On December 6, 2019, the FTC issued an opinion finding that Cambridge Analytica, they had engaged in deceptive practices to collect personal information from several users of Facebook for purposes of voter profiling and targeting. In addition, the Commission found that Cambridge Analytica had engaged in deceptive practices regarding its participation in the EU-US Privacy
This last week saw significant compliance and enforcement activity with respect to both GDPR and the FTC. Specifically, we saw two significant GDPR fines handed down by the UK Information Commissioner’s Office (ICO) against British Airways (approx. $230 million) and Marriott International (approx. $130 million). In addition, Facebook settled with the FTC for the largest
*written with assistance from co-author and W&L law student, Isabella Gray.
On May 28, 2019, the Cyberspace Administration of China (“Cybersecurity Administration”) released a set of draft Measures for Data Security Management (the “Draft Measures”). The Draft Measures provide articles governing how network operators, defined as someone who owns and administrates a network or a
On January 21, 2019, the French Data Protection Authority, the Commission Nationale de L’Informatique et de Libertés (“CNIL”) announced a sanction of 50 million euros against Google. On May 25 and 28, 2018, the CNIL received complaints from two different associations, asserting that Google did not have a valid legal basis for the processing of
On January 28, 2017, as part of Data Privacy Day, Facebook shared its data privacy principles for the first time. In a blog post drafted by Erin Egan, Facebook’s Chief Privacy Officer, Facebook posted these principles to help users understand how data is used and managed on the site. Among other things, Facebook’s data privacy
With the May 25, 2018 deadline quickly approaching, many businesses are scrambling to prepare for compliance with the EU’s General Data Protection Regulation (GDPR), and questions and conversations are heating up. Still others are still trying to wrap their arms around what GDPR is and what it means for U.S. businesses. For those of you
Today, on June 1, 2017, China’s new cybersecurity law, entitled the “Network Security Law”, goes into effect. The law was passed in November 2016. It now becomes legally mandatory for “network operators” and “providers of network products and services” to: (a) follow certain personal information protection obligations, including notice and consent requirements; (b) for network
In a recent opinion, the Second Circuit ruled against the United States government and in favor of protecting data stored overseas. In Microsoft v. United States, the Second Circuit held that the Stored Communications Act (SCA) does not authorize courts to issue warrants against internet service providers (ISPs) for the seizure of customer email
Today, the Treasury Department issued a General License authorizing transactions and activities concerning information technology products in the Russian Federation despite recent executive order prohibiting such transactions.
In April 1, 2015, President Obama issued Executive Order 13694 (“Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities”). In short summary, this order blocked
