On April 1st, 2025, the General Court of the European Union held its first hearing on the request initiated by member of French parliament Philippe Latombe for annulment of the EU-U.S. Data Privacy Framework (“DPF”) further...more
On 19 March 2025, the European Data Protection Board published an updated procedure for co-operation between EU data protection supervisory authorities approving GDPR Binding Corporate Rules for intra-group transfers of EU...more
On 24 April 2024, the European Data Protection Board ("EDPB") released a set of guidance documents and template complaint forms to facilitate the implementation of the redress mechanisms corresponding to the EU-U.S. Data...more
On 11 July 2023, the Department of Commerce’s International Trade Administration (ITA) published an operational update (Update) on implementation of the EU-U.S. Data Privacy Framework (DPF). Significant takeaways for Privacy...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
On March 25, 2022, The European Commission and the United States Government announced they had “agreed in principle” on a new Trans-Atlantic Data Privacy Framework (”Framework”) to enable flows of personal data from the EU to...more
On July 19, California’s recently appointed Attorney General, Rob Bonta, launched an interactive tool to aid consumers with drafting notices of noncompliance for businesses who fail to publish the “Do Not Sell My Personal...more
The California Privacy Rights Act (CPRA) will require businesses to update their privacy notices with additional disclosures and post website links that allow consumers to exercise their new rights under the CPRA. In this...more
As we have previously highlighted, the California Privacy Rights Act (CPRA) has created several new consumer rights that will require businesses to change existing California Consumer Privacy Act (CCPA) compliance programs. ...more
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more
California voters have approved the California Privacy Rights Act (CPRA or Proposition 24), a new law coming into effect on January 1, 2023 that will significantly amend the California Consumer Privacy Act (CCPA). ...more
11/6/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
On October 12, the California Attorney General announced a new set of proposed modifications to the CCPA regulations. Although this third set of proposed modifications is relatively brief, they would reinstate some provisions...more
10/27/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
State and Local Government ,
State Attorneys General
After a long period of uncertainty about the effective date of Brazil’s General Data Protection law (LGPD), Brazil’s Congress on Wednesday dramatically approved a last-minute amendment to legislation that accelerated the...more
On Friday, the California Attorney General issued the final implementing regulations for the California Consumer Privacy Act (CCPA). The final regulations—which had been under review by the California Office of Administrative...more
8/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
State and Local Government
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union today invalidated the EU-US Privacy Shield and called into question the extent to which EU data exporters could rely on the European Commission’s Standard Contractual Clauses for...more
On June 1, The California Attorney General (CA AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval. ...more
6/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
The European Court of Justice (CJEU) recently published plans to issue its much awaited decision in CJEU case C-311/18 (also referred to as “Schrems II”) on July 16. ...more
The California Privacy Rights Act (CPRA) is progressing through California’s elections process for inclusion on the November 2020 ballot. Businesses may want to begin considering how their data privacy obligations in...more
Businesses spent the latter months of 2019 working hard to prepare for the January 1, 2020 implementation of the California Consumer Privacy Act (CCPA). ...more
5/7/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of...more
3/16/2020
/ Business Continuity Plans ,
Business Interruption ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Protection ,
Emergency Management Plans ,
Infectious Diseases ,
Information Security ,
Malware ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Right to Delete ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General