Category: Government Regulation, Legislation & Enforcement

1
You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach
2
Post-Brexit data protection – where are we now?
3
You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook
4
California’s answer to the GDPR – the California Consumer Privacy Act kicks in on 1 Jan 2020
5
Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology
6
The FBI understands if you pay ransom to cyber hackers, but isn’t too pleased about it
7
Hand Out of the Cookie Jar: CJEU Issues Long-Awaited Decision on Cookies
8
Brexit: Deal or No-Deal? Data is the Question
9
Technology mightier than the Sword: US Military’s Secret Cyber Strike stifles Iranian Forces
10
AI (Adverse Inferences): AI Lending Models may show unconscious bias, according to Report.

You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach

By Cameron Abbott, Max Evans and Florence Fermanis

Optus has been fined $504,000 by the Australian Communications and Media Authority (ACMA) for breaching spam laws, according to articles by the ABC and the SMH. The fine is the second largest in ACMA’s history to be awarded, being just $6,000 shy of the $510,000 fine which was slapped on Telstra in 2014 for missing service standards for urban landline connections.

Despite customers notifying Optus of their wish to opt-out or unsubscribe from such messages, an ACMA investigation found that customers still received the relevant messages, resulting in more than 2 million breaches to the Spam Act 2003 (Cth). Rather than a ‘one-off’ issue, it was found that Optus had systemic deficiencies with their compliance procedures and governance.

Read More

Post-Brexit data protection – where are we now?

By Cameron Abbott and Michelle Aggromito

After years of political squabble and delays, Brexit day finally arrived on 31 January 2020. But what does it mean when we talk about the UK’s withdrawal from the EU and how will data protection regulation and compliance change?

There will be little change during the transition (also known as “implementation”) period that is expected to end on 31 December 2020. During this period, EU law will continue to apply in the UK, including the EU General Data Protection Regulation (GDPR), after which the GDPR will be converted into UK law.

Read More

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

By Cameron Abbott, Max Evans and James Gray

A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.

Read More

California’s answer to the GDPR – the California Consumer Privacy Act kicks in on 1 Jan 2020

By Cameron Abbott ,Tan Xin Ya and John ReVeal

In just a short few weeks, a monumental change of privacy regulations will kick in for US businesses. On 1 January 2020, the California Consumer Privacy Act (CCPA) will come into effect, with a compliance deadline at the end of January 2020, and signifies a shift in tone in the privacy sphere for the US – with a move closer to global privacy norms, and away from the perspective that personal data is a company asset.

A series of data disasters such as Facebook’s Cambridge Analytica scandal and the massive Equifax breach left many Americans feeling powerless. Regulators stepped in after the fact to punish the companies, but at the time, there was little that U.S. consumers could do to prevent data breaches. Under the CCPA, Americans (well, Californians, mostly) move a step closer to general privacy protection. However, the Act only targets larger companies or those with prolific data use so there is still a long way to go to being general protection.

In October, the California Governor signed five bills to amend CCPA to provide some regulatory relief for businesses when the CCPA comes into effect. For a detailed analysis on the amendments, we refer you to Volume 2 of our colleagues’ Volume 2 of The Privacists available at the K&L Gates Hub.

Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology

By Cameron Abbott, Max Evans and James Gray

In his cautionary tale, 1984, author George Orwell spoke of a paradigm where the unregulated use of powerful technology, referred to as “telescreens”, manifested a society beholden to the ethics of the controller. This paradigm is perhaps more real than ever, according to an article by Reuters

By exploring the views of Cambridge Analytica whistle-blower Christopher Wylie, the article advises that the deep, multifaceted involvement of big tech companies in consumers’ lives, the ultimate dependence that arises from such involvement and the overwhelming vulnerability of such consumers renders tech companies “too big to fail”. Wylie argues that the vast imbalance of power and information in favour of these companies over users is resulting in a constant scrambling by regulators to control the rapid adoption of such technology forms.

Read More

The FBI understands if you pay ransom to cyber hackers, but isn’t too pleased about it

By Cameron Abbott and Karla Hodgson

While the FBI won’t be impressed if you pay ransomware demands in order to get your systems or data back after a cyber attack, its updated ransomware guidance contemplates that this might just be the outcome of an attack anyway.

Read More

Hand Out of the Cookie Jar: CJEU Issues Long-Awaited Decision on Cookies

By Cameron Abbott and Max Evans

Earlier this month, the Court of Justice of the European Union (CJEU) issued a long-awaited decision with respect to the requirements necessary for entities to satisfy in order to attain the valid consent of a user to the use of cookies to track and analyse his or her personal information.

Read More

Brexit: Deal or No-Deal? Data is the Question

By Cameron Abbott and Max Evans

With the Brexit deadline looming as 31 October 2019, and no finalised deal in place, the prospects of an inconclusive Brexit are growing. Therefore, there remains significant uncertainty as to the actions and preparations of entities who are subject to the unpredictable tides of this political sea. So how should such companies prepare in these circumstances of a foreseeable no-deal? Our colleagues have tackled this challenging question in Volume 1 of The Privacist available at the K&L Gates Hub.

Technology mightier than the Sword: US Military’s Secret Cyber Strike stifles Iranian Forces

By Cameron Abbott and Max Evans

Everyone knows the saying “the Pen is mightier than the sword”. The famous saying has been used for centuries to describe the ultimate power of words and communication over forms of violence. However, the rapid implementation and use of technology as a “combat” method doubts whether this saying is correct in a modern technological era, and begs the question as to whether technology is in fact mightier than the sword!

This dilemma is highlighted through the recent cyberstrike conducted by the United States. According to a Report by the Washington Post, in June of this year the Cyber Command of the US Military utilised a technology cyberstrike to target a significant Iranian database in the Persian Gulf. The relevant database was alleged to have been used by the IRGC, Iran’s elite paramilitary force, to damage oil takers and shipping traffic in the Persian Gulf. According to the Pentagon, the operation was in the works for weeks after Iran’s alleged attacks on two US tankers in the Gulf of Oman earlier in June, and following an attack by Iranian forces on an unmanned U.S. Surveillance drone hours earlier, the cyber-strike was immediately given the go-ahead.

Read More

AI (Adverse Inferences): AI Lending Models may show unconscious bias, according to Report.

By Cameron Abbott and Max Evans

We live in an era where the adoption and use of Artificial Intelligence (AI) is at the forefront of business advancement and social progression. Facial recognition technology software is used or is being piloted to be used across a variety of government sectors, whilst voice recognition assistants are becoming the norm both in personal and business contexts. However, as we have blogged previously on, the AI ‘bandwagon’ inherently comes with legitimate concerns.

This is no different in the banking world. The use of AI-based phishing detection applications has strengthened cybersecurity safeguards for financial institutions, whilst the use of “Robo-Advisers” and voice and language processors has facilitated efficiency by increasing the pace of transactions and reducing service times. However, this appears to sound too good to be true, as according to a Report by CIO Drive, algorithmic lending models may show an unconscious bias.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.