Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
On April 8, the National Security Division of the U.S. Department of Justice’s (DOJ) new rule on cross-border data transfers takes effect. It restricts U.S. businesses from transferring certain bulk sensitive personal data to...more
On 14 November, and after many years of negotiations, Chile adopted a new Data Protection Act (la Ley que regula la protección y el tratamiento de los datos personales y crea la Agencia de protección de datos personales)....more
Four years after the Brazilian General Data Protection Law (LGPD) came into force, Brazil’s Superior Court of Justice (STJ) recently issued a list of precedents exploring how the court applied the law and addressed the...more
The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more
Companies doing business in Mexico should review relevant policies and practices to ensure they align with the country’s comprehensive data privacy framework. Specifically, you’ll want to assess your privacy notices, data...more
The final weeks for many state legislatures have witnessed significant movements in the U.S. data privacy landscape. Last month, Nebraska Governor Jim Pillen signed the Data Privacy Act, LB1074, into law....more
A data controller that is not a critical information infrastructure operator that cumulatively exports personal information (excluding any sensitive personal information) of less than 100,000 individuals since January 1 of...more
On January 16, 2024, New Jersey Governor Phil Murphy signed into law Senate Bill No. 332, “An Act concerning online services, consumers, and personal data” (“SB 332”). New Jersey is the fourteenth state to pass a...more
On May 19, 2023, Montana officially became the ninth state to approve a state-level consumer data privacy law, joining the trend of states opting not to wait for a federal privacy law to mandate the protection of its...more
BACKGROUND - U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the...more
On May 19, the Montana governor signed SB 384 to enact the Consumer Data Privacy Act (CDPA) and establish a framework for controlling and processing consumer personal data in the state. Montana is now the ninth state in the...more
On May 11, the Tennessee governor signed HB 1181 to enact the Tennessee Information Protection Act (TIPA) and establish a framework for controlling and processing consumers’ personal data in the state...more
The decision of the UK Supreme Court in Lloyd v Google is a welcome relief for data controllers. However, is it the end of class actions for data breach?...more
On 13 October 2021, almost two years after the adoption of a bill on data protection, Rwanda's first data protection legislation, Law No. 058/2021 Relating to the Protection of Personal Data and Privacy ("Data Protection Law"...more
As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
China’s long-awaited Personal Information Protection Law (PIPL), after two rounds of draft versions, was finally passed by the Standing Committee of the National People's Congress on August 20, 2021, with the law effective...more
Colorado’s Governor Jared Polis signed the Colorado Privacy Act last week, making Colorado the third state to implement broad consumer data privacy protections. The Colorado Privacy Act (CPA), which Governor Polis signed on...more
In certain cases, the General Data Protection Regulation (GDPR) requires entities that experience a personal data breach to provide notice of the incident to relevant national supervisory authorities and the individuals whose...more
Rarely do Virginia and California fall into the same camp on legislation, but that may change with Virginia’s Consumer Data Privacy Act (the “Act”). The Virginia House of Delegates overwhelmingly passed the Act on January...more
Virginia seemingly came out of nowhere on the consumer privacy front and now appears to be just days away from becoming the second state in the nation, behind California, to pass comprehensive consumer privacy legislation....more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
Even though the General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, its application to U.S.-based employers continues to evolve and increase in complexity. For U.S. employers of European Union (“EU”)...more
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
The Information Commissioner's Office (ICO) has issued a statement confirming that data protection will not stop the need for businesses to share information quickly, or adapt the way they work to face the unprecedented...more
The European Data Protection Board has published draft guidelines for public comment on the data protection aspects of connected vehicles. Key takeaways: The Relevant Players- Non exhaustive list of stakeholders: vehicle...more