Malaysia’s newly released Cross Border Personal Data Transfer Guidelines mark a groundbreaking shift in its data protection regulatory landscape, requiring data controllers to conduct Transfer Impact Assessments and implement...more
As of this writing, the CAM4 security incident remains the largest data breach in history. The attack on the website exposed nearly 11 billion records, including users' names, email addresses, sexual orientations, chat...more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with...more
Startups face unique challenges that can impact their success and sustainability. Obstacles such as financial constraints (inadequate funding or limited cash flow) and resource constraints often result in small teams having...more
The very definition of generative AI suggests the creation of new content based on a program training on existing data, a recipe that necessarily raises potential U.S. and EU data privacy issues, not to mention related...more
The collection of personal data by organizations in the sports industry creates unique data privacy challenges. Generally, a business-to-consumer organization is focused on the personal data of its customers and separately...more
The Commerce and Energy Committee has voted to send the American Data Privacy and Protection Act (ADPPA) to the House, but not without some changes....more
The first major consumer-focused privacy regulation in the U.S., the California Consumer Privacy Act (CCPA), came into effect on January 1st, 2020, which seems like a lifetime ago. Now it’s April 2022, and there are several...more
This is the first of a multi-article series focused on privacy impact assessments. This first article provides an overview of privacy impact assessments, the existing and pending privacy laws which require privacy impact...more
FCC Seeks Public Comment on the Current and Future Regulation of the “Internet of Things” - The FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of...more
On 10 September 2021, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a...more
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that...more
Gerade für Juristen ist Begeisterung für und ein Verständnis von Branchen, Geschäftsmodellen und Technologien – gerade vor dem Hintergrund des Datenschutzrechts und des Gewerblichen Rechtsschutzes – unerlässlich und...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
Generally, contact tracing refers to an effort by public health officials to identify individuals with whom a patient who has tested positive for an infectious disease has been in close proximity. Public health officials will...more
In addition to the potential uses of contact-tracing apps, discussed recently in episode 1 of the Global Solutions series, most employers now conduct some form of employee screening or monitoring to help prevent the spread of...more
General: This is not the time for strict enforcement of data protection. We are showing agility during this crisis. Work: •Information that someone is infected with coronavirus is health information. •Information that...more
Report on Supply Chain Compliance 3, no. 5 (March 5, 2020) - On Feb. 3, Facebook Inc. informed the Irish Data Protection Commission (DPC) that it would be rolling out a new dating service Feb. 14. The DPC was concerned about...more
The United Kingdom's Information Commissioner's Office has updated its guidance on Special Category Data (Article 9 General Data Protection Regulation). Key takeaways: Genetic Data- Genetic analysis that includes enough...more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more