A recent spate of successful legal challenges has provided some relief from the ever-swelling wave of state privacy laws. The legal bases of these challenges vary, but taken together, they highlight that state privacy laws –...more
The collection of personal data by organizations in the sports industry creates unique data privacy challenges. Generally, a business-to-consumer organization is focused on the personal data of its customers and separately...more
In his State of the Union address on February 7, 2023, President Biden affirmed his position on consumer data privacy protections and specifically his focus on strengthening protections for children. With several state data...more
While speaking recently at the Nordic Privacy Arena in Sweden, I offered Nordic companies seven things they should think about when doing business in the United States. For your reading pleasure: Personal data can’t...more
On September 15, 2022 California Governor Gavin Newsom signed into law the California Age-Appropriate Design Code Act (CAADCA) AB 2273, which takes effect July 1, 2024 and intends to protect the wellbeing, data, and privacy...more
On July 28, 2022, the California Privacy Protection Agency (the “Agency”) held a special meeting (the “Meeting”) to discuss and act on the proposed federal privacy legislation, the American Data Protection and Privacy Act...more
The first major consumer-focused privacy regulation in the U.S., the California Consumer Privacy Act (CCPA), came into effect on January 1st, 2020, which seems like a lifetime ago. Now it’s April 2022, and there are several...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
Many EU companies have their own ideas on what US Privacy laws mean for the, Here are three of the more common myths out there, busted. Myth 1: I don’t have physical presence in the US so the laws don’t apply to me....more
This is the first of a multi-article series focused on privacy impact assessments. This first article provides an overview of privacy impact assessments, the existing and pending privacy laws which require privacy impact...more
The California Office of Attorney General (OAG) is responsible for enforcing the CCPA and began sending notifications of alleged non-compliance to companies on July 1, 2020. Almost a year later, in June of 2021, the OAG...more
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the National Institute of Standards and Technology's four principles of the "explainability" of artificial intelligence and the U.K. Information...more