Global Privacy & Security Compliance Law Blog

Category Archives: Legislative & Regulatory Developments

Subscribe to Legislative & Regulatory Developments RSS Feed

GDPR Countdown: Latham’s National Implementation Tracker

By Gail Crawford, Ulrich Wuermeling and Calum Docherty The EU General Data Protection Regulation (GDPR) will come into force in May 2018, changing how businesses and the public sector manage customer information. With seven months before the deadline, governments, supervisory authorities, and businesses are working in parallel on GDPR implementation. Latham reached out to colleagues across the … Continue Reading

Russia Introduces New Definition and Obligations for Audiovisual Service Owners

By Gail Crawford and Ksenia Koroleva The Federal Law No. 87-FZ of May 1, 2017, on Amendments to the Federal Law on Information, Information Technologies, and Information Protection (the Law) came into force on July 1, 2017. The Law introduces the definition of an audiovisual service owner and regulates their activities, including imposing ownership restrictions. The Notion of … Continue Reading

Messaging Apps May Face New Obligations in Russia

By Gail Crawford, Ksenia Koroleva, and Andrea Stout The State Duma, Russia’s lower chamber of Parliament, has adopted amendments to the Federal Law on Information, Information Technologies and Information Protection of the Russian Federation (the Law) in its first reading. Under the proposed amendments, messaging apps would be required, among other things, to verify users … Continue Reading

Trump Administration Issues New Executive Order Focused on Strengthening Federal Cybersecurity

By Steven Croley*, Jennifer Archie and Serrin Turner The Trump Administration has issued a much anticipated Executive Order (EO),“Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” directing federal executive agency heads to undertake various cyber-related reviews and to report findings back to the White House within prescribed timetables. Unlike some of the Trump Administration’s … Continue Reading

China Introduces Legislation that Enhances Personal Information Rights

By Julia Dai, Hui Xu and Sean Wu On March 15, 2017, the National People’s Congress (the NPC), the national legislature of People’s Republic of China (the PRC), passed the General Provisions of the Civil Law (the General Provisions). To better protect rights and establish obligations for individuals and entities in modern China, the General Provisions have … Continue Reading

China Issues Draft Measures to Restrict the Overseas Transmission of Personal Data

By Hui Xu, Gail E. Crawford, Wei-Chun (Lex) Kuo, Andrea E. Stout and Sean Wu The Cyberspace Administration of China (CAC) issued Draft Measures for public comment on April 11 on Security Assessment for Cross-border Transmission of Personal Information and Critical Data (the Draft Measures). The Draft Measures provide further clarification surrounding the “localization” requirement … Continue Reading

US Magistrate Judge Upholds Search Warrants for Google Data Stored Overseas, “Shards” and All

By Serrin Turner and Megan Behrman Another front recently emerged in the legal battle over whether US law enforcement authorities can use a search warrant issued under the Stored Communications Act (SCA) to obtain data stored overseas. Until now, the battle has been focused in New York, where Microsoft filed a challenge in December 2013 … Continue Reading

European Commission Proposes ePrivacy Regulation

By Ulrich Wuermeling On January 10, 2017, the European Commission proposed a new ePrivacy Regulation (Proposal). Compared to the internal draft that was leaked in December, the official Proposal has been substantially modified. However, the general approach taken by the European Commission has not changed. The Proposal includes provisions with a broad scope of application covering … Continue Reading

Financial Institutions Await Response to Concerns Over New York State Department of Financial Services’ Proposed Cybersecurity Rules

By Jennifer Archie, Alan Avery, Serrin Turner, and Pia Naib Dozens of financial institutions and trade associations have lodged emphatic objections with the New York State Department of Financial Services (NYSDFS) in response to the Department’s September 28, 2016 Notice of Proposed Rulemaking entitled “Cybersecurity Requirements for Financial Services Companies” (the Proposed Rules). As published … Continue Reading

GDPR Guidance: DPOs, Data Portability & the One-Stop-Shop

By Fiona Maclean & Calum Docherty The Article 29 Working Party (WP29) – the group that represents the data protection authorities of all EU Member States – has published guidance and FAQs on a number of issues under the General Data Protection Regulation (GDPR). Data Protection Officers (DPOs) (Guidance & FAQs) DPOs are the cornerstone … Continue Reading

6 Key Requirements of China’s First Network Security Law

By Jennifer Archie, Gail Crawford, Serrin Turner, Hui Xu & Lex Kuo The Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) has introduced China’s first and comprehensive Network Security Law (also referred to as Cybersecurity Law). The law will have far-reaching implications for parties that utilize the internet and … Continue Reading

Around the Table: Behind the Headlines of Evolving Cyberthreats

Latham partners Serrin Turner, Jennifer Archie and Jeffrey Tochner sat down with Eric Friedberg, Executive Chairman at Stroz Friedberg, and Matt Olsen, President – Consulting at IronNet Cybersecurity, to discuss current cyberthreat levels and the growing need for companies to devote resources for future risk mitigation.    … Continue Reading

“Yarovaya” Law – New Data Retention Obligations for Telecom Providers and Arrangers in Russia

By Ksenia Koroleva On July 6, 2016, Russian President Vladimir Putin signed Federal Law No 374-FZ. This law is also known as the “Yarovaya” law (named after a Russian senator who was the main driving force for the law to come into existence). The Yarovaya law introduces amendments to certain Russian federal laws. The majority … Continue Reading

“Hacking” Warrants: A Question of Procedure or Substance?

By Serrin Turner Typically, the process for amending the Federal Rules of Criminal Procedure is a sleepy affair. Proposed amendments wend their way through a series of judicial committees and, if approved by the Supreme Court, take effect automatically by the end of the year. Theoretically, Congress may choose to intervene and block the change – … Continue Reading

The Countdown to the General Data Protection in Europe Has Begun

By Gail Crawford and Lore Leitner Today, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR will introduce a rigorous, far-reaching privacy framework for businesses that operate, target customers or monitor individuals in the EU. The Regulation sets out a suite of new … Continue Reading

Are Changes in Store for the Stored Communications Act?

By Serrin Turner Last week saw action on two fronts regarding the Stored Communications Act (SCA) – the US federal statute regulating government searches of online accounts in criminal investigations. In Congress, a proposal to reform the SCA advanced in the House; and in the courts, Microsoft sued to challenge a provision of the SCA as … Continue Reading

Recent Amendments to the Russian Personal Data Protection Legislation: The Right to be Forgotten

By Mikhail Turetsky, Ksenia Koroleva and Lore Leitner On July 13, 2015, the Russian President signed Federal Law No. 264-FZ (the Law), which introduced a range of amendments into Russian legislation (the Amendments). In particular, the principle of the “right to be forgotten”, a concept not previously recognized under Russian law came into effect on … Continue Reading

Political Agreement on European Data Protection Regulation

By Ulrich Wuermeling A political compromise has been reached on the new European Data Protection Regulation. On December 15, 2015, the negotiators in the so-called “informal trilogue” between the Council, the Parliament and the European Commission closed the final issues. Meanwhile, the Luxembourg Presidency informed the LIBE-Committee of the Parliament as well as the Permanent Representatives Committee … Continue Reading

MEPs Agree to Europe’s First-Ever EU Cybersecurity Law

By Gail Crawford and Andrea Stout On December 7th, members of the European Parliament (MEPs) and the Luxembourg Presidency of the EU Council of Ministers provisionally agreed to the text of the long awaited network and information security directive also known as the cybersecurity directive (Directive). While the text of the proposed Directive has yet … Continue Reading

Final Negotiations on European Data Protection Regulation

By Ulrich Wuermeling Almost four years after the European Commission introduced their draft for a new European Data Protection Regulation, negotiators of the European Parliament and Council are close to agreeing on a compromise text, set for December 15, 2015. If the final negotiations in the so-called “informal trilogue” are successful, the legislative process can be formally … Continue Reading

WEBCAST Safe Harbor: Staying Alive?

Speakers: Gail Crawford, Jennifer Archie, Ulrich Wuermeling On October 6, 2015, the European Court of Justice invalidated the EU Commission’s decision that had allowed companies to transfer personal data from the EU to the United States under the EU-US Safe Harbor Framework. Two months on, various bodies and EU privacy regulators have issued guidance, including … Continue Reading

FTC Administrative Law Judge Issues Initial Decision in LabMD Matter

By Jennifer Archie, Scott Jones and Alex Stout In a stunning victory, an administrative law judge has recommended the dismissal of a long-pending US Federal Trade Commission (FTC) complaint against LabMD, Inc. (LabMD). In a strongly worded opinion in a case that had become highly politicized following 2014 congressional hearings, ALJ D. Michael Chappell found … Continue Reading
LexBlog