On May 4, 2020, the European Data Protection Board (EDPB) adopted two important revisions to its 33-page Guidelines on Consent (Guidelines) under the General Data Protection Regulation (GDPR). The Guidelines are highly...more
Republican members of the Senate Commerce, Science and Transportation Committee formally introduced legislation on May 7, 2020, to give Americans more control over and insight into how their personal health, proximity and...more
5/12/2020
/ Consumer Privacy Rights ,
Contact Tracing ,
Data Collection ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Geological Data ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
Public Health Emergency
Cybersecurity threat actors are targeting information of businesses seeking assistance during this time of crisis. For example, last week the Small Business Administration (SBA) reported a suspected data breach, affecting...more
Akin Gump cybersecurity, privacy and data protection co-heads Natasha Kohne and Michelle Reed discuss the California Consumer Privacy Act and its implications for business in this episode recorded in mid-March....more
- The California Attorney General Office (AGO) issued revised proposed regulations (Version 2) regarding the California Consumer Privacy Act on February 7, 2020. The AGO will collect comments on the revised regulations until...more
2/21/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
- The Washington state Senate has passed its version of a consumer data privacy bill as state lawmakers debate proposed legislation for the Washington Privacy Act, the state’s first data privacy law.
- In their own bill,...more
2/19/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Legislative Agendas ,
Opt-Outs ,
Personally Identifiable Information ,
Preemption ,
Privacy Legislation ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Right-To-Access
Key Points -
- The Online Privacy Act was introduced in the House of Representatives. If passed, it would establish individual privacy rights related to personal information.
- The Filter Bubble Transparency Act was...more
11/8/2019
/ Covered Entities ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
New Legislation ,
Online Platforms ,
Personal Data ,
Personal Information ,
Privacy Laws
With the expansion of privacy legislation—from the General Data Protection Regulation (GDPR) in Europe to the coming California Consumer Privacy Act (CCPA) in the United States—cyber liability insurance is taking on increased...more
11/4/2019
/ California Consumer Privacy Act (CCPA) ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Denial of Insurance Coverage ,
Incident Response Plans ,
Insurance Contracts ,
Insurance Litigation ,
Liability Insurance ,
Litigation Fees & Costs ,
Policies and Procedures ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Risk Mitigation ,
Third-Party Liability
• The Draft Regulations introduced by the California Attorney General’s Office on October 10, 2019 are subject to a public comment period and public hearings that will close on December 6, 2019. Now is the time to act to try...more
10/29/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
Bahrain’s Ministry of Justice will temporarily assume the functions and powers prescribed to the Data Protection Authority (the “Authority”) under Bahrain’s new Personal Data Protection Law. (Decree No. 78 of 2019.) It will...more
Attorney General Becerra held a press conference on October 10th, 2019, and announced the release of proposed regulations concerning the California Consumer Privacy Act (CCPA). He stressed that privacy is an inalienable right...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Public Comment ,
State Attorneys General
Alastair Mactaggart, the real estate developer who led the push for the California Consumer Privacy Act (CCPA), is at it again. Mactaggart and his organization, Californians for Consumer Privacy, have submitted a new ballot...more
9/27/2019
/ Algorithms ,
Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
State Agencies
• The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. The window of opportunity to pass federal privacy legislation to preempt the CCPA in the 116th Congress is rapidly closing.
• Discussions are...more
9/26/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Preemption ,
Privacy Laws ,
Private Right of Action
On May 29, 2019, Nevada’s governor approved a new privacy law, Senate Bill 220 (“SB 220”). SB 220 amends existing state law that requires operators of websites and online services (“Operators”) to post privacy notices on...more
9/12/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data Use Policies ,
New Legislation ,
Online Platforms ,
Operators ,
Opt-Outs ,
Permanent Injunctions ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
State Data Privacy Laws ,
Statutory Penalties ,
Third-Party Service Provider ,
Websites
On September 4, 2019, the Federal Trade Commission (FTC or the “Commission”) announced a settlement with YouTube and its parent Google that resolves allegations that the companies violated the Children’s Online Privacy...more
9/10/2019
/ COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Google ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Settlement ,
Settlement Offer ,
Statutory Penalties ,
Statutory Violations ,
Website Owner Liability ,
Websites ,
YouTube
On August 1, 2019, Bahrain’s Personal Data Protection Law (PDPL) (Law No. (30) of 2018) took effect. The PDPL aims to align Bahrain’s data protection framework more closely with global best practices and regulates the...more
8/21/2019
/ Bahrain ,
Best Practices ,
Civil Liability ,
Criminal Liability ,
Criminal Penalties ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
International Data Transfers ,
New Legislation ,
Personally Identifiable Information ,
Written Consent
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
8/6/2019
/ Cookies ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
Data Use Policies ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more
8/5/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Cuomo ,
HIPAA Breach ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
SHIELD Act ,
State Data Breach Notification Statutes
As the privacy debate heats up on Capitol Hill, Rep. Anna Eshoo (D-CA), a senior member of the House Energy and Commerce Committee, and Rep. Zoe Lofgren (D-CA), a senior member of the House Judiciary Committee—both of Silicon...more
• May 31, 2019, was the deadline for the California Legislature to pass bills out of the chamber in which they were introduced. Several measures proposing amendments to the California Consumer Privacy Act (CCPA) passed the...more
6/5/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing
• On May 23, 2019, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert describing its observations in past examinations of weaknesses and best practices...more
5/29/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Storage Providers ,
Identity Theft ,
Identity Theft Red Flags Rule ,
Investment Adviser ,
OCIE ,
Policies and Procedures ,
Regulation S-ID ,
Regulation S-P ,
Regulatory Requirements ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider ,
Vendors
The EU General Data Protection Regulation (GDPR), which revised and sought to ensure greater harmonization of the European Union’s data protection framework, took effect in May 2018. Among the changes it introduced was the...more
2/21/2019
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Goods or Services ,
International Data Transfers ,
Proposed Guidance
• In his State of the State address, Governor Newsom proposed a “Data Dividend” that would apparently entitle Californians to compensation for the use of their data. If passed, it would be the first measure of its kind in the...more
2/20/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Use Policies ,
Data-Sharing ,
Dividends ,
Duty to Protect ,
Legislative Agendas ,
Personal Data ,
State of the State ,
Tax Revenues
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding seven public forums and accepting...more
2/7/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General