Month: August 2019

New York State Toughens Data Security Laws

On July 25, 2019, New York enacted a pair of data security laws. First, the Stop Hack and Improve Electronic Data Security Act (SHIELD Act) updates New York’s data security requirements. Second, the Identity Theft Prevention and Mitigating Services Act imposes obligations on credit reporting agencies that experience a breach […]

Fashion ID Case: CJEU Rules on Plug-ins and Joint Controllership

On 29 July 2019, the Court of Justice of the European Union handed down its decision in the Fashion ID case, dealing with alleged unlawful data collection through the Facebook Like button and the controllership of said data. In short, the CJEU held that websites containing embedded third-party content can […]

Effort to Exempt “HR Data” from CCPA Falters

Labor groups concerned about employee privacy have succeeded in slowing the effort to pass legislation exempting employer-held information from the California Consumer Privacy Act (“CCPA”).  Thanks to their intervention, the proposed legislation – AB 25 – has been revised to provide that the CCPA will apply to personal information of […]