News Items Topics Internet Law Update

Europe Introduces Legislation for Security of Digital Products

The European Union has enacted the Cyber Resilience Act (Regulation (EU) 2024/2847), establishing comprehensive cybersecurity requirements for products with digital elements, including those utilizing artificial intelligence (AI).

The Cyber Resilience Act applies to all products with digital components, whether hardware or software and requires adherence to uniform cybersecurity standards. For example, manufacturers are obligated to design and develop products that ...

Internet Access Provider Liable for Subscribers Piracy Activities

In an appeal by the Texan internet service provider (ISP) Grande Communication Networks LLC (“Grande”), a U.S. federal court of appeals upheld the lower court's decision finding the ISP liable for copyright infringements and pirating practices committed by its subscribers. However, the court of appeals dismissed the nearly $47 million dollar jury verdict of the lower court.

In the lower ...

U.S. Federal Court Decision Highlights Duty of Care in Software Security

A recent U.S. federal district court decision in California has underscored the duty of care software developers owe to individuals whose data is exposed in cyberattacks, even if they are not direct software users. The case involved Accellion, whose legacy file transfer software (FTA) was breached twice between late 2020 and early 2021. The breach led to the disclosure of ...

U.S. Securities Commission Imposes Fines for Improper Disclosures of Data Security Risk

The U.S. Securities and Exchange Commission (SEC) charged four companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. The companies have settled the SEC’s charges, paying a total of $7 million in civil penalties.

The companies, Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited, were victims of breaches resulting from the SolarWinds Cyber-attack ...

Israeli Privacy Protection Authority Issues Guidelines on Data Transfers

The Israeli Privacy Protection Authority (the “PPA”) published the final version of its position paper regarding international transfers of personal information. Like the draft paper in 2022, the final version recognizes the significant practical difficulties that regulations on international data transfers raise, given Regulation 3 of the Privacy Protection Regulations (Transfer of Information to Databases Outside the State’s Boards), 5761-2001 ...

Two new instructive documents published by the European Data Protection Board (EDPB) clarify the responsibilities of controllers in verifying processers’ ability to provide adequate data protectio

Two new instructive documents published by the European Data Protection Board (EDPB) clarify the responsibilities of controllers in verifying processers’ ability to provide adequate data protection, and when “legitimate interests” can be relied on as the legal basis for processing.

According to the EDPB's opinion on the controller's oversight responsibilities, controllers must actively verify sufficient compliance by processors and sub-processors, ...

GDPR Guidance on a Controller's Oversight Responsibilities and Legitimate Interests

Two new instructive documents published by the European Data Protection Board (EDPB) clarify the responsibilities of controllers in verifying processers’ ability to provide adequate data protection, and when “legitimate interests” can be relied on as the legal basis for processing.

According to the EDPB's opinion on the controller's oversight responsibilities, controllers must actively verify sufficient compliance by processors and sub-processors, ...

FTC Issues "Click-to-Cancel" Rule for Simpler Cancellation of Subscriptions

The U.S. Federal Trade Commission (FTC) announced the adoption of a “click-to-cancel” rule that will require subscription sellers and service providers to make it “as easy for consumers to cancel their enrollment as it was to sign up”. The rule is set to take effect in April 2025.

The rule targets what are called “Negative option programs”, where a seller ...

More News Items