A “Kafkaesque” bank customer service experience in France has led to a “Right to be Forgotten” own-goal. Following a decision handed down by the judicial tribunal of Grenoble, France, on 7 February 2022, a French bank has...more
On March 10 2022, the UK Information Commissioner’s Office (ICO) handed down its first Monetary Penalty Notice in respect of a ransomware attack and data exfiltration incident under the UK General Data Protection Regulation...more
To help your company get its United States (U.S.) state privacy compliance program on the right track in 2022, Orrick's Cyber' Privacy & Data Innovation Group has analyzed the differences between key topics for the California...more
3/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
Environmental, social, and governance (ESG) factors are increasingly a key area of focus for investors and stakeholders. Businesses today are expected to have policies and strategies focused on long-term value creation and to...more
The California Privacy Rights Act (CPRA) became law on December 16, 2020, and amended the California Consumer Privacy Act (CCPA). When the CPRA becomes fully operative on January 1, 2023, these important changes, among...more
Significant developments in artificial intelligence, cybersecurity and consumer privacy occurred across the globe in 2021 with the anticipation of more activity in 2022. Our roundup for the year captures some of the major...more
Across the United States (U.S.), 2021 was a busy year for legislative and regulatory-related consumer privacy developments. Our roundup captures some of the major updates that occurred in states throughout the year. We will...more
On November 19, 2021, the European Data Protection Board (“EDPB”) issued draft guidance on the interplay between Article 3 of the General Data Protection Regulation (“GDPR”) and the provisions on international transfers...more
On June 7, 2021, the European Commission (Commission) published its long-awaited Implementing Decision adopting standard contractual clauses for the transfer of personal data to third countries referred to as the new Standard...more
Tenants in New York City may soon have reason to sleep a little easier – the New York City Council has enacted a Tenant Data Privacy Act that is poised to enhance privacy protections in multifamily buildings in the city. ...more
What is the General Data Protection Regulation (GDPR)? The GDPR is an EU law that was passed by parliament and went into effect on May 25, 2018. The GDPR unifies the EU under a single data protection regime for all member...more
4/13/2021
/ Cookies ,
Cybersecurity ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
Web Tracking
How can your business prepare for The California Privacy Rights Act (CPRA) ramp-up in 2021? The CPRA is scheduled to become effective in January 2023. Preparations will occur over the next two years, including establishing...more
On December 10, 2020, California Attorney General Xavier Becerra (California AG) released a fourth set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations that went into effect on August 14,...more
On November 11, 2020, the European Data Protection Board (EDPB) published its long-awaited guidance on what parties to international data transfers should be doing to perform such transfers in a manner compliant with the...more
On October 1st, 2020, the Data Protection Authority of Hamburg (“DPA”) announced that it issued a massive EUR 35.3 million fine against the clothing company H&M Hennes & Mauritz Online Shop A.B. & Co. KG (“H&M”) for the...more
On August 14, 2020, the California Office of Administrative Law (“OAL”) approved the final implementing regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). This final and approved version of the CCPA...more
Assessment List for Trustworthy Artificial Intelligence -
On July 17, 2020, the European High-Level Expert Group on Artificial Intelligence (“AI HLEG”) presented its final Assessment List for Trustworthy Artificial...more
8/20/2020
/ Artificial Intelligence ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Ethics ,
European Commission ,
Human Rights ,
Information Governance ,
Popular ,
Privacy Concerns ,
Regulatory Oversight ,
Small and Medium-Sized Enterprises (SMEs) ,
Sustainable Business Practices ,
Transparency
EDPB and data protection authorities’ views and statements on the “Schrems II”- decision by the CJEU -
On 16 July, 2020, the European Court of Justice (“CJEU“) passed a decision invalidating the EU-US Privacy Shield and...more
7/30/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On June 25, 2020, Californians for Consumer Privacy announced the California Privacy Rights Act of 2020 (“CPRA”) officially qualified for California’s November 2020 ballot. We previously provided guidance here about what the...more
7/22/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
General Elections ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
Whatever the outcome of Schrems 2.0, the key takeaway is, don’t panic. Today, July 16, 2020, the European Court of Justice (CJEU) is expected to rule in the case of Data Protection Commissioner Ireland v Facebook Ireland...more
On June 19, 2020, the Conseil d’Etat, the highest administrative court in France, annulled in part the cookie guidelines issued by the CNIL (the French data protection authority). The court ruled that the CNIL did not have...more
The European Data Protection Board (EDPB) and a number of European data protection supervisory authorities have recently issued guidance on processing personal data, including special categories of personal data (i.e., health...more
3/17/2020
/ China ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Crisis Management ,
Cybersecurity ,
Data Management ,
Data Processors ,
Data Protection ,
Denmark ,
Employee Privacy Rights ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Ireland ,
Italy ,
Luxembourg ,
New Guidance ,
Norway ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Poland ,
Public Health ,
Risk Management ,
Spain ,
UK