Blockchain and Data Privacy (Lex Mundi Series)

Editors’ Note: The following article was originally published as part of Lex Mundi’s Blockchain Whitepaper Series, which you can find here.

What data privacy concerns should practitioners have relating to blockchain technology? Answering the question involves understanding first the personal information implicated by a specific blockchain application, and then analyzing the relevant legal regimes that govern the personal information.

Personal Information

Data privacy does not implicate all information,… More

Privacy and Data Security Strategies for Start-Up Companies

Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio.  These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws.  Cybersecurity has become increasingly important for business of all sizes.  While identity thieves may focus on the target rich environments of large-scale enterprises,… More

GDPR Alert: Google Gets Biggest Fine Ever Issued by a European Data Protection Authority

On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR.

As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your Business), the non-profit privacy organization set up by Max Schrems, the Austrian lawyer who initiated the action against Facebook that led to the invalidation of the Safe Harbor,… More

Can Law Enforcement Force You To Use Your Finger to Unlock Your Phone?

Can a fingerprint alone provide “testimony” about a person?  Earlier this month, a federal court in California said yes.  But the court was not engaging in a highly-localized form of palm-reading; rather, the question arose in the ever-evolving field of how to balance law enforcement needs and individual citizens’ privacy interests as new technologies emerge.

The United States District Court for the Northern District of California has been a hotspot for privacy-related litigation,… More

Is the Right to be Forgotten National, European or Worldwide? The Advocate General Issues an Opinion in the Google Case

On January 10, 2019, Advocate General Szpunar issued his much awaited opinion in the Google case that was referred to the European Court of Justice by the French “Conseil d’Etat”, the highest administrative court of the country.  The Conseil d’Etat basically asked the European Court of Justice to follow-up on its Google Spain decision: is the right to be forgotten –… More

Minimizing Litigation Risk: What Cybersecurity Auditors Can Learn From Their Financial Statement Auditor Analogues

Data breaches – always critically important to those with responsibility for storing, transporting and protecting electronic information – have become an all-consuming topic of late. Stories about data theft dominate political headlines, boardroom discussions, and family meetings around the dinner table.  They, of course, have also been the subject of government investigations and private litigation.

The current environment is not unlike other moments in our recent past that seemed to have captured the attention of Wall Street,… More

Massachusetts Amends Its Data Breach Response Law

On January 10, 2019, Massachusetts Governor Charlie Baker signed a new law that amends its data breach reporting law, and requires credit reporting agencies such as Equifax to provide a free credit freeze to consumers.  The new law, “An Act Relative to Consumer Protection from Security Breaches,” also requires companies to offer up to three years of free credit monitoring to victims of a security breach,… More

Cybersecurity 2019 — The Year in Preview: Elections and Political Advertising

Editors’ Note:  This is the sixth in our third annual series examining important trends in data privacy and cybersecurity during the new year.  Our previous entries were on cryptocurrencyemerging threatsstate law trends, comparing the GDPR with COPPA, and energy and security.  Up next:  HIPAA.

Social media companies’ and search engines’ revenue models are based on creating valuable advertising platforms for marketers. … More

Basics for Sharing Direct Marketing Databases with Business Partners in the EU

Many companies share personal information they gather directly from individuals with “business partners” who use the information for their own direct marketing purposes. It is the case, for example, of companies that provide services on the internet free of charge but gather and sell the data related to their users to business partners. As the Washington Post recently learned, companies with this business model may find it challenging to comply with the European requirements,… More