Rosemary Jay’s Guide to the General Data Protection Regulation Released

On February 21, 2017, Sweet & Maxwell published a Guide to the General Data Protection Regulation, written by Hunton & Williams senior consultant attorney Rosemary Jay. The book was released as a companion to Data Protection Law and Practice. Continue Reading

FCC Stays Implementation of Data Security Rules

On March 1, 2017, the Federal Communications Commission (“FCC”), under the new leadership of Chairman Ajit Pai, voted 2-1 to issue a temporary stay of the data security obligations of the FCC’s Broadband Consumer Privacy Rules (the “Rules”), which were to go into effect March 2, 2017. The temporary stay will remain in place until the FCC is able to act on pending petitions for reconsideration. Continue Reading

Webinar on China’s New Cybersecurity Law

China’s new Cybersecurity Law will impose new restrictions on information flows from operators of key information infrastructure, and will become effective in June 2017. Hunton & Williams LLP will host a webinar on China’s New Cybersecurity Law on March 7, 2017, at 12:00 p.m. EST. Join Hunton & Williams partner Bing Maisog to understand the key aspects of the new Cybersecurity Law, including data localization, technology procurement, the handling of personal information, cybersecurity compliance requirements and a potential obligation to support government agencies. Bing also will discuss categories of enterprises established under the new law, sets of obligations that apply to each category, and what kinds of enterprises are likely to fall within each category.

Register for the complimentary webinar now.

CNIL Launches New Public Consultation on the GDPR

On February 23, 2017, the French Data Protection Authority (“CNIL”) launched an online public consultation on three topics identified by the Article 29 Working Party (“Working Party”) in its 2017 action plan for the implementation of the EU General Data Protection Regulation (“GDPR”). The three topics are consent, profiling and data breach notification. Continue Reading

FTC Announces Settlements with Three Companies Accused of Deceiving Consumers About Participating in APEC CBPR Program

On February 22, 2017, the Federal Trade Commission announced that it had reached settlement agreements (“the Proposed Agreements”) with three U.S. companies charged with deceiving consumers about their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (“APEC CBPR”) system. The three companies are Sentinel Labs, Inc. (which provides endpoint protection software), SpyChatter, Inc. (which markets a private messaging app) and Vir2us, Inc. (which distributes cybersecurity software). In separate complaints, the FTC alleged that each company falsely represented in its online privacy policy that it participated in the APEC CBPR program (“the Program”), when in fact none of the companies have ever been certified as required by the Program. The Program requires participants to undergo a review by an APEC-recognized accountability agent, whose review certifies that participants meet the Program’s standards. The Program is based on nine data privacy principles: preventing harm, notice, collection limitation, use choice, integrity, security safeguards, access and correction, and accountability.

Continue Reading

Article 29 Working Party Clarifies Process for Resolving Privacy Shield Complaints

On February 20, 2017, the Article 29 Working Party (“Working Party”) issued a template complaint form and Rules of Procedure that clarify the role of the EU Data Protection Authorities (“DPAs”) in resolving EU-U.S. Privacy Shield-related (“Privacy Shield”) complaints. Continue Reading