Third Proposed Revisions to the CCPA Regulations: New Illustrative Examples and Minor Changes
On October 12, 2020, the California Attorney General published a third set of proposed modifications to the regulations adopted pursuant to the California Consumer Privacy Act. This follows revisions proposed in February and March 2020 that were largely approved following review by the Office of Administrative Law. As a reminder, […]
Second Largest GDPR Fine Issued in Germany
On October 1, 2020, the Data Protection Authority of Hamburg (the Hamburg DPA) announced that it had fined a German subsidiary of the clothing retailer H&M (H&M Germany) €35.2 million (approximately US $41 million at the time of writing) for data protection violations relating to the excessive monitoring of “several […]
Cybersecurity Governance for Maturing Companies
With cyber resilience top of mind for investors, shareholders, regulators and the plaintiffs’ bar, growing organizations can no longer afford to put their cybersecurity efforts on the back burner. Building a cybersecurity program has become an essential element in the growth strategy. But where do you begin? Cooley’s cyber/data/privacy lawyers […]
European Parliament Debates the Impact of Schrems 2 on EU-US Data Transfers
On 3 September 2020, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) held a debate with the EU Commission, the European Data Protection Board and Max Schrems himself to discuss the impact of the Court of Justice of the European Union judgment in the […]
CCPA Round-Up: Enforcement Begins; “CCPA 2.0” Qualifies for November Ballot; Facebook Updates CCPA Stance
The California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) took effect today, July 1, 2020, after a busy week of CCPA-related developments that included: The California Privacy Rights Act of 2020 (aka “CCPA 2.0”) qualifying for California’s November 3, 2020 General Election ballot; and Facebook’s announcement […]
Road Map For a Cautious Approach to Contact Tracing
Law360 “It has become increasingly clear that a combination of COVID-19 testing and use of geolocation technologies for contact tracing will be essential for the nation to get back to life and work. With this realization came outcry that contact tracing is a leap to the surveillance society that would […]
AI and Algorithms: FTC Issues Guidance for Companies Amid Heightened Scrutiny
Even before the COVID-19 crisis, artificial intelligence and algorithms, particularly in the context of pricing, were a focus of the Federal Trade Commission and the Department of Justice’s Antitrust Division. With the COVID-19 pandemic shining a spotlight on online platforms and sellers using algorithms to set prices, it is particularly […]
Europe Issues Pragmatic Privacy Guidance for COVID-19 Data Processing
European data protection authorities have issued important guidance on the processing of personal data in connection with COVID-19. At a pan-European level, on March 19, 2020, the European Data Protection Board issued a statement on the processing of personal data in the context of the COVID-19 outbreak.
The GDPR and Coronavirus: What Organisations in the UK Need to Know
The UK’s Information Commissioner’s Office has, over the course of this week, published various notes of advice and blog posts to organisations and data subjects in respect of the coronavirus (COVID-19) pandemic.
FTC Increasingly Looks to Public Companies’ SEC Disclosures for Privacy and Cybersecurity Enforcement Opportunities
While the FTC does not make its initial privacy and cybersecurity investigations public, there have been reports that the FTC has initiated an increasing number of privacy and cybersecurity-related enforcement actions following disclosures of privacy or cybersecurity incidents by public companies in their SEC filings.