Privacy & Data Security

On January 18, 2023, the European Data Protection Board (“EDPB”) published a report on the outcome of its investigation into the use of cloud-based services by the public sector.

The EDPB prepared the report as part of its first coordinated enforcement action under the Coordinated Enforcement Framework (“Framework”), a key part of the EDPB’s

On January 18, 2023, the European Data Protection Board (“EDPB”) published a report setting out the common positions of the EDPB and EEA member state supervisory authorities (“SAs”) with respect to interpreting the EU rules applying to cookies. SAs will take these common positions into account when handling cookie complaints.

The report was drafted by

On Episode 20 of Covington’s Inside Privacy Audiocast, Dan Cooper, Co-Chair of Covington’s Data Privacy and Cyber Security practice, and Christian Ahlborn, Partner in Covington’s Competition practice, discuss the recently enacted EU Digital Markets Act (DMA) in the first part of our “Competition and Privacy” mini series.For more information on the DMA, we

On January 12, 2023, the Belgian Constitutional Court decided that a provision of the Belgian data protection law is unconstitutional. 

The relevant provision prevented parties from challenging a decision of the Belgian Supervisory Authority if they were not a party to the proceedings before the Belgian Supervisory Authority that led to the decision.

The Constitutional

The Federal Energy Regulatory Commission (“FERC”) issued a final rule (Order No. 887) directing the North American Electric Reliability Corporation (“NERC”) to develop new or modified Reliability Standards that require internal network security monitoring (“INSM”) within Critical Infrastructure Protection (“CIP”) networked environments.  This Order may be of interest to entities that develop, implement,

On January 13, the FTC announced a settlement with WealthPress, an online service provider that recommends trades in financial markets.  The settlement resolved allegations that WealthPress violated both the Restore Online Shoppers’ Confidence Act (ROSCA) and Section 5 by making false and misleading claims about how much consumers could earn with the company’s trading recommendation

On January 19, 2023, the National Institute of Standards and Technology (“NIST”) published a Concept Paper setting out “Potential Significant Updates to the Cybersecurity Framework.”  Originally released in 2014, the NIST Cybersecurity Framework (“CSF” or “Framework”) is a framework designed to assist organizations with developing, aligning, and prioritizing “cybersecurity activities with [] business/mission requirements,

The new EU-wide cyber law, Directive 2022/2555 (NIS2), entered into force on Monday, January 16, 2023. NIS2 builds on the original NIS Directive but significantly expands the categories of organizations that fall within the scope of the law, imposes new and more granular security and incident reporting rules, and creates a stricter enforcement regime. Member

On January 12, 2023, the Court of Justice of the EU (“Court”) decided that the GDPR’s right of access gives a data subject the choice between asking a controller for (i) the identity of each data recipient to whom the controller will or has disclosed the data subject’s personal data or (ii) only the categories

In 2022, the European Union announced the creation of Digital Partnerships with three Asian countries: Japan, South Korea and Singapore. This is in line with the EU’s Digital Compass strategy which seeks to make the European Union the most connected continent by 2030. The European Commission is expanding its connections between Europe and the rest