On April 1, 2021, California’s Supreme Court ruled unanimously that the state’s prohibition on recording calls without consent applies to parties on the call and not just third-party eavesdroppers. Writing for the Court, Chief Justice Tani G. Cantil-Sakauye wrote that California’s penal code “prohibits parties as well as nonparties from intentionally recording a communication transmitted between a cellular or cordless phone and another device without the consent of all parties to the communication.”
Continue Reading California Supreme Court Requires All-Party Consent to Record Phone Calls

On March 25, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth organized an expert roundtable on the EU Approach to Regulating AI–How Can Experimentation Help Bridge Innovation and Regulation? Roundtable panelists explored how methodologies, such as policy prototyping and regulatory sandboxes, can help create the right rules and frameworks and interpret them constructively for regulating AI in a way that enables responsible innovation and risk mitigation.
Continue Reading CIPL Organizes Webinar on EU Approach to Regulating AI and Regulatory Experimentation

On April 1, 2021, the Supreme Court issued its long-awaited opinion in Facebook, Inc. v. Duguid et al., No. 19-511 (Apr. 1, 2021). At issue in Facebook, was the question of what technology constitutes an “automatic telephone dialing system” within the meaning of the Telephone Consumer Protection Act, 47 U.S.C. §227 et seq. The Supreme Court’s unanimous decision is a huge win for companies who communicate with their consumers by telephone/text message.
Continue Reading Supreme Court Adopts Narrow Interpretation of ATDS

China’s State Administration for Market Regulation has recently issued Measures for the Supervision and Administration of Online Transactions. The Measures implement rules for the E-commerce Law of China and provide the specific rules for addressing registration of an online operation entity, supervision of new business models (such as social e-commerce and livestreaming), platform operators’ responsibilities, protection of consumers’ rights and protection of personal information.
Continue Reading China Issues the Measures for the Supervision and Administration of Online Transactions

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its comments on the Irish Data Protection Commissioner’s draft guidance on the safeguarding of the personal data of children when providing online services.
Continue Reading CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

The Cyberspace Administration of China has released Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications.” The Provisions generally are consistent with the draft version previously issued for public comments on December 1, 2020 and include additional details, as well as new provisions relating to ticketing applications (e.g., those for purchasing seats at performances).
Continue Reading China Issues Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications”

On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.
Continue Reading EDPB Releases Guidelines on Virtual Voice Assistants

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on examples regarding data breach notification. CIPL welcomes the Guidelines which come at a time at which cyber attacks are surging as a result of the move to remote working triggered by the COVID-19 crisis, and should help organizations avoid over-reporting.
Continue Reading CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification