The government recently published its initial response to the public consultation on the Online Harms White Paper, in the first substantive update since its publication in April 2019. The consultation response is described as an indication of the direction of travel and it is clear that the policy development process is at an early stage. Certain things have been clarified, while much remains up for grabs. The government's full response to the consultation is expected in Spring 2020.
In June 2019 the Legislative Assembly of the Macau Special Administrative Region (SAR) enacted the Cybersecurity Law. Prior to this, no legislation covered cybersecurity issues in the Macau SAR. As such, this new law reflects the region's efforts to respond to the latest regulatory trends regarding privacy and security and establish a legal regime for such matters. The main purpose of the law is to protect the networks, systems and data of critical infrastructure operators of the Macau SAR.
Cyberattacks on public entities and private companies in Mexico look set to grow exponentially in 2020. However, Mexico has no national cybersecurity, so the private sector has instead introduced self-regulatory schemes to try and protect itself against cyberattacks. This video examines the main cybersecurity issues that businesses in Mexico face today, including the recent growth of 'cryptojacking'.
The year 2019 was one of high-octane political drama for the United Kingdom, culminating in its withdrawal from the European Union. While there was no cliff edge on 31 January 2020, there are significant challenges ahead, including in the cross-cutting area of data protection, which could affect many UK businesses.
In December 2019 the Federal Telecommunications Institute issued draft rules for public consultation to further regulate net neutrality in Mexico. Further discussions are anticipated following the consultation period and the definitive rules are expected to be published in mid-2020. Nonetheless, the publication of draft rules to regulate net neutrality is a positive step which has long been awaited by both industry players and non-governmental organisations.
A recent action by the National Advertising Division (NAD), a self-regulatory arm of the Better Business Bureau, illustrates that advertisers that participate but decline to be bound by an NAD decision can expect to be referred to the Federal Trade Commission (FTC). The NAD recently announced that it had referred advertising claims made by a dietary supplement company to the FTC for further review, following a challenge by the Council for Responsible Nutrition.
The Cybersecurity Act came into effect in Taiwan in 2019 and introduced new compliance requirements for reporting cybersecurity incidents that affect the telecoms, banking and transport industries in particular. In addition, Taiwan has just finished the first stage of the 5G spectrum option and the security by design of the network will be further developed in 2020. This video discusses the implications of the Cybersecurity Act for businesses as well as 5G network security developments.
The Eleventh Circuit panel recently released a landmark ruling in Glasser v Hilton Grand Vacations Company, LLC. The key issue was how to interpret ambiguous language in the Telephone Consumer Protection Act's (TCPA's) definition of an 'automatic telephone dialling system'. In recent years, imprecise statutory phrasing and the Federal Communication Commission's liberal reading of the legislative history has empowered plaintiffs to assert TCPA claims based on a wide array of calling systems.
Companies are ever more aware of cyber risks, new EU legislation has been introduced in this regard and national authorities have developed improved enforcement activities. As a result, cybersecurity looks set to become a board-level issue across the European Union due to the increased liability and reputational risks for companies. This video discusses the benefits and risks of the digital transformation of business and what companies need to do to protect themselves.
Two recent cases highlight the increased False Claims Act risk that cybersecurity compliance poses for government contractors. The first is a cautionary tale for contractors that self-certify that their IT systems provide adequate security for sensitive federal information which they store, process or transmit in performance of a federal contract. The second signals the importance of accurately representing compliance with federal cybersecurity standards when selling IT products or services to the government.
Following recent case law on the matter, the High Court has found that bitcoin can be 'property' and can therefore be the subject of a proprietary injunction. In reaching its conclusion, the court adopted the detailed analysis of the issue set out in the UK Jurisdictional Task Force's November 2019 Legal Statement on Crypto-Assets and Smart Contracts, thereby providing a far more detailed judicial basis for the finding than found in previous cases.
Penalties for data localisation breaches were the highest fines issued by the Russian Government under the Code of Administrative Offences in 2019 and this issue looks set to continue to dominate the cybersecurity space in 2020. This video examines the scope of data localisation requirements, consequences for data privacy breaches and how companies can ensure compliance therewith.
The Beijing Communications Administration recently organised a two-month examination of the network and data security of apps to target the illegal, compulsory and excessive collection of user information. The examination selected 50 apps with a certain influence and number of users, covering social media, online rental and automotive services, online education, finance, online medical care, basic telecoms enterprises and six other areas.
In recent months, the Personal Information Protection Commission (PPC) has been proactive in publicising cases of data breaches that have had a significant social impact, together with the names of the companies, even when the PPC did not exercise its supervisory authority over the companies in question. Whether this trend will continue should be carefully monitored.
The Washington Privacy Act (WPA) gained significant traction in the legislature in 2019, passing the state Senate almost unanimously, but ultimately failing in the state House of Representatives due to discussions around facial recognition and compliance challenges. State Senator Reuven Carlyle has now released a revised draft of the WPA for 2020. If enacted as drafted, this new version of the WPA would come into effect on 31 July 2021.
Cybersecurity is being taken increasingly seriously in Switzerland – both by the federal government and medium and large businesses. With the Federal Data Protection Act set to be revised in 2020 and additional measures in this space expected, companies are likely to continue investing significant resources into combating cyber risks in 2020 and beyond. This video discusses some of the key issues that have been affecting the Swiss cybersecurity space in 2019 and what to expect in 2020.
The Cyberspace Administration of China recently published the Administration Measures for Releasing Cybersecurity Threat Information (Draft for Comments) to solicit public opinions. According to the draft measures, the publication of cybersecurity threat information must be reported to regulators in a number of specific circumstances.
The Information Commissioner's Office recently published its draft Code of Practice on Direct Marketing. Covering traditional e-marketing but also newer tools increasingly relevant to marketers such as social media and adtech, the code is essential reading for those engaging in direct marketing activities in the United Kingdom. It includes important clarifications and updates to previous guidance, particularly in relation to in-app marketing messages, refer-a-friend schemes and marketing via social network platforms.
The Chinese government has been cracking down on the unreasonable collection of personal data, introducing a number of new guidelines to ensure compliance in this regard. On the horizon in 2020 is the potential finalisation of the cross-border transfer rules, which – in their current form – impose stringent requirements on affected companies. This video looks at China's recent approach to cybersecurity and what companies should do to ensure compliance.
On 1 January 2020 the Swiss Financial Market Supervisory Authority implemented various revised rules primarily targeting small banks (the so-called 'small banks regime'). Among other aspects, this will result in a relaxation of IT outsourcing requirements for financial institutions. The amendments are positive and a step in the right direction, as they will allow financial institutions to enjoy more leeway to benefit from IT outsourcing services.