As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
9/30/2021
/ Data Controller ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On September 22, the California Privacy Protection Agency (CPPA) issued an invitation for public comments as part of its first “preliminary” rulemaking activities. Established by the California Privacy Rights Act (CPRA)...more
The California Office of the Attorney General has published a list of recent CCPA enforcement examples on its website. Each example summarizes the AG’s allegation of noncompliance and the steps that the companies took to...more
The Colorado Legislature recently passed the Colorado Privacy Act (“ColoPA”), joining Virginia and California as states with comprehensive privacy legislation. Colorado Governor Jared Polis signed the bill (SB 21-190) into...more
Last year’s voter guide to California Proposition 24, the California Privacy Rights Act (CPRA), included a stark argument against enacting the privacy ballot initiative because it did not go far enough to protect employee...more
6/21/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Hiring & Firing ,
Job Applicants ,
Personal Information ,
Popular
The Colorado Legislature recently passed the Colorado Privacy Act (“ColoPA”), joining Virginia and California as states with comprehensive privacy legislation. Assuming Colorado Governor Jared Polis signs the bill (SB 21-190)...more
Just a few months after California officials announced the nominations of the inaugural Board members of the California Privacy Protection Agency (“CalPPA”), the CalPPA released the agenda for its first board meeting on June...more
The California Privacy Rights Act (CPRA), effective January 1, 2023, adds “contractors” to the list of entities that a business may entrust with customer data. So what is a “contractor?” And how are “contractors” different...more
As we move deeper into the second year of CCPA litigation, the substantive issues continue to develop and we remain focused on the patterns and implications of recent filings and rulings. In this post, we highlight notable...more
California officials today announced their nominees to be the five inaugural members of the California Privacy Protection Agency (“CPPA”) Board. Created by the California Privacy Rights Act (“CPRA”), the CPPA will become a...more
On March 2, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state to enact comprehensive privacy legislation.
With the VCDPA on the books, companies have...more
In the absence of comprehensive federal privacy law, states are following California’s lead and proposing their own privacy bills. This blog post provides an overview of three state bills that we are tracking closely in this...more
It has been a full year since the California Consumer Privacy Act (“CCPA”) took effect at the top of 2020. In the cases filed in the second half of the year, the complaints more frequently assert a violation of the CCPA as a...more
1/25/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
Private Right of Action
Private consumer litigation in 2020 was significantly impacted by the California Consumer Privacy Act (CCPA) which took effect on January 1, 2020. Whether asserted as a standalone CCPA violation claim or as a predicate act...more
The California Attorney General’s office announced a fourth set of proposed modifications to the CCPA regulations. These modifications: (1) clarify the requirement for businesses that sell personal information that is...more
On Tuesday, November 3, 2020, California voters passed ballot Proposition 24, the California Privacy Rights Act of 2020 (“CPRA”). Also known as CCPA 2.0, CPRA brings a number of changes to the CCPA, the majority of which will...more
California became the first U.S. state with a comprehensive consumer privacy law when the California Consumer Privacy Act (“CCPA”) became operative on January 1, 2020. The CCPA provides for broad privacy rights for residents...more
11/2/2020
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Proposed Rules ,
Public Disclosure ,
Regulation S-K ,
Securities and Exchange Commission (SEC) ,
Shareholder Litigation ,
Shareholders
Only two months after finalizing the CCPA regulations, the California Attorney General’s office today released a new set of proposed changes, most significantly addressing “Do Not Sell My Personal Information” requests. The...more
Prior to the September 30 deadline to sign or veto legislation, California Governor Gavin Newsom recently took action on three bills related to data privacy. Bringing some potential certainty to the dynamic CCPA landscape,...more
On Tuesday, the New York Attorney General Letitia James announced a settlement with Dunkin’ Brands, Inc. over allegations that the company failed to adequately respond to years of cyberattacks that compromised customers’...more
On August 30th, the California legislature passed a bill to continue the employee and business-to-business (B2B) exemptions contained in the CCPA for another year. Currently, the CCPA provides two limited exemptions for...more
The California Office of Administrative Law today approved the CCPA Regulations that the California Attorney General submitted in June, and the regulations are effective immediately. As we discussed here, the now-final...more
On July 22, the New York Department of Financial Services (DFS) announced the first enforcement action under its new Cybersecurity Regulation, which requires that businesses registered or licensed by DFS comply with a number...more
January 1, 2020 was the effective date for the California Consumer Privacy Act (CCPA). As we reported and summarized in our Q1 2020 CCPA Litigation Round-Up, private litigants wasted no time in filing consumer-related causes...more
On July 16, the European Court of Justice (CJEU) issued a highly-anticipated decision evaluating the validity of two popular mechanisms for transferring personal data from the EU to the United States: Privacy Shield and...more