Do you want an easy way to stay on top of important privacy changes? Avoid sleepless nights wondering if you’ve missed a speed bump or pothole between annual updates? Do not worry anymore. Troutman Pepper is happy to offer More privacy, please – a monthly newsletter summarizing important industry and legal developments, as well as trends in the areas of cybersecurity, information governance and privacy.

UNITED STATES LAWS AND REGULATIONS

  • House officials reintroduce sweeping online privacy law

    • On November 18, US representatives Anna G. Eshoo (D-CA) and Zoe Lofgren (D-CA) reintroduced the Online Privacy Act, which would create rights over user data, impose limitations and obligations on businesses. who collect and use consumer data, and create a digital privacy agency to enforce privacy laws. Eshoo and Lofgren already introduced the law on November 5, 2019. In view of the increase in digital work and online activities, the bill aims to “protect individuals, encourage innovation and restore confidence in businesses technological ”. The press release is available here.

  • Proposed Joint Rule to Establish IT Security Incident Notification Requirements for Banking Service Providers

    • On November 18, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (Council) and the Office of the Comptroller of the Currency (OCC) “issued a joint final rule to establish computer security . Incident notification requirements for banking organizations and their banking service providers. The letter applies to all institutions supervised by the FDIC. Among other provisions, the rule will require: (1) that banking organizations notify the FDIC as soon as possible and no later than 36 hours after determining that a computer security incident reaching the level of a “notification incident” has occurred; and (2) a banking service provider to notify at least one bank-designated point of contact in each affected customer banking organization as soon as possible when the banking service provider determines that it has experienced a security incident informa tick that materially disrupted or degraded Covered Services for four hours or more. For more information, click here.

LITIGATION AND ENFORCEMENT IN THE UNITED STATES

INTERNATIONAL REGULATIONS AND APPLICATION

  • UK Supreme Court concludes that the action of the data protection representative (i.e. group) cannot be sued against Google

    • On November 10, the Supreme Court of the United Kingdom rendered a decision in Lloyd v Google LLC, UKSC2019 / 0213 (UK Supreme Court), a “legal action” on behalf of 4.4 million Google users alleging that their internet activity has been tracked without their knowledge or consent. The decision ruled that the loss of control of personal data by consumers alone was not sufficient to establish that all applicants had the “same interest”. In other words, the Court concluded that each member of the proposed class would have to prove their individual damages, thus ruling out the use of a representative action. In this regard, the ruling is analogous to many US cases, where courts have dismissed it as insufficient to meet the predominance requirement to certify a class under Fed. R.Civ. P. 23 (b) (3). Click here for a more detailed analysis.


Source link