My Content
Insights

GDPR Guidance on a Controller's Oversight Responsibilities and Legitimate Interests

Two new instructive documents published by the European Data Protection Board (EDPB) clarify the responsibilities of controllers in verifying processers’ ability to provide adequate data protection, and when “legitimate interests” can be relied on as the legal basis for processing.

According to the EDPB's opinion on the controller's oversight responsibilities, controllers must actively verify sufficient compliance by processors and sub-processors, ...

Israeli Privacy Protection Authority Issues Guidelines on Data Transfers

The Israeli Privacy Protection Authority (the “PPA”) published the final version of its position paper regarding international transfers of personal information. Like the draft paper in 2022, the final version recognizes the significant practical difficulties that regulations on international data transfers raise, given Regulation 3 of the Privacy Protection Regulations (Transfer of Information to Databases Outside the State’s Boards), 5761-2001 ...

U.S. Federal Court rules eBay not liable for harmful products sold on its platform

A federal court in New York found that the online e-commerce giant eBay bears no liability for products sold on its platform by merchants when these products are banned by federal laws. The decision was handed down in the Justice Department’s lawsuit against eBay, which alleged that eBay has been allowing businesses to use its platform to sell banned engine ...

Internet Access Provider Liable for Subscribers Piracy Activities

In an appeal by the Texan internet service provider (ISP) Grande Communication Networks LLC (“Grande”), a U.S. federal court of appeals upheld the lower court's decision finding the ISP liable for copyright infringements and pirating practices committed by its subscribers. However, the court of appeals dismissed the nearly $47 million dollar jury verdict of the lower court.

In the lower ...

U.S. Securities Commission Imposes Fines for Improper Disclosures of Data Security Risk

The U.S. Securities and Exchange Commission (SEC) charged four companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. The companies have settled the SEC’s charges, paying a total of $7 million in civil penalties.

The companies, Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited, were victims of breaches resulting from the SolarWinds Cyber-attack ...

FTC Issues "Click-to-Cancel" Rule for Simpler Cancellation of Subscriptions

The U.S. Federal Trade Commission (FTC) announced the adoption of a “click-to-cancel” rule that will require subscription sellers and service providers to make it “as easy for consumers to cancel their enrollment as it was to sign up”. The rule is set to take effect in April 2025.

The rule targets what are called “Negative option programs”, where a seller ...

More of My Content
Insights