Keypoint: Assuming the bills become law and go into effect, operators of websites and online services that collect the personal data of minors and are subject to the bills will need to undertake several compliance activities....more
Challenges may arise when conducting an internal investigation related to an underlying disclosure by a whistleblower pursuant to the EU Directive, because companies must strictly comply with the GDPR. Failure to comply with...more
The upcoming year will continue to hold challenges for data privacy programs. The Quarles Privacy Week 2024 programming from this week has provided an overview of the upcoming issues and challenges that are on the horizon....more
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
Alla luce del recente provvedimento dell’Autorità Garante per la Protezione dei Dati Personali Francese, la Commission nationale de l'informatique et des libertés (“Garante” o “CNIL”), riportiamo di seguito un’analisi del...more
On January 19, the Irish Data Protection Commission (DPC) announced the conclusion of an inquiry into the data processing practices of a U.S.-based messaging service’s Ireland operations and fined the messaging service €5.5...more
The California Privacy Protection Agency (CPPA) recently released the draft proposed CCPA Regulations and draft initial statement of reasons. Importantly, these are draft regulations that are likely to be subject to extensive...more
On June 3, 2022, Senator Wicker (R-Miss.), Ranking Member of the Senate Commerce Committee, and Representatives Pallone (D-N.J.) and Rodgers (R-Wash.), Chairman and Ranking Member of the House Energy and Commerce Committee,...more
Keypoint: The chances for the United States to finally enact a federal privacy bill appear to have increased with the circulation of a bipartisan discussion draft although its chances for passage are far from clear....more
Connecticut Passes the Fifth US State Consumer Privacy Law - The Connecticut governor has formally signed and passed An Act Concerning Personal Data Privacy and Online Monitoring (CPDA), making this law the fifth US state...more
Over the span of five months in 2021, our team published a series of articles on how to implement the five core functions of the National Institute of Standards and Technology (NIST) Privacy Framework. We wrote an initial...more
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more
Recent U.S. IPOs of Chinese companies prompt data security concerns among government authorities, leading to a tightening of cyber regulations. Cybersecurity review will be mandatory for (i) purchase of network products and...more
On June 10, 2021, the Standing Committee of the 13th National People's Congress passed the long awaited People's Republic of China (China) Data Security Law ("DSL") after a final read of the third draft. The DSL, which takes...more
Given that the Data Security Law is one of the three fundamental data protection laws in China, the legislative process of the law has attracted much attention. In July 2020, comments were solicited for the first draft of the...more
The Italian Data Protection Authority ("DPA") has issued guidelines on data protection rules applying to COVID-19 vaccinations at the workplace. On May 13, 2021, the Italian DPA issued guidelines on data protection rules...more
Virginia Governor Ralph Northam signed the Consumer Data Protection Act (the “Act”) on March 2, 2021. The following are answers to some frequently asked questions about the Act and its impact on organizations doing business...more
Long-awaited legislation in China—the Personal Information Protection Law of the People’s Republic of China—was released for public consultation on October 21. Once passed, the law will be the first designated personal...more
The United Kingdom’s Information Commissioner’s Office (ICO) recently released a Code of Practice for Age Appropriate Design on Online Services (Code). The ICO notes that its Code reflects the “global direction” of reforms...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
Why does this topic matter to organisations? The Data Protection Principles provide the conditions on which an organisation is permitted to process personal data. If an organisation cannot satisfy the Data Protection...more
Although the EU’s General Data Protection Regulation (GDPR) has been in force for more than six months, many organizations are still getting to grips with some of the practical requirements, including ensuring that their...more
NHS and social care organisations in the UK are being encouraged to take a fresh look at public cloud services given the myriad benefits of doing so. The guidance is timely given the coming into force of the GDPR in May,...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more