New Zealand’s Government Cyber Security Centre has issued a guide on incident response, laying out key steps designed to help business leaders and cybersecurity professionals strengthen their organizations’ ability to manage...more
The U.S. Department of Commerce (DoC)has updated its Frequently Asked Questions piece on the Swiss-U.S. Privacy Shield to address questions raised by the the Schrems II decision regarding the EU-U.S. Privacy Shield...more
Cookies and trackers sat on a wall.
Cookies and trackers had a great fall.
…and all the regulators and all DPAs couldn’t put cookies together again.
The Spanish Agencia Española de Protección de Datos AEPD has issued a...more
Germany’s Datenschutzkonferenz (DSK) issues its guidance on Shrems II:
•The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately...
...more
The European Data Protection Board (EDPB) has issued its much anticipated FAQs on the Court of Justice of the European Union's (CJEU) Schrems II decision. This document does not yet contain the "supplementary measures" that...more
After a number of data protection authorities issued statements demonstrating differing approaches to cross-border transfers to the U.S. in the wake of the Court of Justice of the European Union’s decision in Schrems II (e.g....more
The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection...more
The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
Comments to the final California Consumer Privacy Act regulations asked if the CCPA carve-out regarding the Gramm Leach Bliley Act (GLBA), the data protection law governing US financial institutions, applies...more
Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data...more
A comment requested that the California Attorney General clarify the specific requirements for making privacy notices “easy to read and understandable to the average consumer” under the California Consumer Privacy Act...more
As lockdown restrictions ease and businesses begin to reopen, the UK Information Commissioner's Office (ICO) has set out the key steps organizations need to consider around the use of personal information. They are:...more
More responses from the California Attorney General to questions about the final California Consumer Privacy Act regulations:
Q. Can a business use an IP address to determine if a website visitor is a California...more
The California Attorney General has addressed a wide range of questions from businesses and other interested parties, in responding to comments to final California Consumer Privacy Act (CCPA) regulations. Here are three...more
In the detailed summaries of comments to the final California Consumer Privacy Act (CCPA) regulations, responses from the California Office of the Attorney General indicate that some areas and issues flagged in the comments...more
Exactly which consumer rights need to be explained in a privacy notice? The California Attorney General recently addressed this question in responding to comments to final California Consumer Privacy Act (CCPA)...more
The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union's General Data...more
California’s Attorney General won’t delay enforcement of key provisions of the California Consumer Privacy Act, but will use prosecutorial discretion in enforcing them, according to its Final Statement of Reasons for the...more
California Attorney General Xavier Becerra has submitted a final California Consumer Privacy Act (CCPA) regulations package. The final version is essentially identical to version three of the regulations released in early...more
Italy’s data protection agency, Italian Garante, has offered its opinion on a regulatory proposal for the creation of a COVID-19 tracing app.
The proposed contact tracing system does not appear to conflict with the...more
Data Protection Authorities for France and the Netherlands have weighed in on the use of temperature taking in the fight against the spread of COVID-19...
...more
A group of Republican U.S. senators plan to introduce legislation to protect user privacy in relation to contact-tracing apps used to combat the spread of COVID-19.
“While the severity of the COVID-19 health crisis cannot...more
The Federal Trade Commission has issued guidance on using artificial intelligence (AI) in algorithms.
Key Takeaways:
The use of AI tools should be transparent, explainable, fair and empirically sound, while fostering...more
The United Kingdom's Information Commissioner's Office has issued an opinion on the joint initiative by Apple and Google, referred to as the Contact Tracing Framework (CTF), to enable the use of Bluetooth technology to help...more