The Coronavirus pandemic has caused a shift in the paradigm of modern-day workplaces. Companies across the globe have seen a rapid and widespread shift to remote work, making compliance with the GDPR harder than ever. The Federal Office of Information Security (BSI), in its recent report on the ‘State of IT Security in Germany 2020’, expressed its concern and indicated a ‘tense situation’ for data protection in the country ...
Introduction On 16 October 2020 the government reinforced the urgent measures to limit the further spread of COVID-19. Teleworking is no longer highly recommended, but has become the standard for all employees whose roles allow for telework. Yet, the new rule is less far-reaching than that in place during the first lockdown in March 2020, as an exception now applies when the continuity of business operations, activities and services does not allow for teleworking ...
On 25 September 2020 Parliament approved the final draft of the revised Data Protection Act (rev-DPA).(1) The rev-DPA is expected to enter into force in 2022. However, it is subject to a facultative referendum and the corresponding ordinance will be adapted accordingly – thus, the rev-DPA is still a work in progress ...
OCIE’s most recent Risk Alert, published Sept. 15, 2020, address another cybersecurity issue, this time highlighting the dangers of “credential stuffing.” Credential stuffing is a method of cyberattack that uses compromised client login credentials and can lead to loss of customer assets and the disclosure of confidential or other personal information. Hackers will obtain groups or lists of usernames, email addresses, and their passwords from sellers on the dark web ...
A recent decision in Germany has resulted in a hefty fine being imposed on an employer for violations of the European Union’s General Data Protection Regulations (“GDPR”). The decision is a strong warning to South African employers to not overprocess their employees’ information ...
The functioning of the World Wide Web is in many ways dependent on the use of hyperlinks. Many of those hyperlinks refer to works protected by copyright. In his recent Opinion, Advocate General Szpunar has considered which kinds of hyperlinks should be regarded as a communication to the public that require the copyright holder’s prior authorisation ...
Ohio legislators recently introduced proposed H.B. 679, expanding telehealth services. As a result of the COVID-19 pandemic, telehealth has become more prevalent and necessary. Ohio lawmakers realize telehealth is only going to become more widespread in the future, as patient usage and acceptance continue to grow. If enacted, H.B ...
Cybersecurity will generally be a significant issue for businesses in the years to come. With teleworking, cloud computing and the advent of artificial intelligence, large amounts of data are likely to fall prey to hackers attracted by the personal information or trade secrets contained therein. From a legal standpoint, businesses have a duty to take reasonable steps to protect the personal information they hold ...
COVID-19 has sent many employers into a workforce management tailspin. Laws, regulations, and recommendations change daily, and as the pandemic continues to affect the workplace, the risk of legal complacency increases. The list below identifies the top 10 mistakes for employers to avoid during the COVID-19 pandemic. Mistake 1: Failing To Prepare and Update a COVID-19 Response Plan ...
Law is an ever-evolving social construct and remains effective only insofar as it can be updated in a timely manner to keep up with real-life developments. The relevance of laws and their subject matter is always dictated by present-day realities and circumstances ...
On August 26, 2020, Resolution No. 000093-2020-PRE/INDECOPI was published in the Official Gazette “El Peruano”, which adopts the Directive that establishes the procedure for payment of rewards under the scope of Article 28 of the Single Ordered Text of the Law for the Repression of Anticompetitive Conduct (the "Directive" and the "Competition Law", respectively) ...
On August 25, 2020, Board Resolution No. 003-2020-EF/68.0 was published in the Official Gazette “El Peruano”, approving the “Guidelines for the State's response to the potential impacts of the COVID-19 pandemic on Public Private Partnership projects” (the “Guidelines”) ...
In July, the German Federal Ministry for Economic Affairs and Energy (BMWi) compiled a draft law on data protection and the protection of privacy in the context of electronic communication and telemedia (the “Telecommunications and Telemedia Data Protection Act” [Telekommunikations-Telemedien-Datenschutz-Gesetz],“TTDSG”) – which has not yet been officially published ...
With federal privacy legislation stalled and indefinitely delayed, states have moved forward to push an impressive number of privacy laws forward over the last several years. Some of these laws are still relatively obscure, but are being increasingly enforced by state regulators and through litigation ...
The Baden-Württemberg Commissioner for Data Protection and Freedom of Information (LfDI) has imposed a fine of €1,240,000 on the AOK Baden-Württemberg health insurance provider. The reason? Data processing errors related to prize draws it ran: the health insurance provider had not obtained the valid consent for data processing of prize draw entrants in 500 cases. An internal whistleblower notified the LfDI about the breach ...
On 22 July 2020, data protection authorities from Australia, Canada, Gibraltar, Hong Kong, Switzerland and United Kingdom (together the Authorities), issued an open letter (Letter) on global privacy expectations of video teleconferencing companies (VTC companies)[1]. Why there is such a Letter? As a result of the COVID-19 pandemic, the Authorities have witnessed an increasing use of VTC tools, both in social and business contexts ...
Thursday 16 July 2020 saw the Court of Justice of the European Union (“CJEU”) issue its decision on the validity of two international data transfer mechanisms - the “Privacy Shield” mechanism, which allowed for transfers between the EU and the US, and the Standard Contractual Clauses (“SCCs”) which are of more general application. Both of these mechanisms were confirmed by decisions of the European Commission ...
Today (16 July 2020), the ECJ handed down its long-awaited judgment on the validity of Standard Contractual Clauses in international data transfers (ECJ, judgment of 16 July 2020, case C-311/18). In a surprise move the Court of Justice declared the EU Commission's adequacy decision on the Privacy Shield - the agreement that allows data transfers to certain companies in the USA - to be invalid. On the other hand it confirmed the validity of the Standard Contractual Clauses ...
The Ninth Circuit Holds that Callers are Subject to TCPA Liability if the Callers Intend to Make Automated Calls to a Consenting Customer, but Instead Call Someone Else Introduction On June 3, 2020, the United States Court of Appeals for the Ninth Circuit dealt a blow to callers governed under the Telephone Consumer Protection Act (“TCPA”) ...
On July 3rd, 2020, Supreme Decree No. 18/2020 of the Ministry of Labor and Social Securitywas published,approving the regulation of Article 152 quater M of the Labor Code, establishing specific health and safety conditions at work applicable for employees rendering services in regimes of remote work or telework (hereinafter, the “Regulation”) ...
Setting the right standard to ensure compliance with the technical and organizational safeguards for data security required under Art. 32 GDPR is a challenge for many companies when it comes to electronic communications – not least e-mail. The German Conference of Independent German Federal and State Data Protection Supervisory Authorities (DSK) has issued guidance on the topic. The guidance represents a majority resolution of the German states, with Bavaria dissenting ...
Many jurisdictions have put in place legislation to regulate merger activities. There have been discussions that it is high time for Malaysia to implement a general merger control regime under the Malaysian Competition Act 2010. As it presently stands, general merger activities which do not fall within two specific sectors (will be discussed below) are not regulated and no prior sanction is required from the Competition Commission before a merger transaction takes place ...
On June 11, 2020, the Ministry of Transport and Telecommunications, the Ministry of Economy and the National Consumer Service ("Sernac") announced the implementation of the "I want to exit" platform, in order to enable telecommunications users to terminate contracts with telecommunications service providers in an expeditious manner ...
