State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
On July 23, 2025, Cambodia released a draft of its first ever comprehensive personal data protection law, the Law on Personal Data Protection (“LPDP”). Once passed, Cambodia will join the ranks of seven other countries...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions,...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
Maryland will soon have some of the strictest data protection and privacy requirements in the nation after the Maryland Online Data Privacy Act of 2024 (MODPA) was signed into law by Gov. Wes Moore last week....more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
Introduction - The General Data Protection Regulation (Regulation (EU) 2016/679) is the EU regulation which is directly applicable in all member states of the EU, including the Czech Republic, as of 25 May 2018. The new...more
The PDPL has broad extraterritorial scope and substantial penalties for non-compliance, with full enforcement expected to start in September. The Personal Data Protection Law (PDPL) is the first comprehensive data...more
On January 18, 2024, New Hampshire’s State Legislature enacted the Expectation of Privacy Act (the “Act”). Following the Governor’s signature, the Act will take effect January 1, 2025. SCOPE - The Act defines...more
Generative AI models access vast pools of information from a wide variety of sources, including information users add in prompts. This can include private or sensitive information, which may be used without consent and may be...more
Texas, long lauded as one of the most “business-friendly” states, has passed a comprehensive privacy law that will bring new regulations to consumer personal data. The new Texas Data Privacy and Security Act (“TDPSA”), H.B....more
2022 saw significant regulatory developments in the field of privacy protection in Israel and throughout the world. These developments directly affect companies whose business activities in Israel and internationally involve...more
After the recent Court of Justice of the European Union decision on sensitive inferences that can be drawn from the name of your spouse, it is fair to ask: Is everything sensitive data (special category data)?...more
A data inventory is a detailed account of how a business processes personal data. While this is not an exhaustive list, a data inventory should contain information such as purpose of collecting the data, volume of individual...more
What does the Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case of Meta vs. the German Bundeskartellamt tell us regarding the scope of what constitutes “sensitive information,” “contractual...more
Beginning next summer, business that meet certain thresholds must comply with the Connecticut law, including several - now common place - individual privacy rights and a requirement to obtain opt-in consent before processing...more
Connecticut’s new consumer privacy law imposes enhanced privacy disclosures and assessment requirements on businesses, and provides consumer rights similar to those in Europe’s GDPR, the California Privacy Rights Act (CPRA),...more
On January 1, 2023, the Virginia Consumer Data Protection Act (VCDPA) will go into effect. With passage of the law earlier this year, Virginia joined Colorado and California as the only states to enact comprehensive privacy...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
Privacy laws have entered the compliance world by storm and are quickly changing data privacy practices. The most recent state, Colorado, passed the Colorado Privacy Act (CPA) into law on July 7, 2021. This new act follows...more
Authors: David Manek, Joe Shepley and Mark Melnychenko The California Privacy Rights Act (CPRA) which goes live January 1, 2023 introduces data retention and deletion requirements very similar to those that we see in the...more
There are many similarities between the Colorado Privacy Act (ColoPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data privacy Act (VCDPA), and Europe’s GDPR,...more
Despite its antecedents in one of the most widely cited law review articles of all time from more than 130 years ago, modern United States privacy law is roughly twenty years old. Even though still in its relative infancy,...more
The Virginia Consumer Data Protection Act (CDPA) overwhelmingly passed both legislative chambers this month and is expected to be signed by the Governor in the coming weeks with an effective date of January 1, 2023. Best...more