A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
1/31/2025
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gambling ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
UK ,
UK GDPR
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
1/17/2025
/ CNIL ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws ,
Privacy Policy
There is more to learn from the European Data Protection Board’s recent opinion on AI models. I previously reviewed the EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
The European Data Protection Board recently issued an opinion on AI models, shedding light on what the consequences could be for the unlawful processing of personal data in the development phase of an AI model on the...more
So you have a court order from a U.S. court seeking data? In the words of Shania Twain, “That don’t impress me much!” The European Data Protection Board recently issued an opinion on cross border transfers pursuant to Art 48...more
I recently had the pleasure of speaking with the Atlantic County Bar Association. Here are some of the key takeaways from my presentation: Employees are “consumers” under the California Consumer Privacy Act. It requires:...more
What can U.S.-based and multi-national companies learn from the 290 million euro fine Autoriteit Persoonsgegevens, the Dutch Data Protection Authority, issued against Uber in connection with the processing of Dutch driver...more
Is California going to start policing CCPA violations like the French police GDPR violations? The California Privacy Protection Agency (CPPA) and France’s Commission Nationale de l’Informatique et des Libertés (CNIL)...more
What is profiling and what are our clients doing about it in the US and abroad?
Personal information:
•This is the analysis of information about/regarding a person.
•The definition is broad, so if it’s attributable to a...more
The U.S. Department of Labor and The White House recently released a new framework designed to protect U.S. workers from adverse consequences when artificial intelligence systems are deployed in the workplace. The framework...more
U.S. companies thinking about falling back on “disproportionate” effort for access requests under the new U.S. privacy laws because they require compiling too many documents should think again.
The Berlin Administrative...more
The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.
This is helpful not only for GDPR, but also for understanding and implementing consent under the...more
Are test questions and answers personal data that needs to be provided pursuant to an access request? A German court recently weighed in, providing some good insight regarding both GDPR and U.S. state data privacy laws....more
The United Kingdom’s Information Commissioner’s Office recently issued guidance on how to keep employment records. This is good advise for employers beyond Europe (and particularly in California). The data retention...more
The state of Oregon has passed a comprehensive data protection law (SB0619), which will go into effect in July 2024. What do you need to know about SB0619, also known as the Oregon Consumer Privacy Act?...more
12/4/2023
/ Biometric Information ,
Data Controller ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Oregon ,
Personal Data ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
Do new U.S. state laws require you to do a DPIA?
Some pointers:
•Assess whether or not you have processes that require conducting a DPIA (these are situations where there is a “heightened risk” to the rights of...more
Ireland’s Data Protection Commission has fined Meta Ireland 1.2 billion EUR.
While you have probably heard about that, there is much, much more to this case and the larger Schrems II cross border saga. Here is what you...more
Ireland’s Data Protection Commission has fined Meta €1.2 billion. What, however, did the commission say in the case about using Art 49 derogations for transfers to the U.S.? An overview: I will discuss the Meta decision...more
The use of artificial intelligence by a company can be a gamechanger. But it also could impact employees and customers in ways that one doesn’t imagine. And it could be irreversible....more
Washington Governor Jay Inslee has signed the My Health, My Data Act into law.
Here are some key takeaways.
Approach to privacy: The people of Washington regard their privacy as a fundamental right and an essential...more
The GDPR journey has not been wonderful.
NOYB has 800 cases out and the enforcement process is difficult because procedural law is different in different countries....more
The Federal Trade Commission Act’s prohibition on deceptive or unfair conduct can apply if you make, sell or use a tool that is effectively designed to deceive – even if that’s not its intended or sole purpose....more
Data Privacy Day is this weekend. Here are some tips and pointers individuals and businesses should keep in mind going forward.
1. Transparency is front and center for regulators in the United States and Europe, so if...more
A new Washington State bill works to close the gap between consumer knowledge and industry practice by providing stronger privacy protections for all Washington consumers’ health data....more
It’s six days into the new year and we already have four new comprehensive privacy bills from: New York, Kentucky, Tennessee and Oklahoma.
There are a lot of moving pieces here and you can go cross-eyed trying to comply with...more