Blog - Page 8 of 73 - Avvocato Federica Romanelli

CNIL publishes guidance on data transfer to third parties for electronic prospecting

Posted on February 12, 2019February 12, 2019 by Federica Romanelli

On December 28, 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published several principles to help companies comply with the General Data Protection Regulation (GDPR) while transferring personal data to their commercial partners for electronic prospecting. Particularly, the CNIL highlights how: the data subject must give consent before the data is transmitted to third parties; the data subject must be able to know who the Read more [...]

Ninth Circuit holds that websites and mobile apps of public accommodations must be ADA complaint

Posted on February 7, 2019February 11, 2019 by Federica Romanelli

On January 15, 2019, the United States Court of Appeals for the Ninth Circuit held that websites and mobile applications (app) of places of public accommodation must be fully accessible to persons with disabilities. By way of background, Plaintiff – a blind man – alleged that Defendant Domino’s Pizza, LLC, (Domino’s) failed to design, construct, maintain, and operate its website and app to be fully accessible to him, in violations of the Americans with Disabilities Act, Read more [...]

EU Commission adopts adequacy decision on Japan

Posted on January 25, 2019January 30, 2019 by Federica Romanelli

On 23 January 2019, the EU Commission adopted its adequacy decision on Japan, allowing personal data to flow freely between Europe and Japan. The adequacy decision started to apply as of January 23. The same will happen on the Japanese side. The adequacy decision includes: a set of Supplementary Rules to strengthen the protection of sensitive data, the exercise of individual rights and the conditions under which EU data can be further transferred from Japan to another third country. Read more [...]

After Alabama passed its data breach law, there is no American jurisdiction without a data breach statute

Posted on January 25, 2019January 30, 2019 by Federica Romanelli

On March 28, 2018, Alabama was the last State, after South Dakota, to have adopted a data breach notification statute. The Alabama Data Breach Notification Act of 2018 (S.B. 318) went into effect on June 1, 2018. According to the Alabama Statute, any “covered entity” and “third-party agent” must comply. Written notification must be made to all affected individuals unless it is determined that the breach of security “is not reasonably likely to cause substantial harm” to the individuals Read more [...]

NY A.G. settled with five companies whose mobile apps were not secure

Posted on January 16, 2019February 14, 2019 by Federica Romanelli

On December 14, 2018, New York Attorney General Barbara D. Underwood announced settlements with Western Union Financial Services, Inc., Priceline.com, LLC, Equifax Consumer Services, LLC, Spark Networks, Inc., and Credit Sesame, Inc., “for having mobile apps that failed to keep sensitive user information secure when transmitted over the Internet.” No fraud had happened with those apps but they all suffered from a well-known security vulnerability that could have allowed third parties to access Read more [...]