Cybersecurity

German Court Divorces GDPR and Competition Law in Facebook Appeal

By Constanze Kauffmann, Tobias Pesch & Natascha Gerlach on August 29, 2019

Posted in Cybersecurity, European Union, GDPR, Litigation, Privacy

In February of this year the German antitrust agency, the Federal Cartel Office (“FCO”), issued a decision against Facebook regarding their handling of user data. Please see our previous blog-post detailing the FCO’s arguments here

Facebook appealed and on August 26, 2019, the Düsseldorf Court of Appeal (“DCA”) in an interim decision granted suspensive effect to Facebook’s appeal against the FCO decision.

The DCA can order suspensive effect to an appeal if it has serious doubts whether the prohibition decision is legally valid. Despite the preliminary character of the DCA’s decision, this could represents a significant setback for the FCO and have signaling effect beyond the German borders,. The DCA made certain important points on issues of law, which it will likely not revers during its main proceedings.…
Continue Reading

July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors

By Jonathan S. Kolodner, Pamela L. Marcogliese, Alexis Collins, Rahul Mukhi & Anne Titus Hilby on August 5, 2019

Posted in Cybersecurity, DOJ Guidance, Enforcement, Financial Institutions, Regulatory, SEC Guidance, United States

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook. Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.…
Continue Reading

New York Passes Expansive New Cybersecurity Law

By Jonathan S. Kolodner, Rahul Mukhi & Russell Mawn on July 29, 2019

Posted in Breach Notifications, Cybersecurity, Privacy, United States

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities.

The Act makes five principal changes…

The DASHBOARD Act – Proposed New Law Would Force Large Technology Companies to Disclose the Value of Users’ Data

By Alexis Collins, Jane C. Rosen & Natalie Farmer on July 9, 2019

Posted in Cybersecurity, Privacy, SEC Guidance

On June 24^th, Senators Mark Warner (D-VA) and Josh Hawley (R-MO) introduced a bill that would require large technology companies to regularly disclose to their users and the Securities and Exchange Commission (SEC) the value of the user data they collect and monetize. The bipartisan bill, cited as the Designing Accounting Safeguards to Help Broaden Oversight and Regulations on Data (DASHBOARD) Act, is intended to capture major online platforms such as Amazon, Facebook, Google and Twitter that offer “free” services to users while monetizing user data through targeted advertising.
…
Continue Reading

District Court Finds Allegations That Data Breach Exposed Publicly Available and Non-Sensitive Personal Information Sufficient for Article III Standing

By Alexis Collins, Phillip L. Hurst & Miranda Gonzalez on July 1, 2019

Posted in Breach Notifications, Cybersecurity, Privacy

Potentially signaling an expansion of the scope of constitutional standing in data breach cases, a district court in the Northern District of California recently held that the exposure of users’ non-sensitive, publicly available personal information may be sufficient to establish an injury-in-fact.^[1]…
Continue Reading

CFIUS Forces Kunlun to Unwind 2016 Acquisition of Grindr Over Concerns About the Protection of Sensitive Personal Data

By Paul Marquardt, Chinyelu Lee & John P. McGill, Jr. on April 5, 2019

Posted in Cybersecurity

On March 27, 2019, journalists affiliated with Reuters reported that the Kunlun Group (“Kunlun”), a China-based tech firm, was preparing to sell its wholly owned subsidiary, Grindr, after the Committee on Foreign Investment in the United States (“CFIUS”) informed the group that Kunlun’s continued ownership of Grindr constituted a national security risk. This forced divestiture of Grindr is a pointed reminder that CFIUS remains focused on protecting the sensitive personal data of U.S. citizens, has the power to upend closed deals that have not been cleared by the committee, and is dedicating increased resources to the review of transactions that are not notified to CFIUS.…
Continue Reading

Federal Trade Commission Issues 2018 Privacy and Data Security Update

By Alexis Collins & Margot G. Mooney on March 21, 2019

Posted in Cybersecurity, Privacy

On Friday, March 15, 2019, the U.S. Federal Trade Commission (“FTC”) issued its 2018 Privacy & Data Security Update (the “Update”) detailing its activities last year in seven “zones” of privacy and data security: enforcement, advocacy, rules, workshops, reports and surveys, consumer education and business guidance, and international engagement. …
Continue Reading

Katherine Mooney Carroll

Katherine Mooney Carroll’s practice focuses on advising U.S. and international financial institutions on U.S. regulatory matters, including recent reforms pursuant to the Dodd-Frank Act, regulatory aspects of bank M&A, cybersecurity and privacy matters, and compliance with U.S. sanctions and anti-money laundering laws.

View Latest Posts

Amélie Champsaur

Amélie Champsaur’s practice covers a broad range of financial regulatory, compliance and enforcement matters, at French and EU level.

View Latest Posts

Alexis Collins

Alexis Collins’ practice focuses on litigation, including criminal and regulatory enforcement matters and complex civil and antitrust litigation.

View Latest Posts

Christopher J. Cook

Christopher J. Cook’s practice focuses on international competition and antitrust law.

View Latest Posts

Roger A. Cooper

Roger Cooper’s practice focuses on complex civil litigation, with an emphasis on disputes arising out of securities, M&A and derivative transactions, as well as on corporate governance issues.

View Latest Posts

Francesco De Biasi

Francesco De Biasi’s practice primarily focuses on private enforcement and internal investigations of corporate wrongdoing, with a focus on the requirements under Legislative Decree 231/2001, as well as on corporate, civil, labor law and data protection matters related to white collar crimes.

View Latest Posts

Daniel Ilan

Daniel Ilan’s practice focuses on intellectual property law.

View Latest Posts

Jonathan Kelly

Jonathan Kelly’s practice focuses on substantial English and international commercial litigation and arbitration.

View Latest Posts

Joon H. Kim

Joon H. Kim’s practice focuses on white-collar criminal defense, internal corporate investigations, regulatory enforcement, and crisis management, as well as complex commercial litigation and arbitration.

View Latest Posts

Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

Michael H. Krimminger

Michael H. Krimminger’s practice focuses on U.S. and international banking and financial institutions.

View Latest Posts

Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

Emmanuel Ronco

Emmanuel Ronco’s practice focuses on intellectual property and technology matters, including in the context of corporate transactions such as mergers and acquisitions or joint ventures.

View Latest Posts

Rishi N. Zutshi

Rishi N. Zutshi’s practice focuses on commercial litigation and securities litigation, with extensive experience in disputes relating to complex financial instruments and derivatives.

View Latest Posts