Cyber Law Watch

Insight on how cyber risk is being mitigated and managed across the globe.

1
Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?
2
Australian Privacy Law Reform – The Wait is (Almost!) Over
3
Decision by German Higher Regional Court Koblenz: Consent for Publication of Interview not Revocable
4
Privacy Reform Bill Just Around the Corner
5
Japanese Government Published Checklist and Guidance Related to AI and Copyrights
6
Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited
7
Ransomware attacks – is there harm even when nothing is stolen?
8
Australian Privacy Reform Series Refresher: What Are These Reforms?
9
Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming
10
Artificial Intelligence and the Data Conundrum

Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?

By Dr. Thomas Nietsch and Andreas Müller

On July 24, 2024, the OLG Hamm ruled that claims for moral damages under Art. 82 GDPR are generally assignable (case number: 11 U 69/23).

Read More

Australian Privacy Law Reform – The Wait is (Almost!) Over

By: Cameron Abbott, Stephanie Mayhew, and Rob Pulham

The long-awaited privacy reform has finally been introduced into the Australian Parliament today with the introduction of the Privacy and Other Legislation Amendment Bill 2024. Described as ‘Tranche 1’ of the reforms, the Bill introduces significant uplifts to several aspects of Australia’s privacy laws.

Read More

Decision by German Higher Regional Court Koblenz: Consent for Publication of Interview not Revocable

By: Dr. Thomas Nietsch and Andreas Müller

On 31 July 2024 the Higher Regional Court of Koblenz (Oberlandesgericht Koblenz) has rejected an appeal to a verdict of the Regional Court of Koblenz (Landgericht Koblenz) for deletion of an interview published on YouTube, due to lacking a prospect of success (case number 4 U 238/23).

Read More

Privacy Reform Bill Just Around the Corner

By: Cameron Abbott, Rob Pulham, and Lauren Hrysomallis

There appears to be a further delay to the long-anticipated privacy law reform legislation, most recently expected to be unveiled this month. But even with this delay the wait won’t be long; we could see a draft bill introduced in as little as three weeks’ time.

Read More

Japanese Government Published Checklist and Guidance Related to AI and Copyrights

By: Aiko Yamada and Yuki Sako

On 31 July 2024, the Agency for Cultural Affairs, Government of Japan (the Agency) published “Checklist and Guidance related to AI and Copyrights” (the Checklist), suggesting some ideas to resolve unsettled issues related to “Do inputs to AI infringe copyrights?” (see our previous blog “Japanese Government Identified Issues Related to AI and Copyrights”) for AI developers as described below:

Read More

Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited

By: Cameron Abbott and Rob Pulham

In their recent article available here, Joseph Wylie, Kenn Brotman, and J. Morgan Dixon from our Chicago office discuss what changes to privacy law in Illinois will mean for company’s collecting or sharing individual’s biometric data.

Ransomware attacks – is there harm even when nothing is stolen?

In November 2020, accounting and consulting firm Nexia Australia (Nexia) was alerted to a “REvil” ransomware attack taking place within its system. The attackers threatened to post personal information of Nexia’s clients, customers and staff online unless it paid a $1m ransom within 72 hours.

It was reported that the hackers appeared to have posted Nexia’s confidential files onto the dark web; however, further investigation revealed that the hackers had merely posted screenshots of Nexia’s files. Realising this, Nexia dismissed the threat and refused to pay the ransom.

But it didn’t end there.

Shortly after the attack, a news service found the Nexia file screenshots on the dark web and publicised that the company’s confidential information had been stolen and shared. Not only did Nexia have to reassure panicking clients that their confidential information remained uncompromised, it had to convince the Australian Securities and Investments Commission, the Australian Federal Police and the Privacy Commissioner that nothing of concern had been taken.

It doesn’t help that ransomware-as-a-service is becoming an increasingly lucrative business for cybercriminals to launch this type of attack. All that is needed is off-the-shelf malware, a wallet of cryptocurrency and it’s ready to deploy against an unsuspecting organisation.

The attack on Nexia demonstrates that even if there is no evidence that confidential information has been leaked, organisations can still suffer significant damage. The cost of reassuring stakeholders and mitigating reputational harm can almost match the consequences of a full blown attack.

As Warren Buffet famously quoted, “It takes 20 years to build a reputation and 5 minutes to ruin it”.  While Nexia recovered valiantly, this serves as a lesson that even when unsuccessful, the public ramifications of a ransomware attack are not to be underestimated.

Australian Privacy Reform Series Refresher: What Are These Reforms?

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.

Read More

Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming

By Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis

A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.

Read More

Artificial Intelligence and the Data Conundrum

By Paul R. Haswell and Cameron Abbott

As much as artificial intelligence (AI) remains a hot topic to companies and individuals alike, there remains limited detailed regulation in place. The European Union published its Artificial Intelligence Act on 12 July 2024, but other jurisdictions have been slow or piecemeal in its regulation of AI.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.