On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
1/30/2024
/ Compliance ,
Consent ,
Data Collection ,
Data Privacy ,
Data Subject Access Requests ,
Effective Date ,
Notice Requirements ,
Penalties ,
Personal Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
1/23/2024
/ Amended Legislation ,
Canada ,
Compliance ,
Consent ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
PIPEDA ,
Privacy Laws ,
Reporting Requirements ,
Transparency
After much anticipation by organisations both in and out of the PRC, the new standard contractual clauses have been issued by the Chinese regulatory authorities as a means to permission the cross-border transfer of personal...more
The concept of Sensitive Personal Information (SPI) has made its way into new and emerging US privacy laws. The usual challenges associated with a novel privacy obligation certainly apply to Sensitive Personal Information,...more
By now, it is generally known that comprehensive privacy laws include requirements to allow consumers to opt-out of the sale of the their personal information, including personal information collected through the use of...more
9/19/2022
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Data Selling ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Search Engines ,
State Privacy Laws ,
Targeted Digital Advertising
In the last year, we continued to see a shift in the privacy landscape of the United States, including the passage of comprehensive privacy legislation in both Virginia and Colorado, while other states still have bills under...more
1/21/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Covered Entities ,
Data Collection ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Personal Information ,
Prior Express Consent ,
Proposed Legislation
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”)...more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”),...more
On November 3, 2020, the state of California voted to pass Proposition 24, also known as The California Privacy Rights and Enforcement Act of 2020 (“CPRA”). As a result of this vote, businesses dealing with personal...more
11/6/2020
/ Administrative Agencies ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Employees ,
Enforcement Authority ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Governor Newsom ,
Job Applicants ,
New Legislation ,
Personal Information
Given the recent updates to CCPA, and the possible approval of California Privacy Rights Act (CPRA) which is on the November 3 ballot, it is increasingly likely that personal information collected in the course of clinical...more
The CCPA defines both “aggregate consumer information” and “deidentified information.” Aggregate consumer information is defined to mean “information that relates to a group or category of consumers, from which individual...more
No.
By its terms, the definition of personal information excludes aggregated or de-identified information....more
Not necessarily.
As an initial matter, employees that are residents of California will not qualify as full “consumers” under the law until January 1, 2021....more
When the CCPA was enacted last year, BCLP published a Practical Guide to help companies reduce the requirements of the Act into practice. Following publication of the Guide, we wrote a series of articles that addressed...more
3/11/2020
/ Advertising ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Opt-Outs ,
Personal Information ,
Private Right of Action ,
Statutory Penalties ,
Websites
The CCPA only applies to personal information about “consumers,” a term which is defined as “a natural person who is a California resident.” As corporations or other legal entities are not people, the CCPA does not apply to...more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more
10/3/2019
/ CNIL ,
Consent ,
Cookies ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Lottery ,
Online Advertisements ,
Personal Information ,
Sweepstakes ,
UK ,
Websites
No.
The requirement to disclose “sales” of “personal information” to consumers is derived from the California Consumer Privacy Act (the “CCPA”), not European data privacy law....more
Generally speaking, cookies simply are data files saved to a user’s computer. Certain cookies may qualify as “personal information” under the CCPA, since the CCPA defines “unique personal identifiers,” to include “cookies”...more