What can U.S.-based and multi-national companies learn from the 290 million euro fine Autoriteit Persoonsgegevens, the Dutch Data Protection Authority, issued against Uber in connection with the processing of Dutch driver...more
What is profiling and what are our clients doing about it in the US and abroad?
Personal information:
•This is the analysis of information about/regarding a person.
•The definition is broad, so if it’s attributable to a...more
The United Kingdom’s Information Commissioner’s Office has issued guidance on the accuracy of artificial intelligence Some key points:
•For generative AI models, both developers and deployers must consider the impact that...more
India enacted its new Digital Personal Data Protection Act last year. Here are some key takeaways regarding the law, courtesy of Sajai Singh, a partner at J. Sagar Associates in India. Singh spoke recently at Alpine Privacy...more
The White House recently issued an executive order that restricts cross-border transfers of personal data from the United States to “countries of concern.” President Biden also urged Congress to pass comprehensive privacy...more
2/29/2024
/ Biden Administration ,
Cybersecurity ,
Data Protection ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Department of Veterans Affairs ,
Executive Orders ,
Sensitive Personal Information ,
US Department of State
The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.
This is helpful not only for GDPR, but also for understanding and implementing consent under the...more
The Federal Trade Commission recently published a blog post regarding the privacy of DNA. What do you need to know?
•Protecting biometric information – including genetic data – is a top FTC priority. (See FTC Biometric...more
The state of Oregon has passed a comprehensive data protection law (SB0619), which will go into effect in July 2024. What do you need to know about SB0619, also known as the Oregon Consumer Privacy Act?...more
12/4/2023
/ Biometric Information ,
Data Controller ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Oregon ,
Personal Data ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
Providers in the mobility space take note. The Estonian Data Protection Inspectorate, Andmekaitse Inspektsioon, conducted a short term vehicle rental sweep that could be important in light of a declared connected vehicle...more
In a joint resolution, the California legislature affirmed that both the California Assembly and Senate are commitment to President Joe Biden’s vision for safe artificial intelligence.
Specifically, they expressed support...more
The National Institute of Standards and Technology (NIST)’s National Artificial Intelligence Advisory Committee (NAIAC) recently released its first report to President Joe Biden, providing several key recommendations on how...more
Do new U.S. state laws require you to do a DPIA?
Some pointers:
•Assess whether or not you have processes that require conducting a DPIA (these are situations where there is a “heightened risk” to the rights of...more
The European Parliament has voted against a U.S. adequacy decision under the proposed EU-U.S. Data Privacy Framework.
Why?
•Bulk collection: The framework still allows for bulk collection of personal data in certain cases...more
The UK’s Information Commissioner’s Office has issued guidance on the scope of age appropriate design code, and they want public comment. This is very important for companies subject to the already passed California Age...more
The European Data Protection Board (EDPB) has issued a long-awaited opinion on the EU-US Data Privacy Framework.
Here are some key takeaways:
The scope of the exemptions to the adherence to the principles, including on the...more
“The times they are a-changin’,” Bob Dylan sang almost 60 years ago. And when it comes to consumers’ reasonable expectations of privacy, they are still a-changin.
I recently participated in a panel hosted by Usercentrics...more
The California Privacy Protection Agency (CPPA) has issued a Final Statement of Reasons for amended California Consumer Privacy (CCPA) regulations.
Key Points:
The amendments were “necessary” (used 135 times), just...more
The Virginia legislature is considering looking at amending the state’s Consumer Data Protection Act to expand protections related to children’s data. Some key points in the bill:
•Child defined as under 18, not 13-...more
The European Data Protection Supervisor (EDPS) has submitted comments to FTC Rulemaking on commercial surveillance.
Here are some key takeaways.
IOT devices:
•It is important that data from the Internet of Things are...more
Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian Data Protection...more
During its 44th Annual meeting in Istanbul, the Global Privacy Assembly (GPA) voted to admit the California Privacy Protection Agency (CPPA) as a full voting member....more
Colorado has released draft rules to supplement the Colorado Privacy Act, which was enacted in July 2021.
Generally, the rules reflect the obligations that were expected from the use of language similar to that in the...more
Please take note!
1.SchremsII and cross border transfers: Risk based, wherefore art thou? With the Google Analytics, Google Fonts, Amazon AWS, Google Workspace other cases, the SchremsII and DPA guidance is piling up....more
9/30/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Cookies ,
Cross Border Privacy Rules (CBPR) ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
International Data Transfers ,
Privacy Laws ,
Schrems I & Schrems II
Singapore Personal Data Protection Commission (PDPC) has published a guide on data protection in the blockchain.
Some key points:
Permissionless blockchain:
•Any personal data published in-clear is a form of public...more
Does vehicle service data for services performed on a vehicle while owned by a previous owner belong to the new owner and need to be provided as part of a GDPR Access request?...more