Kilpatrick’s John Brigagliano recently spoke at the Association of Corporate Counsel (ACC) DFW Annual In-House Symposium in Frisco, Texas. John spoke on the topic of “Privacy in a Flash: Keeping Up with Rapid Changes in State...more
Starting January 2025, five state privacy laws will take effect, providing consumer privacy rights to a new swath of individuals across the country. Delaware, Iowa, Nebraska, and New Hampshire’s laws will go into effect on...more
As state-level privacy laws continue to expand in the absence of federal legislation, businesses must prepare to meet a growing patchwork of requirements or risk penalties and reputational harm. In 2025, eight additional...more
On May 16, 2024, the Illinois Legislature passed Senate Bill 2979 (SB2979), clarifying how damages are calculated under the Illinois Biometric Information Privacy Act (BIPA). 740 ILCS 14/1, et seq. This amendment confirms...more
On July 1, 2024, three more U.S. state privacy regulations will take effect. While these laws align with many of the principles established by other state privacy laws, they also introduce unique compliance requirements...more
The United States privacy landscape becomes more cluttered by the week. While most of the legal media is focusing on federal legislation coming out of Washington, the most significant privacy development in the United States...more
Given the increasing number of data privacy laws in the U.S., entering into appropriate data processing agreements (“DPAs”) with vendors has now become a critical component of vendor management. It can also be one of the most...more
In March of this year, we wrote about “secondary use” consent requirements under the CCPA and Colorado’s CPA. Since that post, the number of U.S. state privacy laws has roughly doubled. Determining consent requirements under...more
The pace of privacy developments in 2023 has been breathtaking. Since our recent alert regarding Iowa’s comprehensive data privacy law and Colorado’s finalized rules, there have been a number of key developments in data...more
On March 28, 2023, Iowa became the sixth state to enact a comprehensive consumer privacy law. If the thought of having to comply with yet another state privacy law is causing a sense of panic, fret not. Iowa’s bill is largely...more
One internet search of the CCPA or the CPA reveals a plethora of articles outlining standard data protection requirements under those laws, from privacy notice requirements to new mandatory contractual provisions. But the...more
The Illinois Supreme Court ruled that a company violates the Illinois Biometric Information Privacy Act (BIPA) each time the company scans a person’s biometric information (e.g., fingerprints) without consent—not just upon...more
It’s been a blazing hot summer and privacy professionals have been sweating to keep up with all of the updates from the last few months. We all knew this was going to be a busy year with updating European data transfer...more
State legislative activity kicked off with a frenetic pace in 2022 and it seemed that there would be a number of new comprehensive privacy laws this year. Surprisingly to some, many of those efforts in other states fizzled...more
Efforts to Delay the LGPD Fail -
As noted by our firm earlier this spring, Brazilian authorities have considered delaying the General Personal Data Protection Law’s (“Lei Geral de Proteção de Dados” or “LGPD”) effective...more
Any organization that relies on certification under the EU-U.S. Privacy Shield framework and/or entering into the Standard Contractual Clauses (“SCCs” or “Model Clauses”) to effectuate personal data transfers from the...more
7/22/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
On January 21, 2020, Kilpatrick Townsend attorneys Vita Zeltser and John Brigagliano presented a webinar on U.S. biometric data privacy, as a part of Kilpatrick’s regular Retail and Consumer Goods webinar series. The...more
When you rub the magic lamp and are offered three wishes for your digital advertising program, how can you use those wishes to avoid €50,000,000 fines from the French CNIL?
Transparency: You need to disclose clearly the...more
On July 10, 2018, the Brazilian Federal Senate approved a General Data Protection Regulation (“Lei Geral de Proteção de Dados” or “LGPD”). The bill, was largely inspired by the European General Data Protection Regulation...more