Today, the European Commission published finalized versions of new Standard Contractual Clauses (SCCs). The Commission has published two sets of clauses: A set of SCCs to be used in controller-to-processor situations in conjunction with Art. 28 GDPR “data processor” terms applicable to such situations. A more general set of modular SCCs that can be used […]
Uncategorized
The Supreme Court Narrows The Scope of The Computer Fraud and Abuse Act
Today, the Supreme Court issued a long-awaited decision in Van Buren v. United States interpreting the meaning of “exceeds authorized access” under the Computer Fraud and Abuse Act (“CFAA”). The 6-3 majority, led by Justice Barrett and joined by Justices Breyer, Sotomayor, Kagan, Gorsuch, and Kavanaugh, rejected the Government’s broad definition of this phrase. While […]
U.S. Takes Unprecedented Action to Disrupt State-Sponsored Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
On April 13, 2021, a federal district court granted a motion to partially unseal an FBI application and search warrant following the successful conclusion of an FBI operation to eradicate malicious web shells placed on U.S.-based computers by Chinese state-sponsored actors. The FBI’s use of credentialed, remote access techniques to access, copy, and remove malware […]
Virginia Becomes First State with Comprehensive Privacy Law after CCPA
Yesterday, Virginia became the second state after California to pass a comprehensive privacy law when Governor Ralph Northam signed the Consumer Data Protection Act (CDPA). The CDPA contains many elements found in the California Consumer Privacy Act (CCPA) and other proposed privacy frameworks, as well as a number of new requirements for businesses. Please see […]
The EDPB-EDPS Joint Opinion on Data Processing Standard Contractual Clauses: Key Takeaways
When a controller engages a processor, the GDPR requires that the parties enter into a specific contract that contains certain mandatory provisions. This contract is often referred to as a ‘data processing agreement’ or ‘DPA’. To facilitate compliance with this requirement, the GDPR has provided the European Commission with the power to issue standard contractual […]