Stay current on your favorite topics
The Technology Newsflash contains articles and timely updates on the latest technology, outsourcing and privacy legal issues and trends affecting businesses today. We encourage you to visit the site often as it is updated regularly. We welcome any questions about the topics covered here and those relating to our global capabilities.
Table of Contents
What follows is a useful checklist to help officers and directors adequately monitor and oversee their company's Cybersecurity Regulation compliance efforts.
The European Commission has published a draft Regulation regarding cookies and electronic direct marketing. EU regulators have publicly welcomed the proposal, which has potentially significant consequences for all businesses that engage in online commerce or electronic direct marketing.
The U.S. International Trade Administration will begin accepting self-certifications for the Swiss-U.S. Privacy Shield on Wednesday, April 12th. While rooted in the same principles as the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield contains several distinctions and important requirements for organizations seeking to transfer Swiss personal data to the United States.
The Article 29 Working Party has released new procedural documentation regarding Privacy Shield and individuals' complaints about misuse of their personal data. This comes against a backdrop of concern that a recent US Presidential Order may undermine certain protections offered by Privacy Shield.
The UK Information Commissioner's Office has issued fines to two businesses for unlawfully sending emails to individuals to ask about their marketing preferences. These cases emphasise the fact that "marketing" in this context is a very broad concept, and is not limited to sales and promotional activities.
The English Court of Appeal has ruled in two recent cases that subject access requests are generally valid, and businesses must comply with such requests, even if they are made for collateral purposes, such as collecting information for use in litigation. However, the court also clarified that the subject access regime only requires businesses to conduct a reasonable and proportionate search – not an exhaustive search.
The English Court of Appeal has confirmed in a recent case that data protection claims may be brought hand-in-hand with defamation claims. The case provides a reminder to businesses that the use of data protection as a weapon in litigation is growing ever more commonplace.
As discussed in our March 1, 2017 update, the New York Department of Financial Services ("NYDFS") issued final regulations that require New York banks and insurance companies, as well as other financial services companies that are supervised by the NYDFS—including New York state-licensed branches and agencies of non-US banks—to establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York's financial services industry ("Cybersecurity Regulations").
Understand what's required under NY State's first-of-its kind cybersecurity regulation, and why their divergence from a cost-benefit approach to cybersecurity risk assessment is raising questions.
Subject Access Requests ("SARs") are an increasingly popular weapon in litigation, because they can be used to provide a cheap and quick form of pre-action disclosure. However, courts have confirmed that information subject to legal professional privilege ("LPP") does not need to be disclosed in response to a SAR, unless the person making the SAR has a "prima facie case" that the party relying on LPP is doing so to hide some form of wrongdoing.
This newsflash considers trends and developments in data privacy and cyber security in the wider global macroeconomic, political and social context.
The Court of Justice of the European Union has declared that IP addresses are personal data in many circumstances – but were the right questions asked, and will the GDPR change the outcome?
The EU's Article 29 Working Party has published new Guidelines on the role of Data Protection Officers under the General Data Protection Regulation. Data Protection Officers are seen as a cornerstone of data protection compliance, and many businesses will be subject to a mandatory obligation to appoint a Data Protection Officer.
[Back to Table of Contents]
Search for financial technology (fintech)
Search for EU GDPR (European Union General Data Protection Regulation)
Search for EU-US Privacy Shield
All Technology Newsflash publications and events
[Back to Table of Contents]
Investigatory Powers Act 2016 cast into doubt by new EU ruling
Further Challenges to EU-US Privacy Shield and EU Data Exports
Investigatory Powers Act 2016 becomes law
New DMCA Exemption Allows Consumers to Hack Their Own Vehicles
Cybersecurity Guidelines for Vehicles
Businesses can refuse Subject Access Requests made for the dominant purpose of litigation
UK to implement GDPR regardless of Brexit
Disclosing personal data – new protections for regulated sector firms?
FCC Adopts Privacy Regulations for Broadband Internet Service Providers
EU-US Privacy Shield challenged
Court confirms that IP addresses are personal data in some cases
UK ICO recommends personal liability of directors for breaches of data protection law
Electronic Frontier Foundation brings suit over anti-circumvention provisions in the DMCA
New York's New Cybersecurity Rules: What Is Required?
UK ICO issues largest ever fine for a data breach
Accelerating the autonomous vehicle revolution
The European Digital Single Market Strategy and Related Copyright Law Implications: The Status Quo
New York Regulators Propose Stricter Cybersecurity Rules
EU: Injunctions against intermediaries available also in the offline world
EU-US Privacy Shield: How to Certify
Federal Circuit Expanding Interpretation of Step Two of the Test for Patent Eligibility
European Court of Justice Strengthens Rights of Authors, Performers and Phonogram Producers
Unlocking the EU General Data Protection Regulation
EU-US Privacy Shield approved
Japan Patent Act Amendment: How to Compensate Inventors Now?
Federal Circuit Provides Guidance on Patent Eligibility Determination
US Supreme Court affirms Federal Circuit on IPR Claim Construction Standard and that IPR Institution Decisions are Final and Non-appealable
Online Traders: New Obligation in EU for Provision of Link to Online Dispute Resolution (ODR) Platform
New threats to transatlantic data flows as Model Clauses come under fire
New Players – Old Rules? The Current Debate on the Regulation of OTT Services in the EU and Germany
Car Wars: The Car of the Future—Legal Aspects in a Connected World
Strict and far-reaching new EU data protection regime comes into force
FCC Proposes Formal Privacy Regulations for Broadband ISPs
IP addresses may be subject to EU data protection laws
Defend Trade Secrets Act: A New Era in Intellectual Property Protection
GDPR published – Enforcement begins on 25 May 2018
Employers vicariously liable for data breaches caused by rogue employees
English court compels investigators to disclose information on data protection grounds
UK 'regulatory sandbox' to foster fintech innovation
Significant concerns from EU Data Protection Authorities may delay the EU-US Privacy Shield
European Parliament approves new EU data protection law
TC Heartland Challenges the Status Quo on Patent Venue
Timeline for new EU-US data transfer mechanism becomes clearer
NHTSA Reflects Willingness of US Regulatory Authorities to Embrace Autonomous Vehicles
No consensus on Privacy Shield following debate on adequacy
France anticipating the GDPR
FTC Settles with Data Brokers in Sale of Consumer Data Used for Illicit Purposes
New deal for transferring personal data from the EU to the US moves a step closer
Bărbulescu v. Romania clarifies an employers' rights to monitor the contents of their employees' private electronic communications
EU Regulatory Agendas: EDPS Priorities 2016 and Article 29 Working Party Work Programme 2016 – 2018
New restrictions on disclosures of personal data to non-EU courts will not apply in the UK
New WP29 Opinion on the application of EU data protection law to non-EU businesses
Safe Harbor is dead, long live Safe Harbor!
International Data Privacy: How to Navigate the Challenges
Texas Takes a Stance Against Patent Trolls
FTC and Wyndham Settle Suit Regarding Wyndham's Alleged Cybersecurity Failures
New EU Directive on the Protection of Trade Secrets to Come
UK and EU Law Enforcement Investigatory and Data Sharing Powers: Developments and International Impact
[Back to Table of Contents]
Introduction of new EU General Data Protection Regulation: final stages
EU-wide cybersecurity rules nearing final agreement
The self-driving car – a new legal frontier?
ITC Proposed Amendments to Section 337 Rules
Update 'EU-US Safe Harbor': Statement from the Article 29 Working Party
European Court of Justice invalidates 'EU- US Safe Harbor' pact
Trade Secrets Protection Bill Pending Before the Senate and Judiciary Committee
Transfer of Personal Data Under Japan's Amended Personal Information Protection Act
Court Invalidates Patent Claims After Refusing to Correct Alleged "Typos"
New French Act on Intelligence Services: Impacts on Technical Operators
Telemedicine or just a gadget for fitness addicts? Mobile Health Apps and the law
Europe's Highest Court Recently Delivered a Judgment Imposing Affirmative Duties on SEP Holders
Germany rolls out IT Security Act
Mobile health apps: Are they a regulated medical device?
Disparaging Trademarks and the Constitutionality of Refusing Registration Under the Lanham Act
Rejection of Oracle's claims for copyright infringement against one of its users and condemnation of the practice of aggressive audits
After Sales-Service: Don't Be Misled! — European Court of Justice Rules: Erroneous Information Provided by an Undertaking to a Consumer in the Context of After-Sales Service Is a Misleading Commercial Practice
A significant milestone in the path towards the adoption of the General Data Protection Regulation
House Committee Advances Patent Reforms Aimed to Curb Patent Litigation Abuses
Good-Faith Belief of Invalidity No Longer a Shield for Induced Infringement Claims
Free Wi-Fi: German Court Seeks Clarification in Luxembourg
Copyright levies on memory cards for mobile phones: another landmark decision from the CJEU (Case C-463/12)
House Passes Cyber Sharing Bills and Congress is Focusing on Data Protection
Council of Europe: Recommendation on the Processing of Personal Data in the Context of Employment
IBM sentenced to pay 6.5 million as contractual damages
Update: Germany's Draft Bill on IT Security
White House Re-Introduces Consumer Privacy Bill of Rights Act
The Supreme Court's New Standard of Appellate Review for Claim Construction
The case law of the German courts of lower instance for patent law and utility model law since the year 2013
President Obama Issues Executive Order on Cybersecurity Information Sharing
UPDATE: German Government Proposes New Law Entitling Consumer Protection Organizations to Enforce Data Protection Law
Developments in Privacy and Cybersecurity Legislation
EU Data Protection – Proposal on Co-Operation Procedure to Harmonize Common Opinions on Contractual Clauses
SDNY Clarifies Scope of Contractual Exclusions of Consequential Damages Under New York Law
[Back to Table of Contents]
The Use of First and Last Names as Meta Tags is not Subject to the French Data Protection Act
Are Dynamic IP Addresses "Personal Data"? German Federal Court of Justice seeks advice from the European Court of Justice
California Passes New Data Protection Laws, Effective January 1, 2015
AIPPI's resolution on "IP Licensing and Insolvency": Will this re-ignite legislative initiatives in Germany?
Align by Design: Global Privacy Authorities Weigh in on the Internet of Things
California Passes Student Data Privacy Law
Federal Court Rules Business Method Patent Invalid Post-Alice
Recent Amendments to the Procedure of Personal Data Processing in Russia
Adoption of a new European legal framework applicable to cross-border electronic identification and e-signatures
Massive Online Security Breach – Are You Reactive or Proactive?
The revised PSI Directive – European Commission publishes guidelines on re-use of public sector information
Germany's Draft Bill on IT Security
UPDATE: Germany to Tighten Data Protection Laws: Consumer Protection Associations and Trade Associations shall be Granted Right to take Businesses to Court
Supreme Court Rules Abstract Ideas Implemented on Computer Not Patent-Eligible
New York AG Reports that Data Breaches Cost New York Businesses over $1B Last Year
European Commission's Actions to Better Protect and Enforce Intellectual Property Rights
Supreme Court Issues Ruling on Aereo and the Public Performance Right
German Federal Court of Justice Decides on Deletion of Unused Domains and Typosquatting
Fees for Recording IP Security Agreements with the USPTO and USCO
How does French case law deal with bundled software?
California AG Provides Important Guidance on Do-Not-Track Legislation and Disclosures
Copyright Holders Cannot Prevent Links to Freely-Available Content from Being Posted Online
Second Circuit Adopts Plaintiff-Friendly "Discovery Rule" for Copyright Infringement Claims
EU Data Protection – Draft Ad hoc contractual clauses "EU data processor to non-EU sub-processor"
New Bill Would Create a Private Right of Action for Targets of Trade Secret Misappropriation under Federal Law
FCC Warns ISPs May be Regulated as Utilities
Biotronik A.G. v. Conor Medsystems: Be Sure to Expressly Exclude Lost Profits in Drafting New York Law Contracts
Supreme Court Issues Two "High-Octane" Decisions to Address Abusive Patent Litigation Practices
3D Printing—implications on Intellectual Property Rights ("IP rights")
In for a Penny, in for a Pound
Germany's Draft Bill on Combating Late Payment in Commercial Transactions: Potential Consequences for Businesses on Both the Legal and Operational Level
EU High Court Strikes Down Data Retention Law
Cloud Services and Export Control: What You Don't Know Can Hurt You
Anti-Patent Troll Legislation: What is Proposed and What it Could Mean
CNIL Expanded Investigative Powers
Intent-to-Use Trademark Applications and Security Agreements
The Garcia v. Google Controversy and What It Means for Content Owners and Users
Germany to Tighten Data Protection Laws: Consumer Protection Associations shall be Granted Right to take Businesses to Court
Intellectual Property Infringement on the Internet: What Court to Call?
California's Shine the Light Law: A Heightened Pleading Requirement
NIST Issues Cybersecurity Framework
How to Secure Information Systems: The Growing Complexity of the Legal Landscape
Do Not Forget to Lock the Backdoor: Adopting a Holistic Approach to Cybersecurity
Study of the European Parliament on the Protection of Creator's Rights in a Changing Environment
Old Law, New Fit: Evergreen Notice Requirements for IP Service Agreements
Know Your Subcontractors: Recent FTC Settlement Highlights the Importance of Validating Subcontractor Data Protection Practices
US Supreme Court to Review Indefiniteness Standard under Section 112 of the Patent Act
FTC Settles U.S.-E.U. Safe Harbor Complaints Against Twelve Companies
EU Copyright Rules – Changes on the horizon?
Trademark Infringement by Use of AdWords? Legal Risks by Using AdWords Despite European Court of Justice (ECJ) Rulings
Distributing Earnings Call Information to the Public Is Fair Use
The Proposed Directive on Trade Secrets in the EU
The Case Law of the German Courts of Instance (Instanzgerichte) for Patent Law and Utility Patent Law Since the Year 2011
Addition of "No-Charge" Limitation During Prosecution Costs Inventor His Patent
French Courts Ordered to Block and Delist 16 Streaming Websites
[Back to Table of Contents]
Federal Judge Rules NSA Data Collection Program Is Likely Unconstitutional
Major Changes to Defamation Law in the UK to Take Effect 1 January 2014
"Perfecting" Security Interests in United States Patents, Trademarks and Copyrights
Hacking Back: For Now, Be Vigilant Rather Than a Vigilante
Prospects on Germany's Digital Landscape in the Next Four Years: What Does the Coalition Agreement Say on Technology?
Big Data: The Big Picture
Changes in Consumer Law for Distance Contracts in the EU
E-Commerce: Consider the Enhanced Consumer Protection Clauses
Software License Audits – How to prepare, how to react
FTC Denies Application for Proposed Social Network-Based COPPA Consent Verification
In Sourcing and Licensing Agreements Governed by New York Law, Think Twice About a Gross Negligence Carve-out to a Limitation on Liability
The Landgericht Düsseldorf’s (Düsseldorf District Court) decision to refer "LTE standard"
Securing Patent Value for Israeli Medical Technology Companies
CLS Bank v. Alice Corp. Further Muddies §101 Patent Eligibility
Federal Legislation Introduced Regarding Mobile Application Privacy
State court ruling creates new uncertainty for DMCA safe harbors
ECJ dismisses Spanish and Italian challenge to EU-wide unitary patent system, but obstacles remain
The Trademark Clearinghouse: What You Need to Know
Federal Circuit Announces Review of Appellate Standard for Claim Construction
Supreme Court Interprets Copyright "First Sale" Doctrine
Congress Takes Action to Allow Unlocking of Mobile Phones
FTC Announces Settlement with Social Networking App and Issues Staff Report Regarding Mobile Device Privacy Disclosures
President Obama Issues New Executive Order on Improving Cybersecurity
New HIPAA Rule Imposes Data Security and Privacy Obligations Directly Upon Vendors and Contractors of Covered Entities
U.S. Department of Health and Human Services Announces First HIPAA Breach Settlement Involving Fewer than 500 Patients
Amendments to the Economic Espionage Act Broaden Trade Secret Protection
FTC Amends COPPA Rule and Previews Future Enforcement Policies
[Back to Table of Contents]
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2017 White & Case LLP