On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland,...more
8/13/2024
/ Consent ,
Consumer Privacy Rights ,
Data Controller ,
Enforcement ,
Geolocation ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Rhode Island ,
State Attorneys General ,
State Privacy Laws
On May 24, 2024, Minnesota’s governor signed an omnibus bill, HF4757 which included the new Consumer Data Privacy Act. The state joins Kentucky, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island in passing...more
Maryland’s governor recently signed the Maryland Online Data Privacy Act of 2024 (MODPA), making Maryland one of six states—along with Kentucky, Nebraska, New Hampshire, New Jersey, and Rhode Island—to pass a comprehensive...more
The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle –...more
On January 16, 2024, New Jersey’s Governor signed Senate Bill (SB) 332, which establishes a consumer data privacy law for the state. New Jersey becomes the 13th state to pass a consumer data consumer privacy law. The law...more
Effective July 10, 2023, the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) replaced the invalidated EU-U.S. Privacy Shield framework (“Privacy Shield”). Participating U.S. organizations can now receive personal data...more
10/2/2023
/ Data Privacy ,
DPA ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Swiss Privacy Shield ,
UK
On March 28, 2023, Iowa’s Governor signed Iowa’s new statute relating to consumer data protection. Iowa joins California, Colorado, Connecticut, Utah, and Virginia in the ever-growing patchwork of consumer privacy laws across...more
The EU Commission is expected to adopt the long awaited updated Standard Contractual Clauses (“SCCs”) on June 4, 2021. In the wake of the Schrems II decision invalidating the EU-U.S. Privacy Shield, the SCCs have played an...more
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that...more
Record retention and records management policies are key elements for a company’s data protection program. Numerous recently enacted, or amended, data protection laws adopt data retention or storage limitation principles to...more
Businesses are now prohibited from transferring employee personal data from the European Economic Area (EEA) to the U.S. under the EU-U.S. Privacy Shield program. The Court of Justice of the European Union (CJEU) declared the...more
7/28/2020
/ BCRs ,
Cloud Service Providers (CSPs) ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Employee Privacy Rights ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
US-EU Safe Harbor Framework
The EU-U.S. Privacy Shield program is invalid, the Court of Justice of the European Union (CJEU) declared on July 16, 2020, in the matter of Data Protection Commissioner v. Facebook Ireland and Schrems (C-311/18) (Schrems...more
As businesses prepare for the effective date of the California Consumer Privacy Act, many are conducting data mapping to identify the personal information they collect, who it belongs to, how they use it, with whom they share...more
The GDPR is wrapping up its first year and moving full steam ahead. This principles-based regulation has had a global impact on organizations as well as individuals. While there continue to be many questions about its...more
As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg). NFL teams insert tiny chips into players shoulder pads to...more
With the continuing parade of high profile data security breaches, the concern U.S. organizations have about the security of their systems and data has been steadily growing. And rightly so. Almost every organization...more
If you’ve been following the headlines, you know that a day doesn’t pass without a reference to the “GDPR”. On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will take effect, marking the most...more