On April 8, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted comments in response to the Ministry of Public Security (“MPS”) of Vietnam’s Draft Decree on Personal Data Protection (“Draft Decree”).

Continue Reading CIPL Submits Comments on Vietnam’s Draft Decree on Personal Data Protection

On March 18, 2021, Lisa Sotto, Chair of Hunton’s global Privacy and Cybersecurity practice, and Mike Swift, MLaw Chief Global Digital Risk Correspondent, led a webinar on Everything You Need to Know About the California Privacy Rights Act. The webinar, which was part of LexisNexis’ Emerging Issues Webinar Series, provides an immersive look at the California Privacy Rights Act (“CPRA”) and other recent privacy laws. Continue Reading Lisa Sotto Leads LexisNexis’ Emerging Issues Webinar on Everything You Need to Know About the CPRA

On March 31, 2021, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”), announced a fine of €475,000 for Dutch headquartered online travel agency Booking.com for failure to report a data breach within 72 hours of becoming aware of the incident in 2019. Continue Reading Dutch Regulator Fines Booking.com 475,000 Euros for Late Breach Reporting

On March 25, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth organized an expert roundtable on the EU Approach to Regulating AI–How Can Experimentation Help Bridge Innovation and Regulation? (the “Roundtable”). The Roundtable was hosted by Dragoș Tudorache, Member of Parliament and Chair of the Artificial Intelligence in the Digital Age (“AIDA”) Committee of the European Parliament.  The Roundtable gathered industry representatives and data protection authorities (“DPAs”) as well Axel Voss, Rapporteur of the AIDA Committee. Continue Reading CIPL Organizes Webinar on EU Approach to Regulating AI and Regulatory Experimentation

On April 1, 2021, the Supreme Court issued its long-awaited opinion in Facebook, Inc. v. Duguid et al., No. 19-511 (Apr. 1, 2021).  At issue in Facebook, was the question of what technology constitutes an “automatic telephone dialing system” (“ATDS”) within the meaning of the Telephone Consumer Protection Act, 47 U.S.C. §227 et seq (“TCPA”). The Supreme Court’s unanimous decision is a huge win for companies who communicate with their consumers by telephone/text message. Continue Reading Supreme Court Adopts Narrow Interpretation of ATDS

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently announced more settlements associated with its HIPAA Right of Access Initiative. The settlements with Village Plastic Surgery (“VPS”) and The Arbour, Inc. (“Arbour”) resulted in combined civil monetary penalties of $95,000.

Continue Reading OCR Continues to Settle HIPAA Right of Access Initiative Cases

On March 30, 2021, the European Commission (the “Commission”) announced the successful conclusion of the adequacy talks with the Republic of Korea. Continue Reading European Union and South Korea Complete Adequacy Talks

On March 15, 2021, China’s State Administration for Market Regulation (“SAMR”) issued Measures for the Supervision and Administration of Online Transactions (the “Measures”) (in Chinese). The Measures implement rules for the E-commerce Law of China and provide specific rules for addressing registration of an online operation entity, supervision of new business models (such as social e-commerce and livestreaming), platform operators’ responsibilities, protection of consumers’ rights and protection of personal information.

Continue Reading China Issues the Measures for the Supervision and Administration of Online Transactions

On March 26, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its comments on the Irish Data Protection Commissioner’s (“DPC”) draft guidance on safeguarding the personal data of children when providing online services, “Children Front and Centre—Fundamentals for a Child-Oriented Approach to Data Processing” (the “Draft Guidance”). Continue Reading CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

On March 15, 2021, the state Data Protection Authority of Bavaria (“Bavarian DPA”) declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine (acting as controller) in Bavaria impermissible due to non-compliance with Schrems II mitigation steps in relation to the transfer of e-mail addresses to Mailchimp in the U.S.

Continue Reading Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures