October 2018

On October 4, the U.S. Department of Transportation published Preparing for the Future of Transportation: Automated Vehicles 3.0 (“AV 3.0”), a policy vision statement that embraces automation as a critical tool to improve motor vehicle safety. AV 3.0 identifies several avenues to remove regulatory barriers to Autonomous Driving Systems (“ADS”), including potential changes to rules

In exchange for a stay of the proceedings in both United States v. California and American Cable Association v. Becerra, California has agreed not to enforce its new net neutrality law, SB 822, pending the resolution of Mozilla Corp. v. FCC, the lawsuit challenging the FCC’s Restoring Internet Freedom Order (“Order”).  The Order had repealed

In 1998, China announced its “go out” or “go global” policy aimed at encouraging its enterprises to invest overseas. In 2013 this policy was reinforced with China’s introduction of its One Belt, One Road (OBOR) or “Belt & Road” initiative, which seeks to enhance development and trade routes in the region, connecting China with other

On July 17, 2018, the Portuguese Supervisory Authority (“CNPD”) imposed a fine of 400.000 € on a hospital for infringement of the European Union General Data Protection Regulation (“GDPR”).  The decision has not been made public.  Earlier this week, the hospital publicly announced that it will contest the fine.

According to press reports, the CNPD

The Federal Energy Regulatory Commission (“FERC”) released a final rule approving three new Critical Infrastructure Protection (“CIP”) standards which address supply chain risk management for bulk electric systems (“BES”) operations.  The new standards were developed by the North American Electric Reliability Corporation (“NERC”) in response to FERC Order No. 829, which directed NERC to

On October 18, 2018, the Dutch Supervisory Authority for data protection adopted guidance on the second Payment Service Directive (“PSD2”).  The PSD2 intends to open the financial services market to a larger scale of innovative online services.  To that effect, the PSD2 sets out rules for obtaining access to the financial information of bank customers. 

On September 5, 2018, a first instance Administrative Court in Italy decided that a public company cannot reject an application for the position of data protection officer (“DPO”) on the basis that the applicant is not a certified ISO 27001 Auditor / Lead Auditor (decision available here).

ISO 27001 is an international information security