The European Commission Publishes Draft UK Adequacy Decision

What has happened? The European Commission has published its draft decision on February 19, 2021 granting data protection adequacy status to the UK under Article 45(3) of the GDPR. The draft decision is currently under review by the European Data Protection Board, which will issue its opinion (not binding) in […]

Improving Cyber Insurance Practice Should Be a Company’s Priority

The New York State Department of Financial Services recently issued guidance for New York-regulated property and casualty insurers to effectively manage the cyber insurance risk present in their insurance portfolio. The DFS’ guidance signals an effort to reduce overall volatility in the cyber insurance market, which has been compounded by […]

FTC Requires App Developer to Obtain Users’ Express Consent for Use of Facial Recognition

The Federal Trade Commission announced on January 11 that Everalbum, the developer of the photo storage application called Ever, settled allegations that it deceived users about its use of facial recognition technology and retained photos and videos from users who had deactivated their accounts in violation of its own privacy policy. […]

European Regulator Announces Strategic Data Protection Objectives for Upcoming Years

On 15 December 2020, the EU data protection regulator – the European Data Protection Board – adopted its Strategy for 2021-2023, which outlines its objectives and key actions for the upcoming years. At the outset, the EDPB recalls that its strategy, as well as its work in general, are guided […]

Global Privacy Roundup: The World Beyond Europe and California

Since Europe’s General Data Protection Regulation took effect in May 2018, a growing number of legislatures around the world have introduced comprehensive data protection laws that emulate the GDPR or have updated existing laws to align with it. California became the first major non-European economy to catch the GDPR wave […]

Brexit: Good News Regarding Transfers of Personal Data from the EEA to the UK

What has happened? The draft UK-EU post-Brexit Trade Deal provides that transfers of data to the UK from EU Member States will not be treated as “restricted transfers” to a non-EU country for a period of up to six months from January 1, 2021. This will also apply to transfers to […]

Fourth Proposed Revisions to the CCPA Regulations: Additional Minor Modifications

On December 10, 2020, the California Attorney General published a fourth set of proposed modifications to the California Consumer Privacy Act. This follows revisions proposed in February, March and October 2020. As a reminder, the CCPA is in effect and being enforced by both the California AG and the plaintiffs’ bar. Generally speaking, these modifications present relatively […]

Regulating Big Data – European Commission Introduces Data Governance Bill

The European Commission published on November 25, 2020 a proposal for a Regulation on European Data Governance, also dubbed the Data Governance Act. It is one of several incoming pieces of legislation proposed at the EU level (including the Digital Services Act, expected in early December) in order to accomplish […]

Data Protection and Brexit: Key Areas to Consider

For better or for worse: 2020 is shortly coming to an end. This means that the end of the Brexit transition period is also just around the corner. Background On December 31, 2020, the post-Brexit transitional arrangements between the EU and the UK will expire. However, the EU GDPR will […]

A Methodology for Conducting Data Transfers in a Post Schrems II World

On November 10, 2020, the European Data Protection Board issued two new pieces of guidance. Read together, they outline a detailed methodology to follow when conducting data transfers under the EU General Data Protection Regulation – such guidance has been keenly anticipated following the Court of Justice for the European […]