Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield...more
3/19/2019
/ Corporate Counsel ,
Data Protection ,
Data Protection Authority ,
EU-US Privacy Shield ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Privacy Policy ,
Swiss Privacy Shield ,
UK Brexit ,
Withdrawal Agreement
Were the Beatles still recording today, they might have to add this verse to Taxman. As what will surely be the opening salvo in government efforts to find ways to recapture the value of the personal data upon which so much...more
Canada now follows the US trend to require reporting of personal data exposures. Beginning November 1, 2018, a change in the law will require companies subject to Canada’s federal data protection laws to report data breaches...more
Throughout history, people have waged sectarian fights to protect their beliefs. The Europeans, sitting at a crossroads of two major religions charged with converting the unenlightened, have a particularly combative...more
8/16/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”). CCPA, unlike any other law, requires companies to honor specific privacy rights of California consumers granted under CCPA....more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Privacy Laws ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
5/3/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
6 Months To Go The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees...more
11/30/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
7 Months To Go -
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or...more
11/1/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts. Review steps 1–4 below to bring your vendor...more
10/27/2017
/ Contract Amendments ,
Cybersecurity ,
Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
Personal Data ,
Third-Party Service Provider ,
Vendors ,
Written Consent
Follow our three-question flowchart to answer the question: “Does GDPR Apply to You?” If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies.
Follow our...more
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
A consumer’s television or computer may be emitting silent signals that her smartphone can hear, recognize and answer back, but the consumer can’t sense them at all. These signals are telling retailers about their customer’s...more
5/25/2017
/ App Developers ,
Cross-Device ,
Data Security ,
Federal Trade Commission (FTC) ,
Notice Requirements ,
Personal Data ,
Privacy Policy ,
Retailers ,
Transparency ,
Warning Letters ,
Web Tracking
U.S companies are expected to explain how consumers are being tracked across devices, so that the company knows a consumer accessing its website from smartphone, tablet, television, laptop or other devices. Until now, U.S....more
A hotel is a personal place, even if you share it with thousands of other people. The very obscurity in a crowd can make you feel anonymous, and the private living space allows for the most private of conversations and...more
9/30/2016
/ Big Data ,
Cell Phones ,
Data Breach ,
FCC ,
Hilton ,
Hospitality Industry ,
Hotels ,
Hyatt ,
International Travel ,
Invasion of Privacy ,
iPhone Tracking ,
Malware ,
Marriott ,
No-Blocking Rules ,
Personal Data ,
Surveillance ,
Web Tracking ,
Wifi
After months of uncertainty, the U.S. again has a framework of rules to follow that will govern U.S. business’ use of EU residents’ data. The European Commission approved the text of the EU-U.S. Privacy Shield (the “Privacy...more
7/14/2016
/ EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ombudsman ,
Opt-Outs ,
Personal Data ,
Schrems I & Schrems II ,
Surveillance ,
Third-Party Agents ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
European privacy law is a bold new world for U.S. businesses doing business in Europe. An October Court of Justice ruling struck down the Safe Harbor arrangement which had governed E.U.-U.S. data transfer transactions for...more
6/8/2016
/ Binding Corporate Rules ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
International Data Transfers ,
Personal Data ,
Right to Be Forgotten ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The U.S. and EU are one step closer to implementing the new EU-U.S. Privacy Shield. On March 1, 2016, the European Commission and U.S. Department of Commerce announced the release of the legal texts that will put in place...more
The U.S. and E.U. are one step closer to entering into a new data transfer agreement. On February 24, 2016, President Barack Obama signed into legislation the Judicial Redress Act, giving citizens of certain allied countries,...more
We leave breadcrumbs of biometric information scattered around our daily lives, which may be collected and used by private entities, often without our knowledge or consent. The sound of your voice when you call your bank’s...more
10/26/2015
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Consent ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Driver's Licenses ,
FERPA ,
New Legislation ,
Parental Consent ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Shutterfly ,
Social Networks ,
Students
A major European court has just pulled the rug out from under nearly 5,000 US companies, snatching away the relative business certainty of the Data Transfer Safe Harbor, and maybe the safety of standard contract clauses and...more
10/7/2015
/ Binding Corporate Rules ,
Data Collection ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
SCC ,
Surveillance ,
US-EU Safe Harbor Framework