After a number of data protection authorities issued statements demonstrating differing approaches to cross-border transfers to the U.S. in the wake of the Court of Justice of the European Union’s decision in Schrems II (e.g....more
The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection...more
The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
Comments to the final California Consumer Privacy Act regulations asked if the CCPA carve-out regarding the Gramm Leach Bliley Act (GLBA), the data protection law governing US financial institutions, applies...more
Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data...more
A comment requested that the California Attorney General clarify the specific requirements for making privacy notices “easy to read and understandable to the average consumer” under the California Consumer Privacy Act...more
As lockdown restrictions ease and businesses begin to reopen, the UK Information Commissioner's Office (ICO) has set out the key steps organizations need to consider around the use of personal information. They are:...more
More responses from the California Attorney General to questions about the final California Consumer Privacy Act regulations:
Q. Can a business use an IP address to determine if a website visitor is a California...more
The California Attorney General has addressed a wide range of questions from businesses and other interested parties, in responding to comments to final California Consumer Privacy Act (CCPA) regulations. Here are three...more
In the detailed summaries of comments to the final California Consumer Privacy Act (CCPA) regulations, responses from the California Office of the Attorney General indicate that some areas and issues flagged in the comments...more
Exactly which consumer rights need to be explained in a privacy notice? The California Attorney General recently addressed this question in responding to comments to final California Consumer Privacy Act (CCPA)...more
The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union's General Data...more
California’s Attorney General won’t delay enforcement of key provisions of the California Consumer Privacy Act, but will use prosecutorial discretion in enforcing them, according to its Final Statement of Reasons for the...more
California Attorney General Xavier Becerra has submitted a final California Consumer Privacy Act (CCPA) regulations package. The final version is essentially identical to version three of the regulations released in early...more
Italy’s data protection agency, Italian Garante, has offered its opinion on a regulatory proposal for the creation of a COVID-19 tracing app.
The proposed contact tracing system does not appear to conflict with the...more
Data Protection Authorities for France and the Netherlands have weighed in on the use of temperature taking in the fight against the spread of COVID-19...
...more
A group of Republican U.S. senators plan to introduce legislation to protect user privacy in relation to contact-tracing apps used to combat the spread of COVID-19.
“While the severity of the COVID-19 health crisis cannot...more
The Federal Trade Commission has issued guidance on using artificial intelligence (AI) in algorithms.
Key Takeaways:
The use of AI tools should be transparent, explainable, fair and empirically sound, while fostering...more
The United Kingdom's Information Commissioner's Office has issued an opinion on the joint initiative by Apple and Google, referred to as the Contact Tracing Framework (CTF), to enable the use of Bluetooth technology to help...more
The European Data Protection Board (EDPB) adopted a letter concerning the European Commission's draft guidance on apps supporting the fight against the COVID-19 pandemic.
Key Takeaways-
•The EDPB welcomes the Commission’s...more
In a new guidance for employers, Hungary's Nemzeti Adatvédelmi és Információszabadság Hatóság Data Protection Authority provides a helpful to-do list to help companies comply with the EU's General Data Protection Regulation...more
The Executive Committee of the Global Privacy Assembly (GPA) weighs in on data privacy and the coronavirus pandemic.
•The universal data protection principles in all our laws will enable the use of data in the public...more
Ireland’s Data Protection Commission weighs in on the issue of COVID-19 and data access requests:
“The Data Protection Commission acknowledges the significant impact of the Covid-19 health crisis which may affect...more
Coronavirus and Data Protection: New York Department of Financial Services had extended the deadline for compliance with its cybersecurity requirements.
•The Superintendent of Financial Services of the State of New York...more