The United Kingdom (UK) has notified the European Union (EU) of its intention to withdraw from the European Union on March 29, 2019. In order to receive personal data from the UK in reliance on the EU-U.S. Privacy Shield Framework (“Privacy Shield” or “the Framework”), Privacy Shield participants must update their Privacy Shield commitments by the Applicable Date.
The Cloud Security Alliance (CSA) today announced the release of the CSA IoT Controls Framework, its first such framework for IoT which introduces the base-level security controls required to mitigate many of the risks associated with an IoT system operating in a range of threat environments.
In a sensational test of technological independence, Russia is making plans to cut off its internet from the rest of the world, with a giant ‘unplugging’ experiment that will affect over 100 million Russian internet users. The contentious plan is expected to be enshrined in law soon, and although nobody knows just when the great unplugging will take place, it should happen imminently.
The California Consumer Privacy Act of 2018 creates sweeping new requirements concerning the collection, maintenance, and tracking of information for both employees or customers who are residents of California. Companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
Released in November 2018, Norton Rose Fulbright’s 2018 Litigation Trends Annual Survey highlighted a decrease in the number of lawsuits commenced against survey corporate counsel respondent companies over the last year. However, the survey also noted that the growing international nature of many business operations has caused a spike in conflicts related to countries’ differing discovery and data protection laws and regulations.
The Data Protection Authority (DPA) of the German state of Bavaria announced it was considering fining a number of companies under the GDPR for their website cookie practices. The Bavarian DPA’s action potentially signals that cookies, user tracking, and online advertising are not a ‘tech industry issue,’ but instead a priority issue for companies irrespective of their industry – and one that can carry GDPR fine risk.
The 50 million euro fine of Google is the largest to be issued not only under the GDPR, but by any European regulator. However, things could have been much worse for the Andriod creators, as GDPR allows for fines up to 4% of a company’s annual global turnover, which could have resulted in a fine in the billions.
Authenteq is an automatic identity verification and privacy platform which enables users to verify their identity and create their own sovereign digital IDs which are stored encrypted in a blockchain. The funding for the Reykjavik, Iceland-based company was led by Draper Associates and Capital300.
The expedited move to shut down Google+ and its API in the wake of a second security issue puts a bit of a clock on auditors, investigators, and litigators looking to preserve ESI from the social media platform that could be relevant to future litigation.
Estonia has created one platform that supports electronic authentication and digital signatures to enable paperless communications across both the private and public sectors.