FTC Commissioners Ponder Future of Section 13(b) and Alternative Enforcement Mechanisms
Nearly a year after the Supreme Court stripped the FTC of its ability to obtain equitable monetary relief under Section 13(b) of the Federal Trade Commission Act (FTCA) in AMG Capital Management LLC v. FTC, the Commission convened an open meeting to discuss the impact of this decision on their activities, […]
Part 3: PIPL’s Localization Requirements and Restrictions on Responding to Foreign Judicial and Enforcement Agencies
Localization requirements China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that reaches “the threshold specified by” the Cyberspace Administration of China (CAC) store personal information collected and generated in China locally.[1] […]
Part 2: PIPL and GDPR Compliance Obligations on Cross-Border Transfers of Personal Information
As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection Regulation (GDPR) set out further compliance obligations on the cross-border transfer of personal information.[1] Before controllers (under the GDPR) […]
Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA
Multinational companies often encounter questions regarding if and when they can transfer personal information[1] across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new considerations for these inquiries[2], such as: Can employers in the China store their Chinese employees’ personal information on databases hosted in foreign […]
Cooley Privacy Talks: European Data Transfers: Where Do We Stand Now?
This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data protection frameworks arising in […]
New UK International Data Transfer Tools in Force Starting March 21
After being presented to the UK Parliament in February 2022, the UK’s new data transfer tools are now in force and ready for use.
FTC Requires App Developer to Obtain Users’ Express Consent for Use of Facial Recognition
The Federal Trade Commission announced on January 11 that Everalbum, the developer of the photo storage application called Ever, settled allegations that it deceived users about its use of facial recognition technology and retained photos and videos from users who had deactivated their accounts in violation of its own privacy policy. […]
Fourth Proposed Revisions to the CCPA Regulations: Additional Minor Modifications
On December 10, 2020, the California Attorney General published a fourth set of proposed modifications to the California Consumer Privacy Act. This follows revisions proposed in February, March and October 2020. As a reminder, the CCPA is in effect and being enforced by both the California AG and the plaintiffs’ bar. Generally speaking, these modifications present relatively […]
A Methodology for Conducting Data Transfers in a Post Schrems II World
On November 10, 2020, the European Data Protection Board issued two new pieces of guidance. Read together, they outline a detailed methodology to follow when conducting data transfers under the EU General Data Protection Regulation – such guidance has been keenly anticipated following the Court of Justice for the European […]
CFIUS Rule Puts National Security Spotlight on Investments that Result in Foreign Access to Sensitive Personal Data
Personal data is now a strategic asset under federal regulations. On October 15, 2020, a Final Rule by the Committee on Foreign Investment in the United States (CFIUS or the Committee) will become effective, imposing new requirements for foreign investment in light of national security risks related to sensitive personal […]