Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian Data Protection...more
After the recent Court of Justice of the European Union decision on sensitive inferences that can be drawn from the name of your spouse, it is fair to ask: Is everything sensitive data (special category data)?...more
What does the summary judgment granted to Linkedin in the famous Linkedin-HiQ Labs case teach us about data scraping in the US?
Here are some of my thoughts on what the U.S. District Court for the Northern District of...more
What do you need to know about the changes in the new, new, new, new, new CPRA Regs?
1.your good faith efforts to comply count-
2.data minimization (reasonably necessary and proportionate) for the win, in almost any...more
During its 44th Annual meeting in Istanbul, the Global Privacy Assembly (GPA) voted to admit the California Privacy Protection Agency (CPPA) as a full voting member....more
Sixth in a series of articles on the Colorado Privacy Act draft rules.
There is a lot to know about Colorado’s draft rules regarding the Colorado Privacy Act, which was enacted in July 2021.
This alert takes a look at...more
“When a consumer permits their private data to be used by a company for a specific purpose, it is not a free pass for a firm to exploit the data for other uses, no matter what the legal mouse-print may say,” Rohit Chopra, the...more
If you are using dashcams to monitor employees and customers, you need to be careful.
A recent finding from the Office of the Privacy Commissioner of Canada offers good guidance, not only for companies operating in the...more
Colorado has released draft rules to supplement the Colorado Privacy Act, which was enacted in July 2021.
Generally, the rules reflect the obligations that were expected from the use of language similar to that in the...more
If you are recording or transcribing real time exchanges of communications, like in a chat or text messages, and keep transcripts of the chats without permission, you may be in violation of your state’s wiretap statutes....more
The California Privacy Rights Act is coming. Soon. For real.
To help employers get ready, I recently joined the “Your Bytes = Your Rights” podcast to discuss the changes coming in January 2023 to employee privacy laws,...more
While speaking recently at the Nordic Privacy Arena in Sweden, I offered Nordic companies seven things they should think about when doing business in the United States.
For your reading pleasure: Personal data can’t...more
Please take note!
1.SchremsII and cross border transfers: Risk based, wherefore art thou? With the Google Analytics, Google Fonts, Amazon AWS, Google Workspace other cases, the SchremsII and DPA guidance is piling up....more
9/30/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Cookies ,
Cross Border Privacy Rules (CBPR) ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
International Data Transfers ,
Privacy Laws ,
Schrems I & Schrems II
What does the Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case of Meta vs. the German Bundeskartellamt tell us regarding the scope of what constitutes “sensitive information,” “contractual...more
In letter to hospital CEO’s, California Attorney General Rob Bonta asked how healthcare facilities and other providers were addressing racial and ethnic disparities in commercial decision-making tools and algorithms....more
In public comments during the Federal Trade Commission’s (FTC) data privacy rulemaking open forum, a senior U.S. Chamber of Commerce came out against the agency making broad rules on data privacy....more
Yes, your privacy notice does need to be “that good.” If it isn’t, the California Attorney General’s Office might come knocking.
Here are some key points from the AG’s second year enforcement report:...more
Federal Trade Commission Commissioner Alvaro Bedoya wants companies that collect location information to take a hard look at their practices and what they can do to better protect their users....more
The FTC launched a detailed notice of proposed rulemaking on August 11, 2022 regarding commercial surveillance and data security. The commission also released a fact sheet on commercial surveillance....more
Digital marketing firms that help financial companies design and place online ad campaigns are service providers for the purpose of the Consumer Financial Protection Act of 2010, the Consumer Financial Protection Bureau said...more
The Commerce and Energy Committee has voted to send the American Data Privacy and Protection Act (ADPPA) to the House, but not without some changes....more
The proposed American Data Privacy and Protection Act is getting a facelift.
Here are some key changes:
Disclosure and consent:
•Disclosure for getting affirmative consent can be procured either through the primary...more
Let’s review:
•Health information is sensitive. • Sharing it with third parties for advertising is more sensitive.
•Doing it behind a log-in where there is no expectation of such tracking? ...more
Congresswoman Anna Eshoo (D-CA) voted against American Data Privacy and Protection Act (ADPPA), citing preemption of California law and a concern about reproductive privacy health in the wake of Dobbs....more
If you are dealing with sensitive information of any kind (yes, this includes precise geolocation, ethnicity, sexual orientation, etc), but especially health information (and yes, reproductive health information too), do...more