My Content
Insights

UK Privacy Regulator Publishes Draft Guidelines on 'consent' under the GDPR

The UK Information Commissioner (the British privacy regulator) has published a draft of proposed guidance on the notion of ‘consent’ under the General Data Protection Regulation (GDPR), set to take effect in May 2018. The draft guidance emphasizes that the GDPR establishes an elevated standard for consent. It requires offering individuals genuine choice and control over the collection and processing ...

EU Regulators Issue First GDPR Guidance

The panel of European national privacy regulators, known as the ‘Article 29 Working Party’, has issued its first set of substantive guidance addressing issues under the EU General Data Protection Regulation (GDPR). The GDPR, scheduled to enter into force in May 2018, constitutes a sweeping reform in the areas of data protection and data privacy. The GDPR applies not only ...

Ninth Circuit Refines the Meaning of “Without Authorization” under the Computer Fraud and Abuse Act

The United States Court of Appeals for the Ninth Circuit has recently tweaked two of its decisions from this past summer which held that access to another person’s online account, even with their permission, may in certain cases give rise to liability under the U.S. federal Computer Fraud and Abuse Act (CFAA).

The first case, United States v. Nosal, revolved ...

New York Updates Proposed Cybersecurity Regulation for Financial Institutions

Following more than 150 public comments to the original proposal for cybersecurity regulation for financial institutions, the New York State Department of Financial Services (NYDFS) has updated its proposed regulation, with what is generally speaking a more lenient approach for covered entities.
 
The updated regulation adopts a risk-based approach that gives covered entities greater flexibility in determining the cybersecurity ...

CJEU Restricts Retention of Communication Meta-Data by Telecom Providers

The Court of Justice of the European Union (CJEU) has held that EU law prohibits a general and indiscriminate retention of telecommunication meta-data. The court nevertheless held that EU states can require that telecom providers engage in targeted and limited retention of meta-data solely for the purpose of facilitating the fight against serious crime. 
 
The CJEU’s judgment was based ...

US FDA Issues Guidance on Postmarket Management of Cybersecurity in Medical Devices

The US Food and Drug Administration (FDA) has published guidance informing of the FDA’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices. The guidance emphasizes that manufacturers of medical devices should monitor, identify, and address cybersecurity vulnerabilities and exploits as part of their postmarket management. It urges manufacturers to implement comprehensive cybersecurity risk management programs and ...
More of My Content
Insights