Colorado Attorney General Phil Weiser has published revisions to the Colorado Privacy Act rules, as well as some additional questions for public feedback.
His questions include:
What are the pros and cons of using IP...more
The United States is adequate, at least according to a draft opinion on the EU-U.S. Data Privacy Framework. Here is a look at what the opinion says, and what U.S. companies involved in EU-U.S. transfers should be doing now....more
You need a data retention plan. No really.
And not just in the European Union. In California too.
Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform Discord 800,000 EUR for (non...more
For deidentification under the traditional laws like HIPAA, removal of identifiers qualifies.
That was a key facet of what I discussed last week on an anonymization panel during the IAPP Europe Data Protection Congress...more
Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian Data Protection...more
After the recent Court of Justice of the European Union decision on sensitive inferences that can be drawn from the name of your spouse, it is fair to ask: Is everything sensitive data (special category data)?...more
What do you need to know about the changes in the new, new, new, new, new CPRA Regs?
1.your good faith efforts to comply count-
2.data minimization (reasonably necessary and proportionate) for the win, in almost any...more
Colorado has released draft rules to supplement the Colorado Privacy Act, which was enacted in July 2021.
Generally, the rules reflect the obligations that were expected from the use of language similar to that in the...more
While speaking recently at the Nordic Privacy Arena in Sweden, I offered Nordic companies seven things they should think about when doing business in the United States.
For your reading pleasure: Personal data can’t...more
What does the Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case of Meta vs. the German Bundeskartellamt tell us regarding the scope of what constitutes “sensitive information,” “contractual...more
The FTC launched a detailed notice of proposed rulemaking on August 11, 2022 regarding commercial surveillance and data security. The commission also released a fact sheet on commercial surveillance....more
The Commerce and Energy Committee has voted to send the American Data Privacy and Protection Act (ADPPA) to the House, but not without some changes....more
If you are dealing with sensitive information of any kind (yes, this includes precise geolocation, ethnicity, sexual orientation, etc), but especially health information (and yes, reproductive health information too), do...more
Does vehicle service data for services performed on a vehicle while owned by a previous owner belong to the new owner and need to be provided as part of a GDPR Access request?...more
During a recent webinar hosted by The Chicago Bar Association, some other panelists and I made some predictions about the future of data privacy.
What is on the horizon?...more
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce it as part of an employee’s Data Subject Access Request (DSAR), it shouldn’t be...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer.
But in the processor-sub-processor data processing agreement, the data processor reserves the right to disclose...more
What can we learn about disclosures and how to draft privacy notices from the Sweden IMY decision and why is it important for both GDPR companies and CPRA, CDPA, CPA and UCPA companies:...
...more
Here are five things you should know about Google Analytics, transfers and Schrems II.
1. Down to Middle Earth We Go Brush up on your J.R.R. Tolkien because Datatilsynet in its new guidance on cloud providers, says you...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
Many EU companies have their own ideas on what US Privacy laws mean for the, Here are three of the more common myths out there, busted.
Myth 1:
I don’t have physical presence in the US so the laws don’t apply to me....more
The supplemental measures adopted by Google to regulate data transfers within the framework of the Google Analytics functionality are not sufficient to exclude the possibility of access by American intelligence services to...more
For vehicle data, GDPR is just the beginning, the German Brandenburg regional government said in a Q&A. Stay tuned for the Data Governance Act.
Here are some key points:
•Vehicle manufacturers have to observe GDPR when...more
The German Data Protection Conference (DSK) issued guidance on the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (‘TTDSG’), which went into effect on December 1, 2021...more
12/30/2021
/ Consent ,
Cookies ,
Data Protection ,
Data Storage ,
Data Transfers ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Internet of Things ,
Opt-Outs ,
Popular ,
Telecommunications