On September 30, 2018, the DOJ filed net neutrality lawsuit against the State of California, alleging that Senate Bill 822, a bill signed into law by Governor Jerry Brown, unlawfully imposes burdens on the Federal Government’s deregulatory approach to the Internet. See more here. complaint here Francesca Giannoni-Crystal

Privacy needs to be reckoned with by “Advanced TV” industry. And this will be more and more the case. According to the press, marketers are investing more and more in advanced TV targeting. Rather than broadcasting the same ad to all households, advanced televisions serve targeted ads to each household. The term “advanced TV” is […]

On October 10, 2018, the Portuguese Data Protection Authority (CNPD) found the Barreiro Hospital guilty of violating the integrity and confidentiality principle and the data minimization principle set forth by the GDPR. According to this source, the infringements were punished with a fine of €400,000. The hospital is going to fight the fine, this source […]

On November 1, 2018, Senator Ron Wyden introduced for discussion the draft of a new Consumer Data Protection Act (Bill SIL18B29). The Bill aims at allowing consumers “to control the sale and sharing of their data, gives the FTC the authority to be an effective cop on the beat, and will spur a new market […]

On October 3, 2018, the European Parliament published a resolution on distributed ledger technologies (DLTs) and blockchain. DLTs and blockchain are the technologies behind bitcoin and other crypto currencies, and basically consist in a ledger of digital information maintained in decentralised form across a large network of computers. See here for more information. The EU […]

On October 18, 2018, the Federal Trade Commission (FTC) published – along with Department of Homeland Security, the National Institute of Standards and Technology, and the Small Business Administration – guidance for small businesses on how to deal with cyber threats and increase data security. The FTC highlighted a dozen need-to-know topics: Cybersecurity Basics, Understanding […]

On October 4, 2018, the European Parliament adopted the proposed EU Regulation on the Free Flow of Non-Personal Data in the European Union. The Regulation aims at removing obstacles to the free movement of non-personal data within the European Union. The Regulation does not cover data mobility outside the EU. The approved Regulation does not […]

On October 16, 2018, the European Union Blockchain Observatory and Forum published a thematic report on the Blockchain and the GDPR (“Report”). The report includes the input of a number of different stakeholders and sources. The report aims at answering the question of whether GDPR compliant blockchain is possible. The paper highlights a fundamental point: […]

On September 26, 2018, the European Data Protection Board (EDPB) met for their third plenary session. During such session the EDPB adopted Guidelines on the GDPR’s Territorial Scope. The guidelines will be subject to a public consultation. The Guidelines aim at clarifying the territorial scope of the GDPR, in particular where the data controller or […]

Do the benefits of smart contracts overwrite their downfalls? While smart contracts bring a lot of benefits, allowing for a quick execution once a certain condition takes place, a lot of value can get lost in these transactions. For example, it is estimated that in 2017, over $1B in value was lost with smart contracts […]

In September 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published a report explaining how Blockchain relates to the GDPR (“Report”). In particular the Report highlights the following. WHO IS THE CONTROLLER IN A BLOCKCHAIN TRANSACTION. Users of the web who decide to submit a transaction to the validation […]

In August, the FTC took action against false claims of participating to the EU-US Privacy Shield Framework. These are the first cases addressing the Privacy Shield Framework introduced on July 12, 2016. Allegedly, the companies under investigation started the application for the EU-U.S. Privacy Shield but never completed it; yet they falsely claimed to be […]

The EDPB adopted opinions on the draft lists that several supervisory authorities issued regarding he processing operations subject to the requirement of a data protection impact assessment (DPIAs, according to Article 35.4 GDPR). This power of EDPB is pursuant to Article 63, Article 64 (1a), (3) – (8) and Article 35 (1), (3), (4), (6) […]

After only three months from its approval the California Consumers Privacy Act (CCPA) was amended. On September 23, 2018 Senate Bill 1121 was signed into law. The legislation, which takes effect immediately, amends the CCPA, which was passed on June 2018. Among other things, the amendment: – clarifies the definition of “personal information”, explaining that it […]

Aon and DLA Piper released a “price of data security” report on where GDPR’s fines are generally insurable. According to the guide, only Finland and Norway allow insurance for this type of fines. In 20 out of 30 jurisdictions, GDPR fines do not seem insurable (like in UK, France, Italy and Spain), and in the […]

Attorney General Schneiderman announced that his office received 1,583 data breaches notice in 2017, which was the quadruple of the 2016 number. Hacking was the leading cause of the data security breaches (44%), while  negligence account for another 25% of breaches. In particular Employees’ negligence consisted of a combination of inadvertent exposure of records, insider wrongdoing, […]

On September 20, 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it reached settlement with several medical centers after they allegedly compromised patients’ protected health information (PHI) by inviting film crews on premises to film an ABC’s television documentary series, without first obtaining authorization from patients. According to […]

On September 19, 2018, Argentina’s president sent a data protection bill to the national Congress for approvaI. In Argentina the protection of personal data was constitutionally regulated in 1994 and by means of a law promulgated in 2000. See here. According to the bill’s preface, in consideration of the many technological innovations of the last […]

     On July 6, 2018, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served what looks like the first enforcement notice regarding the processing of UK individuals’ personal data by a nonresident organization. The notice was directed to Aggregate IQ (AIQ), a digital advertising, web and software development company based in Canada. […]

On September 19, 2018, Legislative Decree n. 101/2018 harmonizing the Italian privacy law with the General Data Protection Regulation (GDPR) entered into force. Legislative Decree was published on the Official Italian Gazette (Gazzetta ufficiale n. 205 04-09-2018) on September 4, 2018. More on the Legislative Decree and the Italian Privacy Code (Legislative Decree 196/2003) is available […]

On September 11, 2018, the Court of Justice of the European Union (CJEU) began hearing evidence from over 70 stakeholders in the case whose judgement shall outline the territorial scope of the right to be forgotten. The panel of 15 CJEU judges will rule in 2019. The request for a preliminary ruling (Case C-507/17) was […]

On September 4, 2018, Legislative Decree n. 101/2018 harmonizing the national privacy law with the General Data Protection Regulation (GDPR) was published on the official Italian journal (Gazzetta ufficiale n. 205 04-09-2018). The Legislative Decree does not abrogate the Italian Privacy Code (Legislative Decree 196/2003), which therefore remains in force, but that Code is harmonized with […]

On July 12, 2018, the German federal court (Bundesgerichtshof, BGH) overturned the judgment of the Berlin’s highest state court (Kammergerichts), which had denied the parents’ access to their daughter’s Facebook account. The case involved a mother trying to access the deceased 15-year-old daughter’s Facebook account in order to understand the cause of death. With its […]

CJEU: in the references for preliminary rulings the national judge must anonymise the data   On July 20, 2018, the Official Journal of the European Union (C 257/1) published a document in which the European Court of Justice (“ECJ”) clarifies to national courts and tribunals the essential characteristics of the preliminary ruling procedure and the […]

On May 22, 2018, Vermont passed a new data broker piece of legislation, Act No. 171 (H.764), which adopts a number of consumer protection provisions relating to data brokers, their data collection practices, and consumers’ right to opt out of them. It ensures that data brokers have adequate security standards, it aims at prohibiting the […]

On August 14, 2018, the Brazilian president signed the Lei Geral de Proteção de Dados Pessoais (“LGPD”) into law. The LGPD is a comprehensive data privacy regulation, which has many similarities with the GDPR, such as for example its broad scope of application, which includes processing activities conducted wholly outside of Brazil, but affecting or […]

On August 8, 2018, the Italian Government communicated that the legislative decree that harmonizes the national legislation to the General Data Protection Regulation (GDPR) will not abrogate the Italian Privacy Code previously in force. According to an initial formulation, the legislative decree was intended to completely repeal the privacy laws in force. However, in the […]

On May 31, 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority (DPA) issued a decision explaining that until a legislative decree that harmonizes domestic law with the GDPR will come into force, the current complaint procedure shall be considered incompatible with the Regulations. The DPA refers to Article 77, GDPR, […]

At the beginning of June the EU Council discussed its position on the ePrivacy Regulation to update privacy rules for electronic communications. It appears like no real progress was registered at the Council meeting and that further work is needed under the next presidency (June to December 2018). The ePrivacy Regulation aims at ensuring a […]

On June 5, 2018, the European Court of Justice (CJEU), issued its preliminary ruling in C‑210/16, opining on the definition of data controller, applicable national law, and jurisdiction under EU data protection law according to Directive 95/46/EC. According to the CJEU’s judgement, EU companies that have been advertising through Facebook can be considered data controllers […]

The scandal of Cambridge Analytica caused several consequences for Facebook in Europe. In the United Kingdom, the Information Commissioner (ICO) is investigating the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors by 30 organizations, including Facebook. See here. The Working Party 29(WP29) created a Social Media Working Group to develop a […]

According to Reuters, Facebook is modifying its terms and conditions so that the data of around one and a half billion of its users will be processed by Facebook USA rather than Facebook Ireland. As of today, the data of the users of Africa, Asia, Oceania and Latin America are processed by Facebook Ireland, thus […]

Arizona signed House Bill 2603 to add a definition in Section 10-140, Definition – Arizona Revised Statutes (Section 10, Corporations and Associations) In particular, now 10-140(53) reads: 53.  “WRITING” OR “WRITTEN” INCLUDES BLOCKCHAIN TECHNOLOGY AS DEFINED IN SECTION 44‑7061. See https://legiscan.com/AZ/text/HB2603/id/1718691 The definition of “blockchain technology” is contained in Section 44-7061: “distributed ledger technology that uses a distributed, […]

Less than one month to the entering into force of the GDPR, the text (in all language versions) is still subject to changes, sometimes significantly. http-::data.consilium.europa.eu:doc:document:ST-8088-2018-INIT:en:pdf For more information and for advice on GDPR implementation, Francesca Giannoni-Crystal.    

Several DPAs have issued guidance on how individuals can exercise their rights as data subjects vis-a-vis social media platforms. See for example: – ICO – United Kingdom: https://ico.org.uk… – Data Protection Commissioner – Ireland: https://dataprotection.ie… – Croatian Data Protection Agency: request for the protection of rights request for removing personal data from social networks reporting […]

In March 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority, issued a fine of Euros 32,000 against the Rousseau association, controller of the processing of data of the website users of the Italian political party “5-Star” (Cinque Stelle). Federprivacy reports. After a data breach, the Italian DPA started investigating whether […]

Hackers stole a casino’s high-roller database hacking through a thermometer placed in a fish tank of the casino. The hackers accessed it and were then able to find their way across the network and up to the cloud to the valuable database. Source Businessinsider reports on April 15, 2018. Nowadays a lot of devices and everydaytools […]

On April 17, 2018, 34 global technology and security companies signed a Cybersecurity Tech Accord, agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle, and Trend Micro, and together represent tech companies that power the world’s internet […]

On March 8, 2018, the U.S. Court of Appeals for the Ninth Circuit found that an alleged “increased risk of future identity theft” suffices Article III standing requirement in a data breach putative class action. On June 1, 2015, the District Court of Nevada had dismissed for lack of standing the data breach putative class […]

The Federal Trade Commission (FTC) issued its 2017 Privacy & Data Security Update. The annual report summarizes the year’s privacy and data security enforcement actions, advocacy, workshops and guidance. Among the FTC’s 2017 privacy and security actions announced, is the first actions enforcing the EU-U.S. Privacy Shield framework.   The 2017 Privacy & Data Security update […]

The Italian Council of Ministers preliminarily approved a legislative decree (in furtherance of Parliament’s delegation Law October 25 2017, no. 163), containing provisions to amend domestic law in compliance with the GDPR. In fact, effective May 25, 2018, Legislative Decree June 30, 2003 no. 196 will be abrogated and the GDPR will be immediately into […]

Article 30 GDPR requires each controller and each processor to maintain a record of processing activities under its responsibility which must be in writing (including electronic form). Article 30 details the minimum content of the record. Some DPA made available model forms and notes for keeping records of processing activities: the BayLDA, the Bavarian DPA […]

In an early effort to adapt Italian privacy law to the GDP, in November 2017, a new Article 110bis was approved for introduction in the Italian Privacy Code, redrafting the discipline concerning the re-use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that […]

In, January 2018, NIST, the National Institute of Standards and Technology, released Blockchain Technology Overview.  The document is thought for readers with little or no knowledge of blockchain technology Public comment period: January 24, 2018 through February 23, 2018 Full text available here  

On January 24, 2018, the Commission issued “Stronger protection, new opportunities – Commission guidance on the direct application of the General Data Protection Regulation as of 25 May 2018”. In the document the Commission lists the guidelines that the WP29 has issued (and is about to issue) on several important aspects of the Regulations. [1] […]

On January 8, 2018, the FTC announced that VTech Electronics Limited and its US subsidiary (VTech) agreed to settle with the Federal Trade Commission (FTC) a claim that the companies violated children’s privacy through the commercialization of some connected toys. Allegedly VTech violated COPPA (Children’s Online Privacy Protection Act of 1998) by collecting personal information from children […]

In this constitutional challenge to the 2013 amendments to sections 766.106 and 766.1065 of the Florida Statutes requiring claimants in a medical malpractice claim to disclose certain protected health information (PHI) and to consent to secret, ex parte interviews between health providers and defendant , the Florida Supreme Court held that the requirements were unconstitutional and […]

On October 24, 2017, Advocate General Bot issued his preliminary opinion in case C‑210/16, opining on the definition of a data controller, applicable national law, and jurisdiction under EU data protection law under Directive 95/46/EC. The opinion is not binding but if followed by the European Court of Justice (CJEU), EU companies that have been […]

In a post of January 5th, Nigel Houlden, the Head of Technology Policy of ICO (the United Kingdom Data Protection Authority) gives organizations recommendations on how to deal with Meltdown and Spectre and protect people’s personal data. As it is now well known, three connected vulnerabilities have been found in Intel’s, AMD’s, and ARM’s processors which could […]

On October 18, 2017, the EU Commission published its report on the first annual review of the EU-U.S. Privacy Shield. The report reflects the Commission’s findings on the implementation and enforcement of the EU-U.S. Privacy Shield framework in its first year of operation. According to the EU Commission, the Privacy Shield “continues to ensure an […]

On November 29, 2017, the Working Party 29 (WP29) established a task force on the Uber data breach case. This task force, led by the Dutch DPA, will be composed of representatives from the French, Italian, Spanish, Belgian and German Data Protection Authorities (DPAs), as well as from the ICO and will coordinate the national […]

Today, on Dec 14, 2017, the Federal Communications Commission (“FCC”) voted 3-2 to repeal the 2015 Open Internet Order, i.e., the Obama-era regulation requiring the companies to treat all web traffic alike. The repeal of net neutrality was performed by the passing of an order named “Restoring Internet Freedom,” which “essentially removes the FCC as a regulator […]

On November 29, 2017, the Supreme Court heard oral argument in an important privacy case. The Sixth Circuit held that the protection granted under the Fourth Amendment did not prevent the government to access business records from the defendants’ wireless carriers revealing the user’s location without a warrant. In Carpenter v. United States Timothy Carpenter and Timothy Sanders […]

Apps using face recognition cause some privacy concerns. The iPhone X’s front sensors scan 30,000 points to make a 3D model of users’ faces and then shares the faces’ maps with lots of apps. However, Apple spokesman Tom Neumayr said “We take privacy and security very seriously. This commitment is reflected in the strong protections […]

On October 22, 2017, a Portland resident filed a lawsuit before the Portland District Court seeking class-action status against Uber over a 2016 data breach. According to the complaint, Uber announced in November 2017 a data breach that occurred in late 2016 and that compromised the personal information of 57 million Uber users. Rather than […]

On December 12, 2017, a new Article 110bis of the Italian Privacy Code came into force, redrafting the discipline concerning use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that might have harmful consequences for scientific developments. First, it restricts the possibility […]

North Carolina State Bar 2017 Formal Ethics Opinion 1   April 21, 2017 Topic: text message advertising The Opinion clarifies that lawyers may use the text message advertising that allows the user to initiate a live telephone communication, provided it complies with North Carolina Rules of Professional Conduct 7.1, 7.2, and 7.3, and all applicable federal […]

As announced (see here), on October 3, 2017, the Article 29 Working Party(WP29) published its Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR). Once a GDPR infringement is established, the competent supervisory authority (Article 5 1 GDPR)  must identify the most appropriate corrective measure(s) to address the […]

On November 20, 2017, the European Parliament, the Council and the Commission committed to end all geoblocking that unnecessarily impedes consumers to buy products or services online within the EU. The EU digital single market should “give consumers the same possibility to access the widest range of offers regardless of whether they physically enter a […]

On October 16, 2017, the U.S. Supreme Court accepted the U.S. government’s request to review a previous appeals court ruling in favor of Microsoft, preserving service providers from surrendering information stored abroad. The U.S.’s highest court had to decide if companies have a right to refuse to comply with data disclosure demands made by the […]

On October 22, 2017, the Washington Post shares a new worry about data privacy. The iPhone X’s front sensors scan 30,000 points to make a 3D model of users’ faces and then shares the faces’ maps with lots of apps. However, Apple spokesman Tom Neumayr said “We take privacy and security very seriously. This commitment is reflected […]

At its plenary meeting held in October 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the so called General Data Protection Regulation (GDPR). WP29 approved the final version of the DPIA guidelines Guidelines on Data Protection Impact Assessment after having examined the comments received during the public consultation which ended […]

As anticipated (see here), a new Data Protection Bill was introduced to the House of Lords on September 13, 2017 and it officially entered Parliament on September 14, 2017. The new Bill aims at substituting the UK Data Protection Act 1998 and updating data protection laws in accordance with the GDPR. What will it change? […]

On September 11, 2017, the Spanish Data Protection Agency (AEPD) issued a closing resolution against Facebook deeming that the company doesn’t process data in accordance with EU data protection law. According to the AEPD, Facebook “collects data on ideology, sex, religious beliefs, personal preferences or browsing activity without clearly informing about how and for what purpose it will use […]

We are accustomed to high-tech breach of privacy, however we should not forget that our personal information can be appropriated also through more traditional mistakes. It happened to Aetna. The insurance giant sent by mail envelopes with a large clear window through which anyone could see the name and address of the intended recipients. Unfortunately, […]

On March 24, 2017, the Ninth Circuit Court of Appeals affirmed the District Court’s dismissal for lack of personal of plaintiffs-appellants’ claims against Yamaha Motor Corporation, U.S.A. (YMUS), in an action alleging violations of federal and state warranty law and other claims, brought by appellants who purchased allegedly defective outboard motors that Yamaha Motor Co. […]

On July 25, 2017, the New York City Bar issued Formal Opinion 2017- 5, which concludes that lawyers have a duty to protect clients’ confidential information from disclosure. This duty stretches to U.S. border agents searching electronic devices. Lawyers shall take “reasonable precautions” to avoid disclosure of clients’ confidential information. Such precautions will vary based […]

On July 21, 2017, New Jersey adopted the “Personal Information and Privacy Protection Act.” According to the law, retailers may scan an ID card only under certain circumstances. By “scanning” the law means to access the barcode or any other machine-readable section of the card “with an electronic device capable of deciphering, in an electronically […]

The right to be forgotten has been judicially recognized by the CJEU with the Google Spain judgment  (Case C-131/12). According to the judgement, Europeans have the right to disappear from search engine’s results under certain conditions. The National Commission of Information Technologies and Liberties (CNIL), Commission nationale de l’informatique et des libertés, rejected some complaints […]

On June 21, 2017, the New Jersey Advisory Committee on Professional Ethics, Committee on Attorney Advertising, and Committee on the Unauthorized Practice of Law opined that New Jersey lawyers may not participate in the Avvo legal service programs “because the programs improperly require the lawyer to share a legal fee with a nonlawyer”. The Committees […]

On June 8, 2017, Working Party 29 (WP29) issued Opinion 2/2017 on data processing at work, which makes a “new assessment of the balance between legitimate interests of employers and the reasonable privacy expectations of employees” also considering the new challenges to data protection created by new technologies. Opinion 2/2017 updates previousOpinion 08/2001 on the processing […]

On June 27, 2017, the Grand Chamber of the European Court of Human Rights (“ECHR”) issued its judgment in the case of Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland (application no. 931/13) holding that the publication of personal tax information does not violate Article 10 (freedom of expression) of European Convention on Human Rights. […]

On March 7, 2017, Reuters reported that the Danish Data Protection Agency was asked to look into Google’s alleged violation of EU privacy laws by not limiting the amount of time personal data is stored on Google’s servers. “We have become aware of the fact that Google today has 9-10 years of data on users […]

The United Kingdom DPA, the Information Commissioner Officer (ICO), published an interactive checklist fro organizations to assess  compliance with the Data Protection law and to explain how to comply the GDPR, The ICO’s toolkit includes the following topics: Data protection assurance Getting ready for the GDPR Information security Direct marketing Records management Data sharing and subject access CCTV […]

Autonomous delivery robots will be legal on Virginia sidewalks starting July 1, with approval from local city councils. Sen. Bill DeSteph introduced SB 1207 in the Virginia Senate. An identical bill, HB 2016, was introduced in the House by Del. Ron Villanueva. On June 1, 2017, Gov. Terry McAuliffe signed the bill into legislation. See here. and SB […]

On December 19, 2016, the Office of Disciplinary Counsel of the Supreme Court of Pennsylvania issued an order accepting a recommendation from the State’s Disciplinary Board to suspend an attorney for one year and one day for engaging in unauthorized practice of law. Among other counts, the Respondent allegedly maintained a LinkedIn profile representing to […]

On June 6, 2017, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, issued the annual report on its activity for 2016. The DPA’s activity concentrated on computer crimes and cyber security; online profiling and social media; cyberbullying; fight against terrorism and mass surveillance; Big Data; use of new technologies […]

On June 5, 2017, the Supreme Court granted a writ of certiorari to review the decision by the Sixth Circuit holding that the protection granted under the Fourth Amendment did not prevent the government to access business records from the defendants’ wireless carriers revealing the user’s location without obtaining a warrant. In Carpenter v. United States […]

On May 11, 2017, the Spanish Data Protection Agency (DPA), the Agencia Española de Protección de Datos (AEPD) and ISMS Forum Spain, a not for profit, published a Big Data privacy code of conduct, the Código de buenas prácticas en protección de datos para proyectos de Big Data.   The Code refers to Regulation 2016/679, […]

On April 28, 2017, the Deutscher Bundestag, the German Parliament adopted the Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU – DSANPUG-EU). The Act implements in Germany the provisions of Regulation 2016/679, the General Data Protection Regulation (GDPR) . The Federal Council shall now approve the law, which will enter into force at the same time […]

The Information Commissioner Officer (ICO) published a guide discussing the use of encryption. The guide provides a range of practical scenarios highlighting “when and where different encryption strategies can help provide a greater level of protection.” Overview of the Guide: Encryption protects information stored on mobile and static devices and in transmission. It is a way […]

On April 27, 2017, the Nebraska Supreme Court ordered the suspension of an attorney from the practice of law for a period of 90 days followed by 1 year’s monitored probation. The Counsel for Discipline of the Nebraska Supreme Court filed formal charges against the attorney. According to the charges, the attorney had taken over […]

The Information Commissioner Officer (ICO) published the data sharing code of practice. The document is a statutory code, issued by the under section 52 of the Data Protection Act (meaning that the code  has been approved by the Secretary of State laid before Parliament). It is not an authoritative statement of the law but it can […]

On April 4, 2017, New York Court of Appeals ruled that it does not have authority to hear Facebook’s appeals against motions to quash search warrants issued under the Stored Communications Act (SCA). By way of background. Facebook appealed a September 17, 2013 New York County trial court’s sealed order containing bulk SCA search warrants directing […]

The Second Circuit affirmed the dismissal of a data breach class action for failing to sufficiently allege an injury to support standing. By way of background. Plaintiff made purchases via credit card at a Michaels store. Later on, Michaels issued a press release saying that there had been a possible data breach of its system, apparently […]

The National Conference of State Legislatures collected all state laws regulating unsolicited electronic mail advertising. You can find it at this  web page For more information on commercial or fraudulent electronic mail, Francesca Giannoni-Crystal     Follow us on& Like us on   

On May 11, 2017, the Administration Trump issued an executive order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The executive order contains three sections. The first section deals with cybersecurity of federal networks. Agencies shall implement the NIST framework for risk management and risk reduction, federal IT for shared services shall use the […]

The SC Bar International Law Committee, in conjunction with Trident Technical College, sponsored a free legal clinic for entrepreneurs in North Charleston on Thursday, May 18. The clinic, titled Technology and International Issues for Entrepreneurs, included information on general corporate issues, cybersecurity, cloud computing, websites, social media, contractual clauses to protect entrepreneurs, data protection, data […]

On April 24, 2017, the European Data Protection Supervisor (EDPS) released Opinion 6/2017 on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation Proposal). The EDPS welcomes the Proposal for the Regulation. There is a need of “a specific legal tool to protect the right to private life guaranteed by Article 7 […]

On May 16, 2017, the French, Belgian and Dutch members of the Data Protection Contact Group published the results of their investigations after WhatsApp issued its new privacy policy in August 2015, after joining Facebook. See here. The DPAs all over the world watched the changes closely and several EU authorities initiated national investigations to verify, […]

On May 11, 2017, the Italian Antitrust Authority (Garante della Concorrenza e del Mercato “ICA”) found that WhatsApp infringed the Italian Consumer Code. In particular, according to the ICA, WhatsApp forced the users of its service “to accept in full the new Terms of Use, and specifically the provision to share their personal data with Facebook, by […]

On December 20, 2016, the Tribunale di Roma held the unauthorized use of a digital signature smart card could nullify an electronically signed agreement. In this case the Plaintiff had denied the digital subscription of an agreement that transferred stock ownership. Since the share transfer agreement was signed electronically, the judge found that the Codice dell’Amministrazione […]

On January 24, 2017, a court of Verona (Italy) relied on the European Court of Justice’s decision in Case C‑264/14 to hold that the transactions in which a traditional currency is exchanged for units of Bitcoins and vice versa are “supply of services for consideration” contracts. Indeed,  Bitcoins are given in return for the “payment of a sum equal to the […]

The Italian Data Protection Authority, Garante per la privacy issued Guidelines for the implementation of Regulation EU/2016/679 on Personal Data Protection (GDPR). The DPA suggests some actions that can be carried out right away to comply with the GDPR and provides a general overview of the major innovations introduced by the legislation. The guidelines are […]

On March 21, 2017, Attorney General Schneiderman announced that his office received a record number of data breach notices in 2016. Around 1,300 data breaches were reported in 2016. This represented a 60% increase over the previous year; these breaches exposed the personal records of 1.6 million New Yorkers in 2016. Hacking represented the leading […]

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). After having examined the comments received during the public consultation which ended on February 15, 2017 (see here), WP29 adopted the final versions of several guidelines, and […]

On February 27, 2017, an Illinois federal court denied Google’s motion to dismiss a claim alleging that Google handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA). In a (putative) class action against Google Photos, plaintiffs alleged that the service collects, stores and uses- without informed consent and in violation of BIPA – the […]

The first filed privacy class law against a law firm was sent to arbitration. On April 15, 2016, Plaintiffs filed the first class action complaint against a law firm for “systematically exposing confidential client information and storing client data without adequate security”. The complaint accuses Johnson & Bell, a mid-sized Chicago firm, of failing to […]

Update – April 2017 In December 2016 the Washington Supreme Court published Proposed Amendments to nonlawyers’ provision of legal services opening for Comments (among others). The comment period closes April 30, 2017. Any changes adopted would be effective no earlier than September 2017. See proposed changes here: http://www.courts.wa.gov/court_rules/?fa=court_rules.proposedDetails&proposedId=1101 Background: The Washington state supreme court has adopted […]

On March 2, 2017, the California Supreme Court held that the electronic communications of a public employee about the conduct of public business may be subject to disclosure under the California Public Records Act (“CPRA”) even if the employee used a personal account. The court considered how the law, originally designed to cover paper documents, […]