Global Privacy & Security Compliance Law Blog

Category Archives: Legislative & Regulatory Developments

Subscribe to Legislative & Regulatory Developments RSS Feed

A New Era for Data Protection in Brazil

Brazilian Congress passes a data protection bill that seeks to improve privacy and cybersecurity. By Amadeu Ribeiro and Thiago Luís Sombra (Mattos Filho, Veiga Filho Marrey Jr e Quiroga Advogados) and Jennifer Archie and Terese Saplys The Brazilian Congress has been working on a bill relating to the protection of personal data for over eight … Continue Reading

California Consumer Privacy Act of 2018 May Usher in Sweeping Change

Businesses active in California should promptly assess whether the law applies to their practices and start planning towards compliance with the new law. By Jennifer Archie, Michael Rubin, and Scott Jones Key Points: A sweeping new privacy law — the California Consumer Privacy Act of 2018 — was signed into law on June 28, 2018. … Continue Reading

Update: California’s Consumer Right to Privacy Ballot Initiative

California ballot initiative, Consumer Right to Privacy Act of 2018, gathers momentum for a November vote, spurring some telecom and internet businesses to organize opposition. By Michael H. Rubin, Roxana Mondragón-Motta, and Scott C. Jones Businesses are preparing to oppose a California ballot measure that could impose new data privacy and security obligations, with the … Continue Reading

New Home for Our Interactive GDPR Implementation Tracker – GDPR.lw.com

The General Data Protection Regulation (GDPR) comes into effect on May 25, 2018. As an EU Regulation, it will be directly effective in each EU member state, but all member states are expected to pass national implementing legislation. Latham’s GDPR Implementation Tracker is an interactive, web-based tool to help companies doing business in Europe stay … Continue Reading

National Cyber Security Centre Releases NIS Directive Guidance

The UK agency’s principles-based guidance on cybersecurity for OES adds important detail to NIS Directive obligations. By Gail Crawford, Mark Sun, Fiona Maclean, and Malika Sajdik The National Cyber Security Centre (NCSC) has published introductory guidance for operators of essential services (OES) on the new cybersecurity rules under the EU’s Security of Network and Information … Continue Reading

Cybersecurity: UK Government Releases Response to Public Consultation on NIS Directive

Proposed changes provide indication of the yet-to-be-published contents of the NIS Directive’s implementing regulation. By Gail Crawford, Mark Sun, Fiona Maclean, and Malika Sajdik The UK government moved closer to implementing the Security of Network and Information Systems Directive (NIS Directive) with the release of its consultation response. The NIS Directive is the first EU-wide legislation on … Continue Reading

Updated: Latham’s GDPR National Implementation Tracker

By Gail Crawford and Mark Sun  With the assistance of colleagues across the EU, Latham & Watkins has updated its GDPR National Implementation Tracker. With just over three months to go until the GDPR go-live date on 25 May 2018, two EU member states (Belgium, Slovakia) have joined Austria and Germany in successfully implementing the … Continue Reading

US Government Contractors Face New Cybersecurity Requirements

By Jennifer Archie, Serrin Turner, Kyle Jefcoat, Dean Baxtrasser and Morgan Maddoux As of December 31, 2017, many United States government contractors face a new compliance requirement involving cybersecurity. This requirement will govern most new Department of Defense (DoD) contracts and, significantly, will apply to many current DoD contracts that include the applicable standard contract … Continue Reading

Russian Lawmakers Move to Be Able to Ban Use of VPNs and Similar Access Tools

By Ksenia Koroleva Russia has adopted a new law further toughening the country’s Internet-blocking regime and introducing a number of restrictive measures applicable to intermediaries providing access to blocked websites, IT networks, and information resources (hereinafter, “Blocked Websites”). The relevant provisions of Federal Law No. 276-FZ dated July 29, 2017 (the “Anonymizers Law”), came into force on … Continue Reading

GDPR Countdown: Latham’s National Implementation Tracker

By Gail Crawford, Ulrich Wuermeling and Calum Docherty The EU General Data Protection Regulation (GDPR) will come into force in May 2018, changing how businesses and the public sector manage customer information. With seven months before the deadline, governments, supervisory authorities, and businesses are working in parallel on GDPR implementation. Latham reached out to colleagues across the … Continue Reading

Russia Introduces New Definition and Obligations for Audiovisual Service Owners

By Gail Crawford and Ksenia Koroleva The Federal Law No. 87-FZ of May 1, 2017, on Amendments to the Federal Law on Information, Information Technologies, and Information Protection (the Law) came into force on July 1, 2017. The Law introduces the definition of an audiovisual service owner and regulates their activities, including imposing ownership restrictions. The Notion of … Continue Reading

Messaging Apps May Face New Obligations in Russia

By Gail Crawford, Ksenia Koroleva, and Andrea Stout The State Duma, Russia’s lower chamber of Parliament, has adopted amendments to the Federal Law on Information, Information Technologies and Information Protection of the Russian Federation (the Law) in its first reading. Under the proposed amendments, messaging apps would be required, among other things, to verify users … Continue Reading

Trump Administration Issues New Executive Order Focused on Strengthening Federal Cybersecurity

By Steven Croley*, Jennifer Archie and Serrin Turner The Trump Administration has issued a much anticipated Executive Order (EO),“Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” directing federal executive agency heads to undertake various cyber-related reviews and to report findings back to the White House within prescribed timetables. Unlike some of the Trump Administration’s … Continue Reading

China Introduces Legislation that Enhances Personal Information Rights

By Julia Dai, Hui Xu and Sean Wu On March 15, 2017, the National People’s Congress (the NPC), the national legislature of People’s Republic of China (the PRC), passed the General Provisions of the Civil Law (the General Provisions). To better protect rights and establish obligations for individuals and entities in modern China, the General Provisions have … Continue Reading

China Issues Draft Measures to Restrict the Overseas Transmission of Personal Data

By Hui Xu, Gail E. Crawford, Wei-Chun (Lex) Kuo, Andrea E. Stout and Sean Wu The Cyberspace Administration of China (CAC) issued Draft Measures for public comment on April 11 on Security Assessment for Cross-border Transmission of Personal Information and Critical Data (the Draft Measures). The Draft Measures provide further clarification surrounding the “localization” requirement … Continue Reading

US Magistrate Judge Upholds Search Warrants for Google Data Stored Overseas, “Shards” and All

By Serrin Turner and Megan Behrman Another front recently emerged in the legal battle over whether US law enforcement authorities can use a search warrant issued under the Stored Communications Act (SCA) to obtain data stored overseas. Until now, the battle has been focused in New York, where Microsoft filed a challenge in December 2013 … Continue Reading

European Commission Proposes ePrivacy Regulation

By Ulrich Wuermeling On January 10, 2017, the European Commission proposed a new ePrivacy Regulation (Proposal). Compared to the internal draft that was leaked in December, the official Proposal has been substantially modified. However, the general approach taken by the European Commission has not changed. The Proposal includes provisions with a broad scope of application covering … Continue Reading

Financial Institutions Await Response to Concerns Over New York State Department of Financial Services’ Proposed Cybersecurity Rules

By Jennifer Archie, Alan Avery, Serrin Turner, and Pia Naib Dozens of financial institutions and trade associations have lodged emphatic objections with the New York State Department of Financial Services (NYSDFS) in response to the Department’s September 28, 2016 Notice of Proposed Rulemaking entitled “Cybersecurity Requirements for Financial Services Companies” (the Proposed Rules). As published … Continue Reading

GDPR Guidance: DPOs, Data Portability & the One-Stop-Shop

By Fiona Maclean & Calum Docherty The Article 29 Working Party (WP29) – the group that represents the data protection authorities of all EU Member States – has published guidance and FAQs on a number of issues under the General Data Protection Regulation (GDPR). Data Protection Officers (DPOs) (Guidance & FAQs) DPOs are the cornerstone … Continue Reading

6 Key Requirements of China’s First Network Security Law

By Jennifer Archie, Gail Crawford, Serrin Turner, Hui Xu & Lex Kuo The Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) has introduced China’s first and comprehensive Network Security Law (also referred to as Cybersecurity Law). The law will have far-reaching implications for parties that utilize the internet and … Continue Reading

Around the Table: Behind the Headlines of Evolving Cyberthreats

Latham partners Serrin Turner, Jennifer Archie and Jeffrey Tochner sat down with Eric Friedberg, Executive Chairman at Stroz Friedberg, and Matt Olsen, President – Consulting at IronNet Cybersecurity, to discuss current cyberthreat levels and the growing need for companies to devote resources for future risk mitigation.    … Continue Reading

“Yarovaya” Law – New Data Retention Obligations for Telecom Providers and Arrangers in Russia

By Ksenia Koroleva On July 6, 2016, Russian President Vladimir Putin signed Federal Law No 374-FZ. This law is also known as the “Yarovaya” law (named after a Russian senator who was the main driving force for the law to come into existence). The Yarovaya law introduces amendments to certain Russian federal laws. The majority … Continue Reading
LexBlog