Ohio House Bill 345, also known as The Ohio Personal Privacy Act, was introduced at the end of 2023 and is currently being considered in committee. The bill establishes requirements related to the collection, processing, and...more
Keypoint: Assuming the bills become law and go into effect, operators of websites and online services that collect the personal data of minors and are subject to the bills will need to undertake several compliance activities....more
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
On August 9, 2023, India passed a data protection law that will govern how entities who process users’ personal data. The Digital Personal Data Protection Act (“the Act”) will establish guardrails for how organizations should...more
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
2023 continues to be a busy year for European data protection authorities. Following its release of the Irish Data Protection Commission’s (DPC’s) binding decisions in cases against Facebook and Instagram, the European Data...more
On 3 February 2022, the French Commission Nationale de l'Informatique et des Libertés (the "CNIL") published a set of commercial management guidelines for all organizations that conduct data processing for the management of...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more
Keypoint: The Colorado bill mirrors the Virginia Consumer Data Protection Act and Washington Privacy Act but contains some notable differences. On March 19, 2021, Colorado lawmakers introduced the Colorado Privacy Act...more
Virginia Governor Ralph Northam signed the Consumer Data Protection Act (the “Act”) on March 2, 2021. The following are answers to some frequently asked questions about the Act and its impact on organizations doing business...more
Consumers are more aware than ever of data privacy and security issues. As technology develops, vast quantities of data are collected on individuals every minute of every day. Customers trust their institutions to keep the...more
To help its business customers with CCPA compliance efforts, Facebook has implemented the “Limited Data Use” feature which restricts how Facebook uses personal information of California individuals that it collects or...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
A little more than six months ago, we addressed the challenges businesses faced in complying with CCPA when it came to their use of third-party adtech such as pixels, beacons and trackers. In line with the evolving nature of...more
Clinical trials have become increasingly important for pharmaceutical companies and medical device manufacturers, which are focused on collecting as much data as possible on products and devices and their adverse effects. All...more
The EDPB’s new Guidelines on Article 6(1)(b) may severely limit e-commerce business’ ability to enhance data processing by unilaterally defining contractual services....more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
Why does this topic matter to organisations? Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
Recent legislative hearings in the United States and Europe have focused on the means by which large third-party data collectors track individuals via websites. Regulators have paid comparatively little attention to the...more
Although the EU’s General Data Protection Regulation (GDPR) has been in force for more than six months, many organizations are still getting to grips with some of the practical requirements, including ensuring that their...more
NHS and social care organisations in the UK are being encouraged to take a fresh look at public cloud services given the myriad benefits of doing so. The guidance is timely given the coming into force of the GDPR in May,...more
Spoiler Alert: Behavioral advertising companies will find some bad news in the guidance. The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European...more
Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more