In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
5/14/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
On February 1, 2024, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with that would require Blackbaud Inc. (“Blackbaud”) to delete personal data it does not need to retain and upgrade...more
2/7/2024
/ Certifications ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Deletion ,
Data Management ,
Data Protection ,
Data Retention ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Ransomware ,
Settlement ,
Third-Party
On August 7, 2023, the Commissioner of Data Protection of the Dubai International Financial Centre (the DIFC), a financial free-zone in the United Arab Emirates, issued the first adequacy decision regarding the California...more
8/18/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Dubai ,
Information Governance ,
International Data Transfers ,
Personal Data ,
United Arab Emirates (UAE)
On March 2, 2021, the Governor of Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, which goes into effect on January 1, 2023. The law applies only to businesses with large amounts of consumer data...more
The European Commission recently published two highly anticipated draft documents to facilitate data transfers. The first was the new, updated and modernised standard contractual clauses (“New SCCs”) for the transfer of...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
On July 16, 2020, the Grand Chamber of the Court of Justice of the European Union (CJEU) in Luxembourg handed down its highly anticipated judgment in a case brought by privacy activist Max Schrems (C-311/18, Data Protection...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
We reported in July 2019 that the Court of Justice of the European Union (CJEU) heard a case brought by privacy-rights activist Max Schrems, challenging the validity of Standard Contractual Clauses (SCCs), which are widely...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Subjects Rights ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
National Security ,
Personal Data ,
Privacy Laws ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
• The Draft Regulations introduced by the California Attorney General’s Office on October 10, 2019 are subject to a public comment period and public hearings that will close on December 6, 2019. Now is the time to act to try...more
10/29/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
8/6/2019
/ Cookies ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
Data Use Policies ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular
On 9 July 2019, the Court of Justice of the European Union (CJEU) in Luxembourg heard a case brought by privacy-rights activist Max Schrems (C-311/18, Data Protection Commissioner v Facebook Ireland Limited, Maximilliam...more
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information