November 2018

The Department of Defense (DoD) recently issued final guidance for requiring activities to assess contractors’ System Security Plans (SSPs) and their implementation of the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.  A draft of this guidance was made available for public comment in April 2018.  As noted in

Under the Data Protection Directive (now superseded by the General Data Protection Regulation, “GDPR”), it was disputed whether a violation of the German Data Protection Law transposing the Directive could serve as a basis for anti-competition claims under the German Act Against Unfair Competition (“Gesetz gegen den unlauteren Wettbewerb”, “UWG”).  Since the entry into force

On November 23, 2018, the European Data Protection Board (“EDPB”) issued draft Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (“Guidelines”). As per standard procedure, the EDPB has published this first version of the Guidelines to allow for public consultation about its contents over the next several months. At the conclusion of

The European Commission (the “Commission”) has launched an Open Public Consultation for building trust in Connected and Automated Mobility (the “CAM Consultation”) on the main challenges linked to the deployment of connected and automated mobility services in Europe and how trust should be built in such services. This CAM Consultation, which largely takes the form

In early November, the Dutch Supervisory Authority released an injunction imposed against the public insurance body Uitvoeringsinstituut Werkgeversverzekering (“UWV”) last July.

The UWV allows employers to submit data about their employees for social security purposes.  The data includes dates of employee absences due to general illness (and when an employee is pregnant or gave birth,

Last week, the National Telecommunications and Information Administration (“NTIA”) released submissions it had received from the Federal Trade Commission (“FTC”) staff and many other parties on NTIA’s proposed framework for advancing consumer privacy while protecting innovation.  Although NTIA did not request comments on a possible federal privacy bill, most submissions took the opportunity to inform

As more companies recognize the value of enhanced sustainability reporting and publicize the positive environmental features of their products and services, they should also be attentive to greater public scrutiny of “green” claims.  Companies that engage in greenwashing – asserting exaggerated, misstated, or immaterial environmental claims – are increasingly exposed to reputational damage and legal

When does a private party need to file a qui tam action under the False Claims Act (“FCA”)?  Such a seemingly simple question has resulted in three different answers from six different courts.  This past Friday, November 16, 2018, the Supreme Court announced it would resolve that circuit split — by granting a request to

On November 9, 2018, the French Supervisory Authority for Data Protection (known as the “CNIL”) announced that it issued a formal warning (available here) ordering the company Vectaury to change its consent experience for customers and purge all data collected on the basis of invalid consent previously obtained.

Vectaury is an advertising network