Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Fashion Counsel: Privacy in the Retail Fashion Industry
Healthcare Privacy Walkthroughs
CF on Cyber: An Update on the Florida Security of Communications Act (FSCA)
NGE On Demand: Privacy Considerations for Remote Work Productivity Monitoring with David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
Education Data Privacy and Security Laws: Best Practices for School Districts
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
BakerHostetler Partner Alan Friel Talks Big Data and Data Collection
IP|Trend: It’s Time to Get to Know the Federal Trade Commission
IP|Trend: Keeping Your Start-Up Compliant
Yul Kwon, Head of @Facebook's Privacy Program & CBS 'Survivor' Winner, Opens Up On @HsuUntied
An Overview of the 2014 Class Action Survey
Can a website copy terms of use or a privacy policy from a similar website?
California Ballot Initiative Aims to Make Consumer Data Private by Default
Authorities opened an investigation after Uber drivers in France sent complaints to the French privacy protection commission, the CNIL. The CNIL transferred the handling of the complaints to the Dutch Data Protection...more
White & Case Technology Newsflash - The development of autonomous vehicles has attracted significant attention in recent years. The technologies being used in order to enable vehicles to navigate without human assistance...more
One key aspect of the EU’s General Data Protection Regulation (GDPR) is its aim of streamlining the regulatory process by providing “one-stop shopping”: the opportunity to deal with a single regulator with respect to all data...more
It has been rough weather for Google in France. Three weeks after the French ?Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande...more
Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield...more
It’s been rough weather for Google in France. Three weeks after the French ?Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande...more
The CNIL decision handed down on 21 January 2019, which cites violations of several GDPR obligations, provides important insights for groups wishing to benefit from the “one-stop-shop mechanism”. The Complaints - Not...more
On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR. As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your...more
In this month's edition of our Privacy & Cybersecurity Update, we discuss Poland's potential exemptions from the new EU data law and the Office of the Comptroller of the Currency's recommendations for U.S. banks faced with...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
In late October 2016, European Union (“EU”) data protection authorities issued letters to Yahoo and WhatsApp related to alleged privacy incidents involving those companies. The letters were issued by a collective of EU data...more
When the new EU-US Privacy Shield was adopted all the way back on the 12th of July, we were quoted in the media discussing the fact that formal legal challenges to it were inevitable. By the time the dust settled enough to...more
The first installment in our month-long series dissecting the new “Privacy Shield” framework for transferring data from the EU to the United States discussed the history and implementation of the Privacy Shield. The second,...more
When the European Court of Justice first invalidated the Safe Harbor we recommended here that, for most companies, staying the course by implementing general data security best practices was probably the right thing to do...more
On July 12, 2016, the European Commission formally adopted the EU-U.S. Privacy Shield to replace the previously invalidated Safe Harbor Framework as an adequate method of transferring personal data from the European Economic...more
The European Commission formally adopted the EU-US Privacy Shield on July 12, 2016, ending months of legal uncertainty with a new framework for governing transatlantic data transfers after the Privacy Safe Harbor framework...more
After the European Court of Justice invalidated Safe Harbor on October 6, ?2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of...more
Can employers look at the company email accounts of employees, such as when they do not show up to work? Can employers monitor employee Internet use during working hours? Can employers read employee emails if they use the...more
In this edition of our Privacy & Cybersecurity Update, we examine the FCC's proposed privacy rules for broadband providers; new developments relating to the Privacy Shield, which was created to replace the U.S.-EU Safe Harbor...more
The annual conference of the world’s data protection regulators is a three day exercise, with half of the conference being “closed door” for the regulators only, and the other half being a series of side meetings and...more
In this edition of our Privacy & Cybersecurity Update, we discuss what companies need to know in the wake of the EU Court of Justice's rejection of the U.S.-EU Safe Harbor framework and take a look at the following important...more
The European Union has consistently provided its residents greater data protection than the United States. Directive 95/46/EC outlines specific requirements for data protection, including a provision that transfers of...more
Last Tuesday, the European Court of Justice (ECJ) invalidated the US-EU Safe Harbor framework in Schrems v. Data Protection Commissioner. The Safe Harbor provided companies with a self-certification process through the US...more
Since 2000, the EU-US Safe Harbor program has been one means by which eligible US companies could transfer personal data from the European Union (EU) to the United States in accordance with EU law regulating transfers of...more
The CJEU’s Decision on Safe Harbor and its Effects on US Technology Companies - On October 6, 2015, the Court of Justice of the European Union (“CJEU”), the European Union’s highest court, issued a groundbreaking...more