Names and Email Addresses Constitute a Database Subject to Israeli Data Protection Law

The Privacy Protection Authority (PPA) – Israel's regulatory and enforcement authority for personal data – has published a public statement laying out the PPA’s interpretation of the Israeli Privacy Protection Law regarding email addresses.

The statement discusses whether a list containing merely names and email addresses is considered a "Database" under the Israeli Privacy Protection Law. The PPA's position is ...

Challenges to AI Medical Research Under Privacy Laws

The Israeli Ministry of Health – backed up by government decision no. 3709 of March 25, 2018 – announced a national program to promote digital health. It is a highly ambitious plan, that relies heavily on using patients' health records as accumulated during the last 30 years in Israel and recorded in medical databases from various resources – clinical data ...

GDPR Notice and Consent Compliance Implications on the AdTech Industry and Beyond

The French data protection authority (Commission Nationale de l'informatique et des Libertés – CNIL) recently published a warning it issued to the French AdTech company Vectaury, that collects and processes geolocation data for targeted advertising purposes through an SDK that is integrated into third party mobile applications.

The CNIL’s warning to Vectaury reveals detailed information about the EU privacy regulators’ ...

UK Privacy Regulator Issues Guidelines on Passwords and Encryption under GDPR

The UK Information Commissioner’s Office (ICO) – the UK privacy regulator – issued new information security guidelines on encryption methods and passwords, within its guide to the General Data Protection Regulation (GDPR). 

The GDPR does not particularize what security measures organizations are required to implement in order to comply with the obligation to process personal data securely. The ICO’s ...

New Exemptions to the Prohibition on Circumvention of Technological Measures

 The US Copyright Office has codified new exemptions to section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits circumventing technological measures used to prevent unauthorized access to copyrighted works. 
Software and its copyright-protected code are an integral part of most devices. Device manufacturers argued that breaking the software locks as part of replacing parts or modifying devices ...

Draft Guidelines on the Extra-Territorial Scope of the GDPR

The European Data Protection Board (EDPB) – the panel of EU privacy regulators – has published long-awaited guidance on the territorial scope of the General Data Protection Regulation (GDPR). The draft guidelines explain that according to Article 3 of the GDPR, the GDPR’s applicability is triggered into effect on one of two criteria – the “establishment” criterion and the “targeting” ...

US Securities Commission Requires ICO Companies to Register Tokens as Securities

The United States Securities and Exchange Commission (SEC) has settled charges against two companies for not registering their Initial Coin Offerings (ICO) of digital tokens as securities pursuant to the federal securities laws. 

These settlements are part of the first enforcement proceedings brought by the SEC that impose civil penalties on companies solely for ICO securities registration violations. Previous ...