Privacy & Information Security Law Blog

On April 29, 2021, China issued a second version of the draft Personal Information Protection Law (“Draft PIPL”). The Draft PIPL will be open for public comments until May 28, 2021.

While the framework of this version of the Draft PIPL is the same as the prior version issued on October 21, 2020, below we summarize the material changes in the second version of the Draft PIPL.

On April 29, 2021, China issued a second draft version of the Data Security Law (“Draft DSL”). The Draft DSL will be open for public comments until May 28, 2021.

While the framework of this version of the Draft DSL is the same as the prior version issued on July 3, 2020, below we summarize the material changes in the second version of the Draft DSL.

On April 23, 2021, the National Information Security Standardization Technical Committee of China published a draft standard (in Chinese) on Security Requirements of Facial Recognition Data (the “Standard”). The Standard, which is non-mandatory, details requirements for collecting, processing, sharing and transferring data used for facial recognition.

On April 27, 2021, the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados, the “CNPD”) ordered the National Institute of Statistics (the “INE”) to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.

On April 23, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft guidelines on virtual voice assistants (the “Guidelines”). The Guidelines were adopted on March 12, 2021 for public consultation.

As reported on the Hunton Retail Law Blog, on April 26, 2021, the U.S. Court of Appeals for the Second Circuit affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. McMorris v. Carlos Lopez & Assocs., LLC, No. 19-4310, 2021 WL 1603808 (2d Cir. Apr. 26, 2021). Notably, the district court that dismissed the action raised the issue of standing sua sponte in advance of a scheduled class settlement fairness hearing.

On April 22, 2021, the Belgian Constitutional Court annulled (in French) the framework set forth by the Law of 29 May 2016 (the “Law”) requiring telecommunications providers to retain electronic communications data in bulk.

Building upon its April 2020 business guidance on Artificial Intelligence and algorithms, on April 19, 2021, the FTC published new guidance focused on how businesses can promote truth, fairness and equity in their use of AI.

On April 21, 2021, the European Commission (the “Commission”) published its Proposal for a Regulation on a European approach for Artificial Intelligence (the “Artificial Intelligence Act”). The Proposal follows a public consultation on the Commission’s white paper on AI published in February 2020. The Commission simultaneously proposed a new Machinery Regulation, designed to ensure the safe integration of AI systems into machinery.

As reported on the Hunton Retail Law Blog, on April 22, 2021, the U.S. Supreme Court unanimously held in a highly-anticipated case, AMG Capital Management, LLC v. FTC, that the FTC cannot seek or obtain equitable monetary relief pursuant to §13(b) of the FTC Act.