On 1 November 2018, Hong Kong’s Securities and Futures Commission (“SFC”) issued a statement and circular that expanded its regulatory reach over virtual asset activities. Previously, the SFC’s position was that any activities related to virtual assets (e.g. cryptocurrencies, assetbacked tokens, virtual commodities, etc.) would only be subject to the Securities and Futures Ordinance (Cap. 571) if Continue Reading Hong Kong: Tightening the Reins on Cryptocurrency

A political agreement was reached between the European Parliament, the Council of the European Union (EU) and the European Commission on the EU Cybersecurity Act (Act) and announced on December 10, 2018. The pace of the adoption of the Act (with less than three months of discussions among the EU institutions) confirms that cybersecurity is high on the EU political agenda. Continue Reading The EU Cybersecurity Act is (Almost) There

Although the EU General Data Protection Regulation (the “GDPR”) entered into force on 25 May 2018, and the obligations under the GDPR have since taken effect, there remain significant uncertainties as regards enforcement. In particular, the application of the GDPR’s fining provisions – arguably the key concern for companies commercially – raises several issues, Continue Reading GDPR Fines – Lessons from Competition Law

On 13 November 2018, the Court of Justice of the European Union (CJEU) ruled that the taste of a food product could not be classified as a ”work” within the meaning of Directive 2001/29/EC and that national member state legislation could not be interpreted differently (Case C-310/17). While the CJEU did not deny the copyrightability of tastes in principle, it Continue Reading Court of Justice of the EU: No Copyright Protection for the Taste of Food – For Now

On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation Continue Reading Data Protection Authority Imposes First GDPR Non-Compliance Fine in Germany

On 7 November 2018, the data protection authority of the Free State of Bavaria, Germany, issued a press release that, now that the European General Data Protection Regulation (GDPR) has been in effect for six months, the authority will intensify its GDPR compliance monitoring. The Bavarian data protection authority is responsible for monitoring GDPR compliance in the state of Continue Reading Data Protection Authority of Bavaria, Germany, Intensifies GDPR Compliance Monitoring

In Germany, companies offering security-related services have to provide to the Federal Financial Supervisory Authority (Bundesanstalt für Finanzaufsicht, “BaFin”) information regarding the identity of staff responsible for, inter alia, providing investment advice (Section 87 of the German Securities Trading Act, “WpHG”). That personal data is kept in an internal BaFin database . Continue Reading German Financial Supervisory Authority May Refuse GDPR Requests for Erasure of Personal Data of Investment Advisors

On 11 October 2018, the Music Modernization Act (“MMA”) was signed into law. It effects a sweeping overhaul of the compulsory mechanical license mechanism set forth in 17 U.S.C. §115—among other significant changes. While many in the industry have been closely following the bill as it worked its way through the legislature, the following provides an overview of key terms regarding the mechanical licensing procedures under the new law that every Continue Reading The Music Modernization Act: What Licensee Services Need to Know About Its Implementation

On 5 September 2018, the German Data Protection Conference (Datenschutzkonferenz – “DSK) provided new guidance on the interpretation of Art. 13 of the General Data Protection Regulation (“GDPR”) in the context of medical treatment. The Data Protection Conference consists of all German data protection authorities meeting twice a year with the purpose of safeguarding data protection rights, providing guidance on Continue Reading Doctors Cannot Refuse Treatment Because Patient Refuses to Sign GDPR Information Documents

As automobiles are becoming part of the Internet of Things, “connected” technologies are increasingly deployed to enhance the safe operation of autonomous vehicles. These “intelligent” vehicles rely on an ecosystem of proprietary and third-party components to gather, analyze and react to data from both inside and outside the vehicle. In order to reduce costs, accelerate development and enhance the interoperability of connected technologies and applications, automakers Continue Reading Evaluating Open Source Software to Build a Connected Autonomous Vehicle