Nice initiative from Reed Smith to help companies across everal states in the US to deal wit h the duty to notify a cyber breach.
US courts are becoming more European.
A plaintiff triggered a lawsuit in Florida against the company behind Pokemon Go (Niantic Inc.) since its T&Cs were “illusory, deceptive, unfair, and/or unconscionable”.
Such privisions gave Niantic the right to unilatrally modify the agreement, to edit or delete one users’s data and similar nice stuff.
Well, the court denied protection to the plaintiff, because:
- he had not yet suffered a damage (good work on the prevention of it, anyway)
- the applicable law was the one from California, which could not be unapplied in Florida.
Audio and .ppt
Webinar from DLA Piper on the EU GDPR.
Nice overview from DLA Piper on teh EU GDPR, entialing background, key changes and actions totake. Each subject has sub-categories focused on different topics.
The recent case of Fcebook shaking up data from Whatsapp is a clear example of a breach following a violation of the EUMR(Merger Revulation), tackling the 1% of the joint turnover of bot companies.
What happened, is that Facebook declared it had no mean to link personal data, while Whatsapp updated Terms introduced this feature. The Commission found that such technology was already available in 2014 and Facebook was aware of it.
They exploit freelancers/partners and we turned a blind eye on it.
They used the greyball project, and we turned a blind eye on it.
They deployed the “Hell” project, and we turned a blind eye on it.
Their CEO offended drivers and was recorded in camera and we turned ablind eye on it.
They have been condamned for theft of trade secrets and we turned a blind eye on it.
They have been criticised for their culture, fostering secual harassment and unfair rewards.
They unplugged all cables and downed electricity in their offices when authorities raided them and we turned a blind eye on it.
Now it’s the time of firing legal counsels who criticise the data retention policy and the time of three further in-house legals who left the ocmpany after the management tweaked some privacy settings without the due approval of the company.
What’s next, now?
Germany is reaching the standards of the EU GDPR quite soon. The topics being ruled are:
– Processing of employee’s data
– automated decision thinking
– Rating agencie and scoring
– Data subject rights
– Data protection officer
The full guidance has to be reported yet, but we can already glance at some principles of the GDPR EU and leaborate on its impact on UK Law:
- The standard required from the consent is way higher;
- The consents must also be well informed, unambiguous and communicated through an affirmative action, thus forget about pre-compiled fields and boxes;
- The consent must also be “granular”, i.e. split according to each different purpose and separate from the T&Cs;