The package is designed to give guidance on the practical aspects of gatekeeper designation and sets out the information required from gatekeepers and their procedural rights. The designation process draws heavily from the EU’s merger control framework and envisages a similar pre-notification phase (including mirroring the EC’s “Form CO” for merger notifications with a “Form GD” for gatekeeper designations). Further guidance on substantive aspects is expected at a later stage. Continue Reading
On November 15, 2022, the Federal Trade Commission (FTC) announced it is extending the deadline for covered financial institutions to comply with the updated Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) by six months.
The FTC originally published updates to the Safeguards Rule in October 2021. Under the updated rule, covered financial institutions had until December 9, 2022, to comply with certain requirements intended to increase security and further protect customer information. Continue Reading
Written Comments Due by November 21
On November 3, 2022, the California Privacy Protection Agency (CPPA, or the Agency) issued modified proposed regulations implementing the California Privacy Rights Act (CPRA), which revise the initial proposed regulations released on July 8, 2022. The Agency’s Notice of Modifications to Text of Proposed Regulations triggers a 15-day public comment period, which ends on November 21, 2022. Below we identify and analyze the key changes from the initial proposed regulations introduced by the modified proposed regulations and discuss the potential topics to be covered in future regulations as discussed during the CPPA Board meeting held on October 28-29, 2022 (“the CPPA October Board Meeting”).
On September 20, 2022, an adviser to the EU’s top court opined that competition authorities may consider a company’s compliance with the EU’s data protection rules as part of an abuse of dominance investigation.
In his Opinion (Opinion), Advocate General (AG) Athanasios Rantos of the EU’s Court of Justice (CJEU) noted that competition authorities do not have direct jurisdiction to enforce non-antitrust legal frameworks, including the EU’s General Data Protection Regulation (GDPR). However, they may review a company’s privacy practices and take these into account as a factor (or as an “incidental question”) to determine if a company is abusing its dominant position. AG Opinions are non-binding, but the CJEU follows them in the majority of cases. If confirmed, the Opinion could empower the European Commission (EC) and national competition authorities to assess data protection violations as evidence of an abuse of dominance. Continue Reading