fbpx

Download free GDPR compliance checklist!

Tag Archives for " law "

Class Actions in Belgium – the next level in GDPR enforcement

In Belgium a tangible risk now exists for collective redress actions as Belgian law contains a comprehensive – and from a European perspective – unique class action scheme in its Code of Economic Law.

Since NOYB – the non-profit organisation of activist Max Schrems – has been granted the status of ‘group representative’ by a Ministerial Decree last September 2020, this new type of private privacy watchdogs should be factored into your enforcement risk assessment.

The Belgian collective redress scheme allows a group of consumers (or SMEs) to claim, in their personal capacity, damages suffered as a result of a common cause. The causes that may be invoked concern breaches by a company of its contractual obligations or infringements of (among others) the GDPR and the Belgian cookie rules.

Source: Belgium: Class Actions in Belgium – the next level in GDPR enforcement

US Congress passes new IoT cybersecurity law

In response to high-profile data breaches and security warnings from the technology industry and independent agencies alike, members of U.S. Congress have been working for years to address security concerns involving Internet-of-Things devices.

Congress recently made significant progress toward greater IoT security in the United States when it enacted the Internet of Things Cybersecurity Improvement Act of 2020, which entered into force Dec. 4, 2020. Although the new IoT cybersecurity law focuses primarily on the procurement of IoT technology and products by the federal government, it has the potential to create a more uniform IoT security standard across the private sector.

Source: US Congress passes new IoT cybersecurity law

‘Dirty methods’ in Brexit vote cited in push for new laws on Europe’s elections

The “dirty methods” of the Brexit referendum have been cited as a reason for new EU laws aimed at tackling disinformation and forcing online platforms including Facebook to publicly disclose the identity of people and entities funding political adverts.

The proposals would force on-line platforms to take greater responsibility for what they publish and ensure that consumers know why they are being targeted and by whom. The commission will also look at further restricting “micro-targeting and psychological profiling in the political context” through new regulatory codes and professional standards.

Source: ‘Dirty methods’ in Brexit vote cited in push for new laws on Europe’s elections | European Union | The Guardian

Facebook Asks Supreme Court To Decide Whether Tracking Violates Wiretap Law

Facebook is urging the Supreme Court to take up a long-running dispute about whether tracking logged-out users via the “Like” button violates a law restricting the interception of online communications.

In a petition filed quietly last week, the social networking service argues that the battle over tracking “presents a question of critical importance” — namely, whether “certain ubiquitous practices in the technology industry involving computer-to-computer communications violate the federal Wiretap Act.”

Source: Facebook Asks Supreme Court To Decide Whether Tracking Violates Wiretap Law 11/30/2020

GDPR enforcement must level up to catch big tech, report warns

A new report by European consumer protection umbrella group Beuc, reflecting on the barriers to effective cross-border enforcement of the EU’s flagship data protection framework, makes awkward reading for the regional lawmakers and regulators as they seek to shape the next decades of digital oversight across the bloc.

Beuc’s report — which it’s called “The long and winding road: Two years of the GDPR: A cross-border data protection case from a consumer perspective” — details the procedural obstacles its member organizations have faced in seeking to obtain a decision related to the original complaints, which were filed with a variety of DPAs around the EU.

Source: GDPR enforcement must level up to catch big tech, report warns | TechCrunch

The Biden administration should push for a federal data protection law

In the United States, companies are largely not required by law to protect your personal data. There are some exceptions—certain specific types of data are regulated (health information, for instance, or data about children under 13), and the California Consumer Privacy Act, which went into effect this year, imposes some security and privacy requirements on companies collecting information about California residents.

But those piecemeal solutions do not come close to adequately addressing the huge gap at the heart of U.S. civilian cybersecurity policy: the absence of a federal data protection law. However, this could be a rare opportunity for bipartisan cooperation in Congress.

Full article: The Biden administration should push for a federal data protection law.

EU Plans New Rules Giving Europeans More Control of Data

The European Union is laying out new standards for data giving Europeans more control over their personal information as it seeks to counter the power of U.S. and Chinese tech companies.

The EU’s executive Commission on Wednesday proposed new rules on the handling of data that would aim to give people, businesses and government bodies the confidence to share their information in a European data market.

The proposed legislation would would spell out how industrial and government data – normally off limits because of intellectual property rights, commercial confidentiality or privacy rights – could be shared to help society or boost the economy. The bloc’s strict privacy rules would still apply, with mechanisms in place to preserve confidentiality or anonymity.

Source: EU Plans New Rules Giving Europeans More Control of Data | SecurityWeek.Com

EU Parliament Approves Collective Redress Directive

On November 24, 2020, the European Parliament endorsed the new directive on representative actions for the protection of the collective interests of consumers.

The Collective Redress Directive requires all EU Member States to put in place at least one effective procedural mechanism allowing qualified entities to bring representative actions to court for the purpose of injunction or redress.

Source: EU Parliament Approves Collective Redress Directive

Congress Passes IoT Cybersecurity Improvement Act of 2020

The bipartisan Internet of Things (IoT) Cybersecurity Improvement Act of 2020 has passed the House and the Senate and is headed to the President’s desk for signature.

The bill would “harness the purchasing power of the federal government and incentivize companies to finally secure the [internet-connected] devices they create and sell.”

The IoT Cybersecurity Improvement Act will require the National Institute of Standards and Technology (“NIST”) to develop minimum cybersecurity standards for internet-connected devices purchased or used by the federal government.

Source: IoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020

Congress Is Eyeing Face Recognition, and Companies Want a Say

The lobbying surge coincides with the spread of local and state bans and restrictions on face recognition across the US, from Portland, Oregon, to Portland, Maine. Despite the sharp divisions and low productivity of Congress during the past four years, there’s bipartisan interest in restricting the technology in some way.

Several bills were introduced in both the Senate and House by lawmakers from both sides of the aisle in the past two years, including a recent Democratic proposal to halt federal use of the technology. Lobbying filings don’t reveal companies’ specific policy desires, but Amazon, Microsoft, and IBM have spoken in favor of restricting rather than banning the technology.

Source: Congress Is Eyeing Face Recognition, and Companies Want a Say | WIRED

>