States have been active in passing and enacting comprehensive consumer privacy laws in the absence of a federal statute. To date, 19 states have passed such laws, starting with the California Consumer Privacy Act (“CCPA”),...more
Summary - On July 10, 2023, the European Commission issued an adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF” or “DPF”). The decision concludes that the U.S. ensures an adequate level of protection...more
On March 28, 2023, Iowa became the sixth state to pass a comprehensive consumer privacy law, joining California, Colorado, Connecticut, Utah, and Virginia. The Iowa Act Relating to Consumer Data Protection (“ICDPA”) will...more
On July 7, 2021, Colorado Governor Jared Polis signed into law S.B. 21-190, known as the Colorado Privacy Act (“CPA”). Colorado is now the third U.S. state to enact comprehensive consumer data privacy legislation, following...more
8/6/2021
/ Colorado ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Right of Access ,
State Privacy Laws
The European Commission (“EC”) has adopted a long-awaited new set of standard contractual clauses (“SCCs”) for the transfer of personal data to parties in third countries outside the European Union (“EU”) and European...more
6/18/2021
/ Data Controller ,
Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On March 2, 2021, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA), making Virginia the second state, after California, to enact general data privacy legislation. The VCDPA...more
4/13/2021
/ CDPA ,
Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Security ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Right to Delete ,
State Privacy Laws ,
Virginia
On August 14, 2020, the California Office of Administrative Law (OAL) approved the final California Consumer Privacy Act (CCPA) regulations that were submitted by the California Attorney General (AG) on June 1, 2020. The...more
Decision of the Court of Justice of the European Union - On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its judgment in the so-called “Schrems II” case. ...more
On July 12th, the European Commission gave final approval to the EU US Privacy Shield program for the transfer of personal data from the European Union to the United States by companies that voluntarily choose to participate...more
Since 2000, the EU-US Safe Harbor program has been one means by which eligible US companies could transfer personal data from the European Union (EU) to the United States in accordance with EU law regulating transfers of...more
On October 6th, the European Court of Justice (ECJ) issued its opinion in Schrems v. Data Protection Commissioner (C-362/14), a case which, among other things, challenged the validity of the European Commission’s 2000 finding...more
10/8/2015
/ Binding Corporate Rules ,
Consent ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Privacy Policy ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II