cybersecurity

Subscribe to cybersecurity via RSS

On February 7, 2020, the European Data Protection Board (EDPB) published draft guidelines on the processing of personal data in the context of connected vehicles and mobility related applications. If adopted in their current form, the draft guidelines will have far-reaching consequences for connected vehicles and mobility applications that operate in Europe. They contain detailed interpretations of the General Data Protection Regulation (GDPR) and related laws. Notably, the draft guidelines apply the EU cookie rules to connected vehicles, requiring granular consent to collect both personal and non-personal data from connected vehicles.
Continue Reading EU Privacy Regulators Issue Draft Guidelines on Connected Vehicles and Mobility Applications

On December 19, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued his opinion in Schrems II[1] (the opinion). Wilson Sonsini previously covered the key points of the opinion in our Alert of December 20 and now provides a more detailed analysis in this contribution.

At stake in this case is the validity of two key EU data transfers mechanisms, the Standard Contractual Clauses (SCCs) and the EU-U.S. Privacy Shield. The SCCs allow companies to transfer personal data to any country outside of the European Economic Area. The Privacy Shield enables transfers specifically from the EU to the U.S.
Continue Reading CJEU Advocate General Confirms Validity of EU Data Transfer Tools

On October 10, 2019, the California Attorney General’s office issued the proposed text of its California Consumer Privacy Act (CCPA) regulations (the Regulations). The Regulations propose detailed rules regarding required notices for consumers, business practices for handling consumer requests, verification of requests, special rules regarding minors, and non-discrimination. Accompanying the Regulations are the Attorney General’s Initial Statement of Reasons, which provide the justifications for each requirement.
Continue Reading Proposed CCPA Regulations: Clarity or Confusion?

On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through social media buttons and other embedded plugins. Although the ECJ found the operator and plugin provider to be jointly liable, the court placed the burden on the website operator to provide notice and, where necessary, obtain consent for the joint activity. Further, the court found the plugin provider to be independently responsible for any subsequent use of the data. The decision will likely prompt regulators to closely scrutinize the use of third-party plugins.
Continue Reading Website Operator Jointly Liable for Data Collection and Transmission Through Facebook “Like” Button

On July 5, 2019, the UK’s Data Protection Authority (ICO) issued its “Guidance on the use of cookies and similar technologies” (the Guidance) along with a brief explanatory blog post. At the same time the ICO updated its own website cookie notice and consent, leading by example. The ICO’s blog post makes clear that cookie compliance will increasingly be a regulatory priority, and that companies should start working towards compliance now.
Continue Reading The ICO Issues Its Cookies Guidance: Clarified Stance and Enforcement Priorities

On July 18, 2019, the French Data Protection Authority (CNIL) issued new guidance on the use of cookies and similar tracking technologies (collectively referred to as “cookies” below).[1] The guidance clarifies the instances in which companies must obtain consent for the use of cookies and specifies the requirements for obtaining consent.
Continue Reading The CNIL Sharpens Requirements on Deployment of Tracking Technologies