On February 22, 2018, the Federal Trade Commission (“FTC”) published a blog post that provides tips on how consumers can use Virtual Private Network (“VPN”) apps to protect their information while in transit over public networks. The FTC notes that some consumers are finding VPN apps helpful in protecting their mobile device traffic over Wi-Fi networks at coffee shops, airports and other locations. Through a VPN app, a user can browse websites and use apps on their mobile devices, still shielding the traffic from prying eyes as it transmits via public networks.

Continue Reading FTC Issues Tips on VPN Apps

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification will come into effect on May 1, 2018. The Specification is voluntary, but could become influential within China because it establishes benchmarks for the processing of personal information by a wide variety of entities and organizations. In effect, the Specification constitutes a best practices guide for the collection, retention, use, sharing and transfer of personal information, and for the handling of related information security incidents. Continue Reading China Releases National Standard on Personal Information Security

On December 21, 2017, the Federal Energy Regulatory Commission (“FERC”) issued a Notice of Proposed Rulemaking (“NOPR”) aimed at expanding mandatory reporting obligations in relation to cybersecurity incidents. In particular, FERC’s NOPR would direct the North American Electric Reliability Corporation (“NERC”) to develop modifications to certain Critical Infrastructure Protection (“CIP”) Reliability Standards so that those standards require mandatory reporting of cybersecurity incidents that compromise or attempt to compromise a responsible entity’s Electronic Security Perimeter (“ESP”) or associated Electronic Access Control or Monitoring Systems. Continue Reading FERC Issues Notice of Proposed Rulemaking Aimed at Expanding Data Breach Reporting Obligations

Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars (the “Guidance”). Noting the ubiquity of connected cars and the rapidity of the industry’s evolution, the officials voiced their collective concern about potential risks to consumers’ data privacy and security. The Guidance identifies as its main concern the lack of available information, user choice, data control and valid consent mechanisms for consumers to control the access to and use of their vehicle and driving-related data. Building on existing international guidelines and resolutions, the Guidance urges the automobile industry to follow privacy by design principles “at every stage of the creation and development of new devices or services.”

Continue Reading Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

On April 4, 2017, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the Proposed Regulation of the European Commission for the ePrivacy Regulation (the “Proposed ePrivacy Regulation”). The Proposed ePrivacy Regulation is intended to replace the ePrivacy Directive and to increase harmonization of ePrivacy rules in the EU. A regulation is directly applicable in all EU Member States, while a directive requires transposition into national law.  Continue Reading Working Party Adopts Opinion on Proposed ePrivacy Regulation

The State Administration for Industry and Commerce of the People’s Republic of China published a draft of its Implementing Regulations for the P.R.C. Law on the Protection of the Rights and Interests of Consumers (the “Draft”) for public comment. The draft is open for comment until September 5, 2016.

Continue Reading China’s State Administration for Industry and Commerce Publishes Draft Regulations on the Protection of Consumer Rights

On July 25, 2016, the Article 29 Working Party (the “Working Party”) and the European Data Protection Supervisor (“EDPS”) released their respective Opinions regarding the review of Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”). Both the Working Party and the EDPS stressed that new rules should complement the protections available under the EU General Data Protection Regulation (“GDPR”). Continue Reading Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

In a recently published decision, the Belgian Court of Cassation confirmed the broad interpretation given to the “right to be forgotten” by a Belgian Court of Appeal (i.e., Cour d’Appel de Liège, 2013/RG/393, September 25, 2014).

The judgment was rendered in a case initiated by an individual against a Belgian newspaper for not complying with a request to remove from its online archives an article from 1994 regarding a car accident causing the death of two persons in which the individual was involved.

Continue Reading Belgian Court of Cassation Rules on Right to Be Forgotten

After much debate, the final version of the EU General Data Protection Regulation (“GDPR”) is expected to be adopted by the European Parliament this week and to take effect in early 2018. The GDPR will significantly change EU data protection law in several areas, affecting all businesses in the energy, financial, health care, real estate, manufacturing, retail, technology and transportation industries, among others. To assist in-house lawyers and privacy professionals with understanding the new GDPR and planning ahead for implementation, Hunton & Williams’ Privacy and Cybersecurity practice lawyers have released The EU General Data Protection Regulation, a Guide for In-House Lawyers covering these strategic areas: Continue Reading Hunton Releases 2016 EU General Data Protection Regulation Guide for In-House Lawyers