On November 12, 2020, just one day after the European Data Protection Board (“EDPB”) published its recommendations on additional measures for data transfers to third countries (Recommendation 01/2020), the European Commission published a draft of the long-awaited updated Standard Contractual Clauses (“SCCs”). Under Art. 46 GDPR, these can serve as the basis for data transfers to third countries without an adequacy decision ...
On 21 August 2020, the HKIMR, the research arm of the Hong Kong Academy of Finance, released its second report, entitled “Artificial Intelligence in Banking: The Changing Landscape in Compliance and Supervision”. The report is intended as a starting point for understanding the broad implications of Artificial Intelligence (“AI”) adoption in the banking industry, as well as in relation to compliance and supervision ...
The HKMA has developed a two-year roadmap to promote Regtech adoption in the Hong Kong banking sector (“Roadmap”), as set out in a White Paper entitled “Transforming Risk Management and Compliance: Harnessing the Power of Regtech” (“White Paper”). The White Paper presents the case for wider adoption of Regtech in Hong Kong, outlining a series of actions that the HKMA will take, or consider taking, to accelerate its adoption ...
Hong Kong’s Securities and Futures Commission (SFC) issued a circular last year (the Circular) in recognition of the increasing use of electronic data storage (cloud storage) for record keeping purposes. The Circular was intended to provide licensed corporations with greater flexibility in keeping regulatory records with electronic data service providers (EDSPs), as well as to clarify their general obligations in relation to electronic data ...
With the Universal Community Testing Programme for COVID-19 detection by the Hong Kong Government and temperature screening in the workplace, the collection and use of biometric data (such as DNA samples, fingerprints and facial images) have raised concerns among the public. In August 2020, the Privacy Commissioner (PC) has updated its guidance note on how data users should collect and use biometric data in compliance with the Personal Data (Privacy) Ordinance (Guidance Note) ...
As concern over cybersecurity continues to grow,[1] defense contractors have been waiting for the Department of Defense (DoD) to roll out its Cybersecurity Maturity Model Certification (CMMC) program. That rollout has occurred, with DoD’s recently published interim rule Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)[2] (“Interim Rule”), effective Nov. 30, 2020, and providing for a five-year phase-in of CMMC ...
The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) sees the decision as a success: On November 11, 2020, the District Court of Bonn reduced the fine imposed on 1&1 Telekom GmbH for a data protection breach from an original EUR 9.55 million to EUR 990,000.00, thereby fundamentally calling into question the fine practices of the German supervisory authorities ...
The Court of Justice of the European Union delivers judgments regarding the concept of “communication to the public” faster than legal scholars can read and dissect them. While we are eagerly awaiting the Court’s analysis of different types of hyperlinking, it has taken less than two months to follow Advocate General Hogan’s opinion regarding the emailing of evidence containing copyrighted works to a court in legal proceedings ...
Norway has acceded to the Cape Town Convention on International Interests in Mobile Equipment and its Protocol on Matters Specific to Aircraft Equipment (the «CTC»). The CTC has been implemented and given effect under Norwegian law as of 1 April 2011. It is still possible to register security interests over an aircraft with the Norwegian Civil Aircraft Registry («NCAR») ...
The debt collection restrictions and requirements in the FDCPA, which was enacted in 1977, have failed to keep up with or even contemplate modern technologies. In particular, as methods and forms of communication have evolved, the industry has had little guidance on how it can utilize newer communication channels such as emails, text messages, or social media. In many cases, the industry has had to grapple with different and often conflicting court interpretations ...
The Copyright Office of the Department for Promotion of Industry and Internal Trade (DPIIT) has invited comments and suggestions to amend the Copyright Act before November 30, 2020. Mid last year, the DPIIT proposed a set of amendments to the Indian Copyright Rules. While these amendments sought to increase transparency and provide clarity for right holders, many other essential modifications were overlooked ...
On Nov. 3, 2020, California voters approved Proposition 24, marking a significant shift in the U.S. privacy landscape. Proposition 24 enacted the California Privacy Rights Act of 2020 (CPRA),[1] a major expansion of the existing California Consumer Privacy Act (CCPA), which many businesses continue to grapple with since becoming effective in January 2020. Most notably, the CPRA establishes a stand-alone privacy regulator, the first U.S. state to do so ...
Buyers’ Default Clause 13 of Saleform 2012 regulates Buyers’ default. The potential Buyers’ defaults are quite restricted to payment defaults. There are no Buyers’ default linked to failure to take over the Vessel (like you often find in shipbuilding contracts) or failure to provide the agreed documents. Nor is it likely that a Buyer will pay for the Vessel but not accept physical delivery ...
On 19 October 2020 the Federal Council's Cyber Committee adopted a report on the advancement of the 2018-2022 national strategy for the protection of Switzerland against cyber risks (2018-2022 NCS) and its gradual implementation. The report focuses mainly on the progress made in supporting small and medium-sized enterprises (SMEs) and promoting research and training ...
The Copyright Office of the Department for Promotion of Industry and Internal Trade (DPIIT) has invited comments and suggestions to amend the Copyright Act before November 30, 2020. Mid last year, the DPIIT proposed a set of amendments to the Indian Copyright Rules. While these amendments sought to increase transparency and provide clarity for right holders, many other essential modifications were overlooked ...
What will UK data protection look like after Brexit 2.0 on 31 December 2020? Regime 1: the 'UK GDPR': the UK's new bespoke version together with the Data Protection Act 2018 The UK GDPR will be the UK data protection regime based on the 'EU GDPR' (see below) ...
The HHS Office for the National Coordinator of Health Information Technology issued an interim final rule on October 29, 2020, extending the compliance date for the information blocking rule under the 21st Century Cures Act to April 5, 2021 ...
While public attention focused on the federal and state elections, Michigan voters made an important decision—they adopted Proposal 20-2, which amended Michigan’s Constitution to extend its protection from unreasonable searches and seizures to electronic data and communications ...
During recent years, we have been accumulating our experience of advising clients on data protection issues, that companies face when doing their business in Russia. Many of our clients do their business in other CIS countries as well and usually face quite similar issues there. However, the level of regulation and, more importantly, enforcement, in different jurisdictions of the post-Soviet Union territory, varies significantly ...
In this newsletter you will find a selection of the main legal news related to the fintech and digital banking market in Argentina. 3.0 transfers New open and interoperable model for instant payments As we anticipated in previous bulletins, the Central Bank (BCRA) completely updated the system of immediate electronic payments existing until now, taking it to a much more ambitious, interoperable and open model, which aims to interconnect bank accounts and accounts on an equal footing ...
We have recently discovered growing interest in implementation of diversity and inclusion (“D&I”) programs by companies operating in Russia. D&I programs imply processing of new categories of employee personal data and new purpose of data processing. For this, Russian Labour laws do not provide for any requirement nor regulation for implementation of D&I programs ...
The Privacy Commissioners of Canada, Alberta and British Columbia issued a joint investigation report, finding that Cadillac Fairview did not obtain adequate consent for the collection of digital images of faces through facial recognition technology (Anonymous Video Analytics) installed in wayfinding directories in some of their Canadian shopping malls ...
On 25 September 2020 Parliament approved new regulations for Blockchain and Distributed Ledger Technology (DLT).(1) The goal of this new legal framework is to further establish and increase Switzerland's reputation as a leading, innovative and sustainable location for fintech and DLT companies. DLT framework DLT allows shared data management and, in particular, shared accounting among participants that do not know or do not trust each other's identity ...
It is the time of year for a good scare– but not all a welcome treat! The U.S. Department ofHealth and Human Services(HHS)published a cyber-threat advisory that comes as no great surprise to healthcare providers. As all healthcare providers are focused on continuing to provide excellent care during this COVID-19 pandemic, it is unfortunate that cyber-criminals see this as an opportunity for healthcare targeted ransomware attacks ...
Introduction On 16 October 2020 the government reinforced the urgent measures to limit the further spread of COVID-19. Teleworking is no longer highly recommended, but has become the standard for all employees whose roles allow for telework. Yet, the new rule is less far-reaching than that in place during the first lockdown in March 2020, as an exception now applies when the continuity of business operations, activities and services does not allow for teleworking ...
