Jan. 25, 2023
Jan. 25, 2023
E.U. Regulators Bar Meta From Requiring Users to Pay With Their Data
E.U. regulators have invalidated Meta’s contract requirement that Facebook, Instagram and WhatsApp users allow the company to use their personal data without consent, fining the company $428 million. The regulators’ decisions, published January 11 and 19, reject the common business model of providing a free internet service in exchange for users’ activity data. The Meta case also exposes intensifying disputes among the E.U. regulators, with Ireland’s Data Protection Commission announcing that it will sue the bloc’s top data protection board to annul one binding order for further proceedings. This article examines the decisions' impact on data collection under GDPR, the dueling regulator positions, and the key compliance implications for companies, and includes insights from GDPR specialists at DLA Piper, Ropes & Gray and Wallace. See “Two European Regulators Warn Behavioral Advertising Skates on Thin Ice” (Jan. 19, 2022). Read full article …
France’s Cookie Enforcement Against TikTok and Microsoft Highlights Common Compliance Missteps
In a span of less than two weeks, the Commission Nationale de l’Informatique et des Libertés (CNIL), France’s lead privacy regulator, fined two companies – TikTok and Microsoft – for insufficient cookie consent practices. The CNIL’s cookie enforcement activity, which has been on the uptick, represents just one part of a broader enforcement initiative by European regulators who, in recent years, have been targeting cookie practices that are not in alignment with the GDPR’s stringent data privacy requirements. This article explores the CNIL’s recent enforcement actions, the broader heightened cookie enforcement activity across Europe, and offers lessons for multinational companies to avoid costly financial and reputational mistakes with their own cookie practices. See “Compliance Takeaways From the Latest GDPR Enforcement Statistics” (Feb. 2, 2022). Read full article …
Transparency of Beneficial Ownership Clashes With U.K. Privacy Laws
The Register of Overseas Entities (ROE) that came into force in the U.K. on August 1, 2022, via the Economic Crime (Transparency and Enforcement) Act 2022 aims to help crack down on foreign criminals using U.K. property to launder money by requiring registration with the U.K. Companies House. However, on November 22, 2022, the Court of Justice of the European Union issued a ruling that prioritizes privacy over transparency and could eventually lead to changes in the approach to registries across Europe. The Cybersecurity Law Report spoke with Crispin Rapinet and Khushaal Ved, attorneys at Hogan Lovells, about the new requirements, the somewhat conflicting CJEU ruling, and what they mean for multinational corporations. See our two-part series on lessons from the WhatsApp decision on GDPR transparency requirements: Enforcement Takeaways (Oct. 20, 2021); and Compliance Foundations (Oct. 27, 2021). Read full article …
Constangy Expands With New Cyber Team
Constangy has added a new data privacy and cybersecurity team consisting of 32 attorneys in 17 cities and 12 states, all of whom joined from Lewis Brisbois. The team will be led by Sean Hoar. Read full article …
Cyber Expert Rejoins Cole-Frieman & Mallon to Serve Investment Management Industry
Cole-Frieman & Mallon announced that it will launch a cybersecurity law practice, bringing back former partner John Araneo as its lead. Araneo focuses his practice on cybersecurity regulation as it relates specifically to investment advisors. Read full article …
Most-Read Articles
-
Jan. 4, 2023
A Ransomware Tabletop’s 360-Degree Incident Response View: Days One to Four -
Jan. 11, 2023
Ten Cybersecurity Resolutions for Financial Services Firms in 2023 -
Jan. 4, 2023
FTC and $391-Million State AG Case Put Location Data Enforcement on the Map -
Jan. 18, 2023
Scrutiny Over Dark Patterns Presents Further Challenges in Online Contracting -
Jan. 18, 2023
A Sensitive Time for Location Data: Tips to Address New Rules and Vendor Standards
Webinar on Compliant International Data Transfers


Listen here to our discussion with our colleagues at Ethos Privacy, which took place on March 1, 2022, on how to approach international data transfer challenges.