Several comprehensive privacy bills are being considered at the state level. This blog post provides notable updates on bills companies should be paying attention to as they move through their respective legislatures....more
In our second California Privacy Update, we continue to closely follow updates in California privacy law, especially those to the California Privacy Rights Act (CPRA). Below are the recent updates to the California’s privacy...more
The European Commission has presented its draft Data Act, which will affect a broad range of companies and heavily emphasizes data accessibility and fairness. Companies should begin to evaluate their current practices and...more
Several comprehensive privacy bills are being considered at the state level. This blog post provides notable updates on bills companies should be paying attention to as they move through their respective legislatures. We will...more
Last week, two bills were proposed in Congress aimed at improving consumer privacy protection. These proposals focus on specific areas of privacy law – health data that falls outside of HIPAA and do-not-track signals....more
French regulators have held that the use of Google Analytics violates the GDPR, a decision that likely has broad implications for web analytics companies and website operators.
On February 10, 2022, the French Data...more
2/16/2022
/ Analytics ,
CNIL ,
Corporate Counsel ,
Data Protection Authority ,
Facebook ,
FISA ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II
The California Consumer Privacy Act (CCPA) may seem like old news, especially now that Virginia and Colorado have also passed comprehensive privacy laws, but businesses must continue to pay attention to California if they...more
The Colorado AG recently provided guidance on data security best practices. Companies doing business in Colorado, especially those subject to the Colorado Privacy Act, should be paying attention to what is required under...more
Businesses that transfer personal data to and from the United Kingdom will soon have clarity regarding transfers from the UK to recipients outside the EU/EEA.
On February 2, 2022, the United Kingdom Secretary of State...more
Last week, the Belgian Data Protection Authority ruled that the IAB’s cookie consent framework violated the GDPR. This decision has tremendous potential implications on the ad tech industry, as both publishers and advertisers...more
2/8/2022
/ Adtech ,
Advertising ,
Belgium ,
Consent ,
Cookies ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Publishers
As we had written about previously, there are several comprehensive privacy bills being considered at the state level. This blog post provides notable updates on bills companies should be paying attention to as they move...more
Last week, the Federal Trade Commission (“FTC”) released two guidance documents to aid in compliance with its Health Breach Notification Rule (“the Rule”), which requires “vendors of personal health records” or “PHR related...more
As companies prepare for new privacy laws to go into effect in California, Virginia, and Colorado, they should also keep an eye out on other states that are looking to pass their own “comprehensive” privacy legislation....more
Virginia lawmakers are considering multiple amendments to Virginia’s Consumer Data Protection Act (CDPA). These amendments mostly address a variety of open issues under the law, including the right to cure, how businesses can...more
On June 7, 2021, the Colorado House of Representatives passed the Colorado Privacy Act (CPA), a comprehensive privacy law similar to the California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA), as well...more
6/9/2021
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
On June 4th, 2021, the European Commission adopted and published a new set of so-called standard contractual clauses (“SCCs”) providing a legal basis for international transfers of personal data from the EU/EEA to third...more
6/7/2021
/ EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
On March 17, California officials announced the inaugural membership of the five-member board for the California Privacy Protection Agency (CPPA). The formation of the CPPA is a requirement of the recently passed California...more
The long wait to see if any state would join California in passing a comprehensive privacy law is finally coming to an end, as the Virginia Senate passed the Virginia Consumer Data Protection Act (CDPA) on February 3. An...more
On January 15, 2021, the Fifth Circuit vacated a $4.3 million penalty that the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) had issued against the University of Texas M.D. Anderson Cancer...more
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more
12/23/2020
/ 21st Century Cures Act ,
Business Associates ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
NIST ,
Penalties ,
Rulemaking Process
On December 10, 2020, less than two months after proposing previous modifications, the California Attorney General’s Office proposed a fourth set of modifications to the California Consumer Privacy Act (CCPA) regulations...more
On November 3, the California Privacy Rights and Enforcement Act (“CPRA”) was voted into law with close to 56 percent of California voters supporting the measure. The CPRA is the latest comprehensive privacy law to pass in...more
Less than a month before Californians are to vote on the California Privacy Rights Act (CPRA), the California attorney general (California AG) proposed a third set of modifications to the California Consumer Privacy Act’s...more
In a flurry of legislative activity, the California legislature passed a number of last-minute privacy bills that now await the signature of Governor Gavin Newsom in order to go into effect. As was expected, the California...more
In the wake of COVID-19, businesses have a host of health regulations and recommendations to consider before they resume in-person activity. Some employers plan to screen for symptoms, including regular thermal testing (or...more