In a January 11, 2023 op-ed published in the Wall Street Journal, President Joe Biden urged “Democrats and Republicans to come together to pass strong bipartisan legislation to hold Big Tech accountable.”  He warned that the “risks Big Tech poses for ordinary Americans are clear. Big Tech companies collect huge amounts of data” about

On 16 November 2022, EU Regulation 2022/2065, better known as the Digital Services Act (“DSA”), came into force. The DSA is a key development in the use of online services in the European Union (“EU”), with an impact on online services as significant as the one which the General Data Protection Regulation (“GDPR”) had upon the collection, use, transfer, and storage of data originating in the EU on 25 May 2018.

Ambit

The DSA sets out rules and obligations for digital services providers that act as intermediaries in their role of connecting consumers with goods, services, and content.  

Its goal is to regulate and control the dissemination of illegal or harmful content online, provide more consumer protection in online marketplaces, and to introduce safeguards for internet users and users of digital services. It also introduces new obligations for major online platforms and search engines to prevent such platforms being abused.Continue Reading The EU Digital Services Act: Overview and Impact

Ransomware attacks have become one of the most common and pervasive cybercrimes perpetrated against U.S. companies. A bad actor, often from overseas, will gain access to upload malware onto a company’s network storage or application platforms that encrypts all files it can access. A message or text file is usually left with instructions on how to contact the attacker to pay a ransom for the decryption key. In the worst case, a ransomware attack can freeze the business operations by effectively removing access to the company’s critical systems and rendering them useless. Aside from the business impact, what legal implications are created by a ransomware attack?

Privacy

The greatest legal concern is one of privacy. By definition, ransomware attacks gain access to the internal systems maintained or owned by a business. However, not all ransomware attacks are created equal and privacy obligations differ from one attack to another.Continue Reading Ransomware Attacks – Harmless Annoyances or Catastrophic Events?

On February 2, 2022, U.S. Rep. Bobby L. Rush introduced the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act, H.R. 6570 (the “Act”), legislation that would require OEMs to make vehicle-generated data more available to vehicle owners. The Act also would pave the way for the Federal Trade Commission (FTC) and National Highway

Earlier this month, the New York Attorney General’s Office issued findings of its investigation into a data security incident involving EyeMed Vision Care LLC (“EyeMed”) as well as the agreement that it entered into with the company in exchange for not pursuing further statutory charges.[1] The settlement included a fine of $600,000, a marked

Seyfarth Synopsis:  On May 12, 2021, President Joe Biden issued a very broad, 34 page “Executive Order on Improving the Nation’s Cybersecurity.” The Executive Order, or “EO”, can be found here. This order comes six months after the notorious SolarWinds attack, and mere weeks after other high-profile attacks have invaded our networks, and shut

There have been seminal events in the cybersecurity space since 2012, but there has likely been no event in recent times bigger than the SolarWinds attack which was first announced in December 2020. Though it likely had “nation-state” origins, the SolarWinds attack raised a number of serious issues for US companies and indeed the US

In September of this year, with SB 327, California stepped into the vanguard of information age law by passing a cybersecurity regulation on the Internet of Things. SB 327 has added new sections to Cal. Civil Code §1798. Specifically, §1798.91 et seq. While this seems to be a good thing, the larger question is what does it do, and how far does it reach?
Continue Reading California’s IoT Security Law – Everyone Needs Cybersecurity Now

Seyfarth Shaw Offers Data Privacy & Protection in the EU-U.S. Desktop Guide and On-Demand Webinar Series

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4%