The EU’s General Data Protection Regulation went into effect with great fanfare in May 2018, along with great trepidation about the potential fines regulators might impose for violation of the regulation’s requirements. In the following months, regulators imposed relatively few fines, for relatively modest amounts. However, just in the last several days, the U.K. privacy regulator has announced the potential imposition of two massive GDPR fines, underscoring the regulation’s potential huge impact. The newly announced fines, involving British Airways and Marriott International, have a number of serious implications for other companies, for the future of GDPR enforcement, and for the significance of privacy issues generally as an area of corporate risk.
Continue Reading Massive GDPR Fines Have Serious Implications for Corporate Risk

As I have noted in prior posts, there has been in recent years a slowly developing E.U. initiative for the introduction of a rights of collective redress on a Union-wide basis. As discussed here, in April 2018, the European Commission introduced a proposal – as part of what it called a “New Deal for Consumers” – that would introduce a European collective redress right for consumers. More recently, on March 26, 2019, the EU Parliament, in plenary session, adopted the Commission’s proposal. The next step is that the Council of Europe will now take up the proposal, moving the E.U. one step closer toward the adoption of a pan-European collective redress mechanism for consumers that would be available in all of the member states.  The March 26, 2019 application on which the EU Parliament acted can be found here.
Continue Reading Proposal for E.U. Collective Redress Mechanism Advances

Frank Hülsberg
Burkhard Fassbach

In the following guest post, Frank Hülsberg, a Partner for Governance, Risk, Compliance & Technology at Warth & Klein Grant Thornton AG in Düsseldorf, and Burkhard Fassbach, a D&O-lawyer in private practice in Germany, take a look at the EU’s new Whistleblower Directive. I would like to thank Frank and Burkhard for allowing me to publish their article. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Frank and Burkhard’s article.
Continue Reading Guest Post: The European Union Whistleblower Directive: Overdue Protective Shield

Bill Boeck

As most readers undoubtedly are aware, the EU’s General Data Protection Regulation went into effect on May 25, 2018. Even though the regulation has only been in effect for a few months, regulators across Europe have already starting levying fines under the regulation’s provisions. In the following guest post, Bill Boeck takes a look at the fines that have been imposed so far and considers their implications. Bill is currently Senior Vice President and Insurance and Claims Counsel with the Lockton Companies.  He is Lockton’s global leader for cyber claims and for the development of proprietary cyber wordings and endorsements.  Bill also leads Lockton’s US financial lines claims practice. A version of this article previously was published on the Lockton Cyber Risk Update Blog. I would like to thank Bill for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Bill’s article.
Continue Reading Guest Post: What Can the First GDPR Fines Tell Us?

If the uncertainty creates risk, then the current state of play on the United Kingdom’s efforts to withdraw from the European Union represents risk in a highly concentrated form. On November 25, 2018, the 27 EU members approved the divorce pact that the U.K. negotiated with its EU counterparts, but the pact must now face a Parliamentary vote, on December 11, 2018. In the meantime, the March 29, 2019 withdrawal date looms. These upcoming events present uncertainties at both the economic and enterprise levels. The uncertainties in turn create challenges for potentially affected companies, including among other things the challenge of communicating about these issues to investors. As discussed below, SEC Chair Jay Clayton recently emphasized that the agency is “sharpening its focus” on Brexit-related disclosures, highlighting the significance of the disclosure-related concerns.
Continue Reading Brexit Uncertainty, Disclosure Concerns, and Potential Liability

When the European Union’s updated General Data Protection Regulation (GDPR) went into effect on May 25, 2018, media reports focused on the potentially massive fines that the regulation authorizes – the regulation authorizes fines of up to €20 million or 4 percent of a company’s annual worldwide revenue, whichever is higher, for noncompliance with the regulation’s strict data collection and use requirements. The possibility of regulatory fines of this magnitude immediately raised the question of whether or not insurance is available to protect companies against the huge financial exposure. The answer to this question, it turns out, is complicated.
Continue Reading Are GDPR Fines and Penalties Insurable?

One of the most interesting global legal developments has been the rise in recent years of collective redress mechanisms outside the United States, a phenomenon on which I have commented in the context of collective investor actions. The provision for collective or representative actions has expanded in a number of other contexts as well, including in particular in the consumer context. On April 11, 2018, the European Commission introduced a proposal – as part of what it called a “New Deal for Consumers” – that would introduce a European collective redress right for consumers. This proposed collective action mechanism is subject to a number of procedural protections. Nevertheless, the proposal, if adopted, would represent a significant advance in the development of collective redress mechanisms and rights in Europe. The European Commission’s April 11, 2018 press release about the proposal can be found here.
Continue Reading European Commission Proposes Consumer Collective Redress Mechanism

eu flagIn prior posts (for example, here), I have described the rise of collective investor actions outside of the U.S. as one of the most important current developments in the world of directors and officers liability. The rise of these collective investor suits is not happening in a vacuum; the growth in the number and size of these kinds of lawsuits is part of a larger upsurge in collective actions generally. According to a recent Report, collective redress actions represent a “growing business” in Europe, and the “volume and value of the cases being filed is on a steep upward curve.”

The Report, a detailed and interesting March 2017 publication by the U.S. Chamber of Commerce Institute of Legal Reform entitled “The Growth of Collective Redress in the EU: A Survey of Developments in 10 Member States” (here) takes an anxious and uneasy look at the changes in the collective action environment in Europe, and proposes several recommendations as ways for countries to avoid abuses that the report contends have arisen elsewhere.  The Institute’s March 21, 2017 press release about the report can be found here.
Continue Reading The Steep Rise of Collective Actions in Europe

brexitThe historic June 23, 2016 vote by a majority of voters for the United Kingdom to leave the European Union has dominated the headlines and roiled financial markets around the world – and for good reason. The U.K.’s withdrawal from the E.U. will have an enormous impact on the U.K itself, on the E.U., and on the rest of the world. Many of the consequences of Brexit will only become apparent as the long process that is about to commence unfolds over the course of the next few years. But while all of the consequences of Brexit will only become fully apparent over time, many of the likely effects can be predicted or at least anticipated now.

Among other things, because the financial services sector is among the industrial segments to which E.U. regulations have most extensively been applied, the financial services sector is among the segments that will be most significantly affected. In the following post, I review some of the ways that Brexit will impact the insurance industry, and discuss the implications for the industry, as well.
Continue Reading What Does the Brexit Vote Mean for the Insurance Industry?