The European Parliament is urging the United States to reform its surveillance laws to pave the way for transfers of personal data between the European Union and the U.S.
"For data controllers that fall within the scope of...more
Transfers for compliance with U.S. law can generally be done under the General Data Protection Regulation (GDPR) Article 49 derogation, said the United Kingdom's Information Commissioners Office (ICO) in a letter to the U.S....more
The United Kingdom's High Court of Justice, in the case of Soriano, determined there was no real prospect of success on the merits in a case seeking extraterritorial applicability of the EU's General Data Protection...more
A new consumer data protection bill has been introduced in the Virginia Senate.
Of note:
•“Consumer” terminology is here to stay but the bill uses the General Data Protection Regulation’s terms “personal data” and...more
In addition to the not-insignificant €2.25 million fine, CNIL's enforcement action against Carrefour France raises some universal points for companies handling data, both in the EU and in the U.S.
Big Picture...more
While we are all digesting (and lamenting) the European Data Protection Board's post-Schrems II Guidelines and cross-border transfer standard contractual clauses, the European Commission issued standard clauses that are meant...more
CCPA / CPRA for US and EU businesses -
Deep dive on CCPA's impact on European Businesses: A webinar for German and European businesses.
Main Topics
- Is my business affected by CCPA and why?
- I am already GDPR...more
12/1/2020
/ Adtech ,
Analytics ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cookies ,
Data Privacy ,
Data Sellers ,
Do Not Sell ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Opt-Outs ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Webinars ,
Websites
In the wake of the European Data Protection Board guidance on Post-Schrems II data transfers, which may render the question of using the clauses moot for some companies, the European Commission issued draft standard...more
Brace yourselves, the post-Schrems II supplemental measures are coming!
The European Data Protection Board adopted recommendations on measures that supplement transfer tools to ensure compliance with the European Union...more
The UK Information Commissioner's Office recently issued an enforcement notice against Experian under the General Data Protection Regulation (GDPR) in connection with its actions as a data broker related to direct...more
Norway's Data Protection Authority, Datatilsynet Norway, issued a Q&A on cross-border transfers in the wake of the Schrems II ruling-
Key Takeaways-
•Access to European Union data from a third country constitutes a...more
How does GDPR apply to the transfer of personal data from an EU entity to an international organization?
“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the...more
The U.S. government has published a whitepaper that outlines the robust limits and safeguards in the United States pertaining to government access to data in an effort to assist organizations in assessing whether their...more
Time for a U.S. federal privacy law?
“U.S. Sen. Roger Wicker, R-Miss., chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled, “Revisiting the Need for Federal Data Privacy...more
A new post-Schrems II transfer solution for cloud services?
The EU Cloud Code of Conduct General Assembly, creators of the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer...more
“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data...more
The Data Protection Authority for the German state of Baden-Württemberg has issued FAQs on the European Data Protection Board's (EDPB) Controller-Processor Guidelines.
Legal Concepts-
•Contractual clauses can represent...more
Key principles
Definitions-
•Aggregated data and de-identified data: Uses definitions similar to that in the California Consumer Privacy Act (CCPA) requiring a public commitment not to re-identify and contractual...more
The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.
Its provisions are closer to the European Union’s General Data Privacy...more
Automatic photo taking is excessive as a way to monitor employee working hours and a less invasive method should be used, French data privacy regulator CNIL told a number of employers...more
The data protection authority of the German state of Baden-Wurttemberg issued a guidance for European Union data exporters in the wake of the Schrems II decision by the Court of Justice of the European Union (CJEU), which...more
In the wake of the UK A-Level algorithm fallout, the U.S. National Institute of Standards and Technology (NIST) has published a report, for public comment, on the Four Principles of Explainable Artificial Intelligence.
“AI...more
The California Attorney General has announced that the state’s Office of Administrative Law (OAL) granted its approval of final regulations under the California Consumer Privacy Act (CCPA). They are effective immediately....more
New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield.
“The Schrems litigation has again sent international shock waves in striking down a key EU/U.S....more
Poland’s Data Protection Authority UODO weighs in on “employee of the month” postings in the workplace.
•The employer may, under certain conditions, display the best performance results in the workplace, based on his...more