Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
On 14 February 2025, the Cyberspace Administration of China (“CAC”) issued the “Administrative Measures for Personal Information Protection Compliance Audits” (the "Measures"), which will take effect on 1 May 2025. The...more
Bermuda, the British Virgin Islands (“BVI”) and the Cayman Islands have each introduced data protection regimes in recent years which align with global data protection standards. It is therefore increasingly important for...more
In 2018, there were two comprehensive state data privacy bills introduced across the United States and a whopping zero were in effect. Fast forward six years and there have been 41 new data privacy bills considered this year...more
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more
The 2020 amendment to the Act on the Protection of Personal Information (“APPI”) stipulates that the APPI must be reviewed every three years — the time for a review has arrived. In the past, since its enactment in 2003, major...more
Introduction - Below is a brief outline of the legal regulation of personal protection in Ukraine. Governing Data Protection Legislation - 2.1. Overview of principal legislation - The main legal act governing...more
A data controller that is not a critical information infrastructure operator that cumulatively exports personal information (excluding any sensitive personal information) of less than 100,000 individuals since January 1 of...more
The early weeks of 2024 have seen continued activity on the state comprehensive privacy law front. Since our last update, at least 11 new comprehensive privacy bills have been proposed. In particular, Georgia, Hawaii,...more
On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (HB 4) (“TDPSA”) into law, making Texas the latest contributor to the growing patchwork of comprehensive U.S. state privacy laws....more
Texas Governor Greg Abbott signed into law the Texas Data Privacy and Security Act (TDPSA) on June 18, 2023. With the passage of TDPSA, Texas becomes the tenth state to adopt a consumer data privacy law. TDPSA passed the...more
On May 11, 2023, Governor Bill Lee signed the Tennessee Information Protection Act (TIPA) into law. Tennessee now joins the rapidly increasing group of states, California, Utah, Colorado, Connecticut, Virginia, Iowa and...more
On May 19, the Montana governor signed SB 384 to enact the Consumer Data Privacy Act (CDPA) and establish a framework for controlling and processing consumer personal data in the state. Montana is now the ninth state in the...more
On May 11, 2023, Tennessee’s Governor signed Senate Bill 0073, the Tennessee Information Protection Act, making the state the eighth state to pass consumer privacy legislation. Tennessee joins California, Colorado,...more
The compliance grace period for China’s cross-border data security assessment measures has expired — but many international companies with operations or employees in China are still not compliant. In light of the diminishing...more
On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Measures on the Standard Contract for the Cross-Border Transfer of Personal Information, accompanied by a standard contract...more
The Office of the Privacy Commissioner of Canada (OPC) recently released findings stemming from a customer complaint that Home Depot of Canada (Home Depot) had violated the Personal Information Protection and Electronic...more
By now, it is generally known that comprehensive privacy laws include requirements to allow consumers to opt-out of the sale of the their personal information, including personal information collected through the use of...more
In Part 2 of this series, we discussed how the Personal Information Protection Law (“PIPL”), the centerpiece of China’s personal information (“PI”) protection law, needs to be read in conjunction with other relevant laws,...more
Last week’s blog detailed the wave of state legislation that occurred in the U.S. during 2021. It is no surprise that there were also many data privacy developments abroad. It is crucial that organizations affected by...more
In the last year, we continued to see a shift in the privacy landscape of the United States, including the passage of comprehensive privacy legislation in both Virginia and Colorado, while other states still have bills under...more
China’s long-awaited Personal Information Protection Law (PIPL), after two rounds of draft versions, was finally passed by the Standing Committee of the National People's Congress on August 20, 2021, with the law effective...more
A recent High Court case examines the liability position where leaks or losses of personal data occur as a result of the actions of a cyber-attacker, rather than as a result of breaches or misuse by the data controller...more
Key trends are emerging out of the recently proposed CCPA “copycat” legislation across the United States, and Washington State is leading the charge for stricter data privacy legislation. Businesses should closely monitor the...more
In this issue of The Distributed Ledger, we discuss the IRS' warning letters for over 10,000 cryptocurrency holders, the SEC's settlement with a blockchain company regarding unregistered ICO transactions, and a European...more
Data scraping is a technique where information on one platform is exported onto another. The practice is widespread and is used for all sort of reasons, like market analysis or advertising. The kind of information located and...more