On March 13, 2024, the European Parliament adopted the Artificial Intelligence Act (AI Act). It is considered to be the world’s first comprehensive horizontal legal framework for AI. It provides for EU-wide rules on data...more
3/15/2024
/ Artificial Intelligence ,
EU ,
European Commission ,
European Parliament ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Member State ,
New Legislation ,
OECD ,
Risk Assessment ,
Technology Sector
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy...more
7/12/2023
/ Adequacy Requirement ,
Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Iceland ,
International Data Transfers ,
Liechtenstein ,
Member State ,
Norway ,
Personal Data ,
U.S. Commerce Department
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
5/31/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Corporate Fines ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Law Enforcement ,
New Guidance ,
Personal Data ,
Right to Privacy
On March 18th, 2022, Sri Lanka enacted the Personal Data Protection Act, No. 9 of 2022 (the “Act” or “PDPA”) thereby becoming the first South Asian country to enact comprehensive data protection legislation. The law is...more
French regulators have held that the use of Google Analytics violates the GDPR, a decision that likely has broad implications for web analytics companies and website operators.
On February 10, 2022, the French Data...more
2/16/2022
/ Analytics ,
CNIL ,
Corporate Counsel ,
Data Protection Authority ,
Facebook ,
FISA ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II
Businesses that transfer personal data to and from the United Kingdom will soon have clarity regarding transfers from the UK to recipients outside the EU/EEA.
On February 2, 2022, the United Kingdom Secretary of State...more
Last week, the Belgian Data Protection Authority ruled that the IAB’s cookie consent framework violated the GDPR. This decision has tremendous potential implications on the ad tech industry, as both publishers and advertisers...more
2/8/2022
/ Adtech ,
Advertising ,
Belgium ,
Consent ,
Cookies ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Publishers
On June 7, 2021, the Colorado House of Representatives passed the Colorado Privacy Act (CPA), a comprehensive privacy law similar to the California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA), as well...more
6/9/2021
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
On June 4th, 2021, the European Commission adopted and published a new set of so-called standard contractual clauses (“SCCs”) providing a legal basis for international transfers of personal data from the EU/EEA to third...more
6/7/2021
/ EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The long wait to see if any state would join California in passing a comprehensive privacy law is finally coming to an end, as the Virginia Senate passed the Virginia Consumer Data Protection Act (CDPA) on February 3. An...more
In the wake of COVID-19, businesses have a host of health regulations and recommendations to consider before they resume in-person activity. Some employers plan to screen for symptoms, including regular thermal testing (or...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems).
In its decision, the Court (1) struck down the Privacy Shield program that...more
As state legislatures begin their 2020 sessions, proposals for stronger privacy laws are at the top of the agenda across the country. Carrying forward the story we told in reports in February, April, and July of last year,...more
2/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State Data Privacy Laws
The automobile industry has been racing full speed ahead in recent years on its quest for increased connectivity and automation, but it may soon find itself swept up in the wave of privacy and data security laws and...more
1/3/2020
/ Automotive Industry ,
California Consumer Privacy Act (CCPA) ,
Connected Cars ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Manufacturers ,
Personal Information ,
Popular ,
Risk Management