Topics Internet Law Update

GDPR Notice and Consent Compliance Implications on the AdTech Industry and Beyond

The French data protection authority (Commission Nationale de l'informatique et des Libertés – CNIL) recently published a warning it issued to the French AdTech company Vectaury, that collects and processes geolocation data for targeted advertising purposes through an SDK that is integrated into third party mobile applications.

The CNIL’s warning to Vectaury reveals detailed information about the EU privacy regulators’ ...

UK Privacy Regulator Issues Guidelines on Passwords and Encryption under GDPR

The UK Information Commissioner’s Office (ICO) – the UK privacy regulator – issued new information security guidelines on encryption methods and passwords, within its guide to the General Data Protection Regulation (GDPR). 

The GDPR does not particularize what security measures organizations are required to implement in order to comply with the obligation to process personal data securely. The ICO’s guidance ...

Draft Guidelines on the Extra-Territorial Scope of the GDPR

The European Data Protection Board (EDPB) – the panel of EU privacy regulators – has published long-awaited guidance on the territorial scope of the General Data Protection Regulation (GDPR). The draft guidelines explain that according to Article 3 of the GDPR, the GDPR’s applicability is triggered into effect on one of two criteria – the “establishment” criterion and the “targeting” ...

New Exemptions to the Prohibition on Circumvention of Technological Measures

 The US Copyright Office has codified new exemptions to section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits circumventing technological measures used to prevent unauthorized access to copyrighted works. 
Software and its copyright-protected code are an integral part of most devices. Device manufacturers argued that breaking the software locks as part of replacing parts or modifying devices is ...

Israeli Securities Authority Clarifies Cyber-related Disclosure Requirments

The Israeli Securities Authority (ISA) has issued an opinion stating its intention to clarify existing disclosure requirements concerning cyber related risks. The new requirements aim to increase the awareness of publicly traded companies to such risks and their reporting obligations in cases of cyber incidents. 
The opinion focuses on disclosure requirements in companies’ Prospectus or Periodic Report, and immediate disclosures during ...

US Securities Commission Requires ICO Companies to Register Tokens as Securities

The United States Securities and Exchange Commission (SEC) has settled charges against two companies for not registering their Initial Coin Offerings (ICO) of digital tokens as securities pursuant to the federal securities laws. 

These settlements are part of the first enforcement proceedings brought by the SEC that impose civil penalties on companies solely for ICO securities registration violations. Previous cases ...

Challenges to AI Medical Research Under Privacy Laws

The Israeli Ministry of Health – backed up by government decision no. 3709 of March 25, 2018 – announced a national program to promote digital health. It is a highly ambitious plan, that relies heavily on using patients' health records as accumulated during the last 30 years in Israel and recorded in medical databases from various resources – clinical data, ...

Joint Statement by Regulators On EU-US Privacy Sheild

The European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, and the U.S. Secretary of Commerce, Wilbur Ross, issued a joint statement following the Second Annual EU-U.S. Privacy Shield Review, declaring the following:

  • Since its inception in 2016, nearly 4,000 companies have made legally enforceable commitments to comply with the Privacy Shield framework; 
  • The significant growth of the program ...
More from Internet Law Update