On July 10, 2023, the European Commission (the “Commission”) adopted an adequacy decision for the EU-U.S. Data Privacy Framework (the “Framework”).
The Framework provides companies that opt in with a legitimate means of...more
7/14/2023
/ Cross-Border ,
Cybersecurity ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
US-EU Safe Harbor Framework
The European Union’s (“EU”) Data Protection Commission (the “Commission”) recently fined Meta Ireland $1.3 billion (or €1.2 billion) for improper data transfers from the European Economic Area (“EEA”) to the United States in...more
Texas will soon join the growing list of states that have passed comprehensive data privacy legislation. House Bill 4, the Texas Data Privacy and Security Act (“TDPSA” or the “Act”), has a broad reach and will apply to all...more
6/1/2023
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Processors ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Opt-Outs ,
Proposed Legislation ,
State Labor Laws ,
Texas
On November 18, 2021, the European Data Protection Board (“EDPB”) issued guidelines on the interplay between provisions in the General Data Protection Regulation (“GDPR”) governing scope and applicability and those governing...more
Colorado is set to become the third U.S. state to pass comprehensive data privacy legislation. Following a number of revisions, Senate Bill 190, also referred to as the Colorado Privacy Act (“CPA”), passed the Colorado House...more
On June 4, 2021, the European Commission announced the definitive adoption and publication of revamped Standard Contractual Clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the EU General Data...more
6/7/2021
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Update: The VCDPA was signed into law by Governor Ralph Northam without amendment on March 2, 2021. The VCDPA will become operative on January 1, 2023, and businesses should remain mindful of pending legislation in states...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Fair Information Practice Principles ,
General Data Protection Regulation (GDPR) ,
Governor Northam ,
Gramm-Leach-Blilely Act ,
Personal Data ,
Right To Appeal ,
State Attorneys General ,
State Data Privacy Laws ,
Virginia
Virginia is set to become the second U.S. state to pass comprehensive data privacy legislation. Senate Bill 1392, called the Consumer Data Protection Act (“VCDPA” or the “Act”), passed the Virginia Senate by a vote of 39-0 on...more
On December 24, 2020, the European Commission and the United Kingdom reached an agreement in principle on the long-awaited Trade and Cooperation Agreement (the “Trade Agreement”). For now, transfers of personal data from the...more
On October 6, 2020, the Court of Justice of the European Union (the “Court”) ruled that principles of EU law prevent Member States from requiring a provider of electronic communications services to indiscriminately retain...more
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) announced their decision in case C-311/18, better known as Schrems II. Late last year, the Advocate General issued a nonbinding opinion declaring the use...more
7/17/2020
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Safe Harbors ,
SCC ,
Schrems I & Schrems II ,
UK