AI companies should familiarize themselves with trade secret law to safeguard their innovations. A company does not need to register a trade secret to invoke it in litigation, unlike other IP protections. Trade secrets can...more
The Department of Justice (DOJ) has proposed a significant restriction on cross-border transfers of sensitive personal data to designated “countries of concern.” The goal is to address national security risks posed by...more
12/13/2024
/ Biometric Information ,
CFIUS ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Department of Justice (DOJ) ,
International Data Transfers ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
Personal Data ,
Popular ,
Proposed Rules
The children’s privacy and online safety regulatory landscape is evolving quickly. To keep up, companies subject to U.K. law should understand their users, enhance safety features and conduct risk assessments, all while...more
If passed, the proposed American Privacy Rights Act would dramatically transform data privacy compliance obligations for companies operating in the United States. Shannon Yavorsky — head of Orrick’s global Cyber, Privacy &...more
5/2/2024
/ Covered Entities ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Financial Regulatory Reform ,
Financial Services Industry ,
Legislative Agendas ,
Privacy Laws ,
Proposed Legislation
As companies increasingly leverage AI in their operations, the obligations and expectations for AI-related consumer disclosures continue to evolve. As a result, companies seeking to use consumer-oriented AI face uncertainty...more
Two laws take effect in Utah on May 1 that impose legal requirements on a broad range of generative AI uses. The laws: With the implementation of these laws, Utah becomes one of the first U.S. states to impose specific...more
Over 5,000 privacy professionals from around the world gathered in Washington, D.C. this month for the International Association of Privacy Professionals’ Global Privacy Summit 2024. The conference focused on debating the...more
Two leading U.S. legislators have unveiled a bipartisan plan to enact the first comprehensive federal data privacy law. The proposed American Privacy Rights Act (APRA) largely mirrors common themes in the patchwork of state...more
On February 28, 2024, President Biden issued Executive Order 14117, calling for new regulations to prohibit or restrict transactions that enable countries of concern to access sensitive U.S. personal and government data. The...more
New Jersey has become the first state to enact a comprehensive consumer privacy law in 2024.
The New Jersey Data Privacy Act will take effect January 15, 2025. The law draws inspiration from the comprehensive state consumer...more
California Gov. Gavin Newsom has signed a bill into law aimed at letting consumers delete their personal information in the hands of data brokers in California....more
On July 10, 2023, the European Commission formally approved the EU-U.S. Data Privacy Framework (“DPF"). You can view our brief video discussion about the DPF or read our initial update.
Companies that maintained their...more
This essential guide to the European Data Act is part of Orrick’s Cybersecurity & Privacy Compass Series. The Cybersecurity & Privacy Compass is your global guide to constant cybersecurity and privacy change.
In this guide,...more
Europe is in the midst of a transformation of its regulatory strategy for digital technologies. The EU has passed or proposed a number of laws affecting digital service providers in a broad range of legal areas and sectors....more
On December 19, 2022, the FTC announced two record-breaking settlements with Epic Games, Inc.—a video game developer, best known for the game Fortnite—for a combined total of $520 million: The key takeaways from these...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
After months of anticipation, the European Data Protection Board (EDPB) adopted new Guidelines on the calculation of administrative fines under the GDPR in May 2022. With the newly released Guidelines, the EDPB seeks to...more
Looking towards 2023, organizations should be mindful of the effective dates of several new state privacy laws in the U.S. Companies should review the new laws to evaluate their applicability and identify potential...more
9/16/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
State Privacy Laws
The U.S. Legislature has proposed the first bipartisan comprehensive consumer data protection law, the American Data Privacy and Protection Act (ADPPA). If enacted, the United States would join over 100 countries and several...more
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
The United States ("U.S.") and the European Commission ("EU Commission") recently announced an “agreement in principle” to develop a new Trans-Atlantic Data Privacy Framework (“Framework”). The Framework is intended to...more
A “Kafkaesque” bank customer service experience in France has led to a “Right to be Forgotten” own-goal. Following a decision handed down by the judicial tribunal of Grenoble, France, on 7 February 2022, a French bank has...more
To help your company get its United States (U.S.) state privacy compliance program on the right track in 2022, Orrick's Cyber' Privacy & Data Innovation Group has analyzed the differences between key topics for the California...more
3/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
The California Privacy Rights Act (CPRA) became law on December 16, 2020, and amended the California Consumer Privacy Act (CCPA). When the CPRA becomes fully operative on January 1, 2023, these important changes, among...more