The European Data Protection Board (EDPB) has issued a long-awaited opinion on the EU-US Data Privacy Framework.
Here are some key takeaways:
The scope of the exemptions to the adherence to the principles, including on the...more
Colorado Attorney General Phil Weiser has published revisions to the Colorado Privacy Act rules, as well as some additional questions for public feedback.
His questions include:
What are the pros and cons of using IP...more
If your website, app or game targets kids (or sort of targets kids) and you haven’t been taking your obligations under the Children’s Online Privacy Protection Act of 1998 seriously, then maybe this will be the wake-up call...more
The Federal Trade Commission has reached a settlement in the matter of CafePress.
Here are some things you should know:
Data minimization:
•Storing information indefinitely on your network without a business need creates...more
3/21/2022
/ CafePress ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cyber Incident Reporting ,
Data Breach ,
Employee Training ,
Encryption ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Information Systems Security Program (ISSP) ,
Mergers ,
Social Security Numbers ,
Third-Party ,
Transparency
A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe.
According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer...more
Even in the absence of a cross-border transfer of personal data from the European Union to a third country, if you are using a vendor that has a U.S. parent company, get ready to implement supplementary measures, says the...more
3/22/2021
/ Corporate Counsel ,
Cross-Border ,
Encryption ,
EU ,
International Data Transfers ,
Parent Corporation ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
Third-Party
In addition to the not-insignificant €2.25 million fine, CNIL's enforcement action against Carrefour France raises some universal points for companies handling data, both in the EU and in the U.S.
Big Picture...more
How does GDPR apply to the transfer of personal data from an EU entity to an international organization?
“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the...more
In a landmark decision in what is popularly known as the "Schrems II" case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that facilitated the transfers of personal data from...more
7/21/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
SCC ,
U.S. Commerce Department
The United Kingdom's Information Commissioners Office has issued guidance for employers on data protection issues related to the return to the workplace as part of the COVID-19 "new normal."
General Principles-
Legal...more
1.Yes, CCPA can apply to you even if you have no physical presence in California.
2.Yes, if you have done some GDPR compliance you are in better shape for CCPA.
3.No, your GDPR compliance work is NOT sufficient for CCPA...more
Alastair Mactaggart, the proponent of the "CCPA 2.0" ballot initiative in California, has submitted to the Office of the Attorney General a revised version of the proposed "California Privacy Rights Act" (CPRA) that he hopes...more
12/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws
Data minimization is coming to the United States.
The Federal Trade Commission cited failure to delete information which is no longer needed as a failure to implement reasonable protection....more
The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).
Key changes:
(1) GDPR can apply extraterritorially to some...more
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
11/14/2019
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA...more
The Federal Trade Commission and New York Attorney General have entered into landmark settlement with Google and YouTube for alleged violations of the Children’s Online Privacy Protection Act (COPPA) Rule....more
The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are...more
GDPR Data minimization in action. Danish Data Protection Authority (Datatilsynet) finds cab company Taxa 4×35’s records retention practices in violation of the GDPR data minimization principle.
The cab company removed names...more
Since May 25, 2018, 206,326(!) GDPR cases have been reported by Supervisory Authorities (SAs) from 31 European Economic Area (EEA) countries.
Of those, 94,622 were initiated by individual complaints and 64,684 due to data...more
New Jersey follows in California’s footsteps with legislative initiatives on privacy.
The main proposed law (bill A-4902), will require commercial websites and online service operators to give customers:
A description of...more