News Items Topics

Israeli Parliament Approves Landmark Biometric Database law

The Knesset (the Israeli Parliament), recently completed the enactment of the controversial biometric database law. The law, originally enacted in 2009, establishes a national database containing biometric data of all Israeli citizens. Its declared purpose is combating large-scale loss and theft of government-issued ID cards and passports used by criminals and terrorists. The original law established an initial pilot period ...

EU Regulators Issue First GDPR Guidance

The panel of European national privacy regulators, known as the ‘Article 29 Working Party’, has issued its first set of substantive guidance addressing issues under the EU General Data Protection Regulation (GDPR). The GDPR, scheduled to enter into force in May 2018, constitutes a sweeping reform in the areas of data protection and data privacy. The GDPR applies not only ...

UK Privacy Regulator Publishes Draft Guidelines on 'consent' under the GDPR

The UK Information Commissioner (the British privacy regulator) has published a draft of proposed guidance on the notion of ‘consent’ under the General Data Protection Regulation (GDPR), set to take effect in May 2018. The draft guidance emphasizes that the GDPR establishes an elevated standard for consent. It requires offering individuals genuine choice and control over the collection and processing ...

US FDA Issues Guidance on Postmarket Management of Cybersecurity in Medical Devices

The US Food and Drug Administration (FDA) has published guidance informing of the FDA’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices. The guidance emphasizes that manufacturers of medical devices should monitor, identify, and address cybersecurity vulnerabilities and exploits as part of their postmarket management. It urges manufacturers to implement comprehensive cybersecurity risk management programs and ...

Ninth Circuit Refines the Meaning of “Without Authorization” under the Computer Fraud and Abuse Act

The United States Court of Appeals for the Ninth Circuit has recently tweaked two of its decisions from this past summer which held that access to another person’s online account, even with their permission, may in certain cases give rise to liability under the U.S. federal Computer Fraud and Abuse Act (CFAA).

The first case, United States v. Nosal, revolved ...

New York Updates Proposed Cybersecurity Regulation for Financial Institutions

Following more than 150 public comments to the original proposal for cybersecurity regulation for financial institutions, the New York State Department of Financial Services (NYDFS) has updated its proposed regulation, with what is generally speaking a more lenient approach for covered entities.
 
The updated regulation adopts a risk-based approach that gives covered entities greater flexibility in determining the cybersecurity ...

CJEU Restricts Retention of Communication Meta-Data by Telecom Providers

The Court of Justice of the European Union (CJEU) has held that EU law prohibits a general and indiscriminate retention of telecommunication meta-data. The court nevertheless held that EU states can require that telecom providers engage in targeted and limited retention of meta-data solely for the purpose of facilitating the fight against serious crime. 
 
The CJEU’s judgment was based ...

Hot Topics in Israeli Privacy and Data Protection Environment

Haim Ravia contributed this Israeli chapter in Data Protection & Privacy Laws Annual Review 2016, a publication by Financier Worldwide that covers 17 jurisdictions around the world.

Haim’s commentary discusses how companies in Israel handle, and ought to handle, data protection in the digital age, outlines recent regulatory data protection developments in Israel affecting companies and reviews enforcement activities taken by ...

More News Items