The European Data Protection Board (EDPB) recently announced the launch of its 2025 Coordinated Enforcement Framework (CEF) action, which will focus on the right to erasure, also known as the “right to be forgotten,” or, in...more
Bill C-27, the Digital Charter Implementation Act, proposes new legislation that will significantly impact the Canadian privacy law landscape. The omnibus bill – which is a second reiteration of the former Bill C-11 (which...more
The Indiana Legislature is poised to pass Senate Bill 5, a comprehensive privacy statute (the “Act”), and send it on to the Governor. Once signed, the Act will become operative on January 1, 2026, and make Indiana the seventh...more
A new Washington State bill works to close the gap between consumer knowledge and industry practice by providing stronger privacy protections for all Washington consumers’ health data....more
The California Privacy Rights Act will go into full effect on January 1. The CPRA is commonly referred to as a “new” act, but is actually an add-on/modification to the California Consumer Privacy Act of 2018, which has been...more
If you’ve relied on the temporary “exemption” for employee/applicant and business-to-business (B2B) personal information under the California Consumer Privacy Act (CCPA), those exemptions will expire on January 1, 2023. The...more
Most privacy laws derive from the same core foundational principles, namely the Fair Information Practice Principles (FIPPs). This includes the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act of...more
On November 3, 2020, California voters approved Proposition 24, a ballot initiative which enacted the California Privacy Rights Act (“CPRA”). The CPRA amends the California Consumer Privacy Act (“CCPA”), the most sweeping...more
Colorado became the third state to enact comprehensive data privacy legislation when Gov. Jared Polis signed the Colorado Privacy Act (CPA) on July 8, 2021. The CPA shares similarities with its stateside predecessors, the...more
The EDPB issued an opinion on the draft Standard Contractual Clauses (SCC) for a controller-processor data processing agreement under Article 28 (Data Processing Agreements) submitted by the Lithuanian supervisory authority. ...more
Keypoint: The Colorado Privacy Act passed unanimously out of committee last week but not before lawmakers revised many of its pro-consumer provisions to pro-business. On May 5, 2021, the Colorado Senate Business, Labor &...more
In addition to the not-insignificant €2.25 million fine, CNIL's enforcement action against Carrefour France raises some universal points for companies handling data, both in the EU and in the U.S. Big Picture Takeaways:...more
As more organizations find themselves under scrutiny for the way they collect and use consumer data, maintaining CCPA compliance has never been more important. CCPA has been introduced to give control back to consumers,...more
Shook Weighs in on Updated CCPA Regulations - In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
Likely, yes. A consumer’s right to deletion is subject to a number of exceptions. One of these exceptions is to “comply with a legal obligation.”...more
In the last two years, businesses have been catapulted into a dizzying new world, with privacy expectations and requirements that were unheard of just two years ago. ...more
With the enactment of the European General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act ("CCPA”), the restaurant and food service industry has been forced to cope with a shifting privacy...more
Washington State is already shaping up as a center of state privacy legislation for 2020. Last year, SB 5376 (also known as the Washington Privacy Act, or WPA) gained significant traction in the legislature, passing the...more
On October 11, 2019, the California Attorney General issued long-awaited draft Regulations to the California Consumer Privacy Act (CCPA). The draft Regulations provide helpful clarity on some core aspects of California’s...more
The California Consumer Privacy Act (CCPA), which we discussed last year, goes into effect on January 1, 2020. Its record-keeping requirements become effective on July 1, 2019. If your small- or medium-size business is based...more
The California Consumer Privacy Act (CCPA), which takes effect in 2020, has been dubbed “GDPR-Lite” or “California GDPR” because it shares many concepts and compliance obligations with the EU General Data Protection...more
Santa’s practice of monitoring behavior of children across the globe has been publically disclosed for decades, but the recent implementation of the EU General Data Protection Regulation (GDPR) and enactment of the California...more
As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation...more
The California legislature unanimously approved and California Governor Jerry Brown signed into law the California Consumer Privacy Act of 2018 (CCPA) on June 28, 2018. The CCPA is arguably the most far-reaching data...more
With California enacting a sweeping new data privacy law on June 28, now is the time for companies to review and adjust to how the California Consumer Privacy Act will impact their business. The act, which has broad...more