On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
The Consumer Financial Protection Bureau has issued a Final Rule establishing “open banking” and interoperability requirements for bank and non-bank financial services companies and implementing privacy rights for consumers....more
On August 24, 2023, twelve international data protection and privacy regulators from the Americas, Europe, Africa, and APAC announced their “global expectations of social media platforms and other sites to safeguard against...more
Over the last 18 months, a new privacy litigation battlefront has emerged: Website operators across a range of industries find themselves inundated with class action suits or requests for arbitration based on alleged...more
On 11 July 2023, the Department of Commerce’s International Trade Administration (ITA) published an operational update (Update) on implementation of the EU-U.S. Data Privacy Framework (DPF). Significant takeaways for Privacy...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
Momentum is growing for a federal privacy law in the United States. A bipartisan group of House and Senate leaders have released a discussion draft of a baseline consumer data protection legislation. The American Data...more
On March 25, 2022, The European Commission and the United States Government announced they had “agreed in principle” on a new Trans-Atlantic Data Privacy Framework (”Framework”) to enable flows of personal data from the EU to...more
At our recent global conference we held in partnership with Global Digital Finance, our keynote speaker suggested that the three major drivers for financial institution regulators and policy makers for the next few years...more
Whether it’s through mobile gaming or live streaming, young people are spending more time than ever participating in the virtual world. Yet, in-game chat functionality, online trolls, loot boxes and advertising are posing...more
9/16/2021
/ Advertising to Minors ,
Children's Online Games ,
COPPA ,
Entertainment Industry ,
eSports ,
Gambling ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Live Streaming ,
Loot Boxes ,
Minor Children ,
Minors ,
Mobile Apps ,
Online Gaming ,
Online Safety for Children ,
Regulatory Requirements ,
Trolls ,
Webinars
On July 19, California’s recently appointed Attorney General, Rob Bonta, launched an interactive tool to aid consumers with drafting notices of noncompliance for businesses who fail to publish the “Do Not Sell My Personal...more
Although the U.S. has no federal law that specifically regulates artificial intelligence (AI), the Federal Trade Commission (FTC) has indicated that it may be preparing to exercise its consumer protection authority with...more
6/10/2021
/ Algorithms ,
Antitrust Provisions ,
Artificial Intelligence ,
Bias ,
Big Data ,
Discrimination ,
ECOA ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Machine Learning ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Section 5 ,
Unfair or Deceptive Trade Practices
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
California voters have spoken: in November 2020, they voted to enact the California Privacy Rights Act (CPRA), which will mark a significant expansion of California’s existing privacy laws when it takes effect on January 1,...more
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more
After a long period of uncertainty about the effective date of Brazil’s General Data Protection law (LGPD), Brazil’s Congress on Wednesday dramatically approved a last-minute amendment to legislation that accelerated the...more
On Friday, the California Attorney General issued the final implementing regulations for the California Consumer Privacy Act (CCPA). The final regulations—which had been under review by the California Office of Administrative...more
8/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
State and Local Government
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/31/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Last Friday, the European Data Protection Board (EDPB) released Frequently Asked Questions about the European Court of Justice's Schrems II case. ...more
7/31/2020
/ Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union today invalidated the EU-US Privacy Shield and called into question the extent to which EU data exporters could rely on the European Commission’s Standard Contractual Clauses for...more
It’s official. The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. And if polling from late last year remains accurate, California voters are likely to approve...more
6/26/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personally Identifiable Information ,
State and Local Government
On June 1, The California Attorney General (CA AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval. ...more
6/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General