All posts by Cooley

FTC Requires App Developer to Obtain Users’ Express Consent for Use of Facial Recognition

The Federal Trade Commission announced on January 11 that Everalbum, the developer of the photo storage application called Ever, settled allegations that it deceived users about its use of facial recognition technology and retained photos and videos from users who had deactivated their accounts in violation of its own privacy policy. […]

Fourth Proposed Revisions to the CCPA Regulations: Additional Minor Modifications

On December 10, 2020, the California Attorney General published a fourth set of proposed modifications to the California Consumer Privacy Act. This follows revisions proposed in February, March and October 2020. As a reminder, the CCPA is in effect and being enforced by both the California AG and the plaintiffs’ bar. Generally speaking, these modifications present relatively […]

A Methodology for Conducting Data Transfers in a Post Schrems II World

On November 10, 2020, the European Data Protection Board issued two new pieces of guidance. Read together, they outline a detailed methodology to follow when conducting data transfers under the EU General Data Protection Regulation – such guidance has been keenly anticipated following the Court of Justice for the European […]

CFIUS Rule Puts National Security Spotlight on Investments that Result in Foreign Access to Sensitive Personal Data

Personal data is now a strategic asset under federal regulations. On October 15, 2020, a Final Rule by the Committee on Foreign Investment in the United States (CFIUS or the Committee) will become effective, imposing new requirements for foreign investment in light of national security risks related to sensitive personal […]

Swiss Data Protection Authority Finds Swiss-US Privacy Shield Inadequate

Key takeaways Switzerland aligns with the Schrems II decision +5,000 organizations impacted by the Swiss announcement Contractual and technical measures, on an ad hoc basis, could be put in place to adequately protect data Absent viable measures that meet Swiss law requirements, parties should not engage in cross-border data transfers […]

California Legislature Passes One-Year Extension of CCPA’s Human Resources and B2B Exemptions

On August 30, 2020, the California Legislature passed Assembly Bill 1281, which would extend until January 1, 2022 the exemptions under the California Consumer Privacy Act for certain human resources and business-to-business information. Governor Newsom has until September 30, 2020 to sign or veto AB 1281. If the governor takes […]

New York Department of Financial Services Launches Enforcement of Cybersecurity Rules

The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.

LGPD Update: Brazil’s Data Protection Law Moves Closer to Taking Effect

Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD) (English translation available here), took a significant step forward on August 26, 2020, when the Brazilian Senate rejected the Chamber of Deputies’ proposal to postpone the LGPD’s effective date until December 31, 2020. The Senate also adopted a proposal […]

CCPA Regulations Take Effect August 14, 2020, California AG Announces Final Revisions

On August 14, 2020, the California Attorney General announced that the state’s Office of Administrative Law approved the AG’s proposed regulations pursuant to the California Consumer Privacy Act. The final regulations, which took immediate effect on the day of the announcement, reflect the withdrawal of the following provisions (as well […]

Fintech Faces Expanded Applicability of GLBA’s Privacy and Security Requirements

In a little-noticed consent decree in the fall of 2019, the Federal Trade Commission took the position that businesses whose services facilitate financial operations on behalf of financial institutions may themselves be financial institutions subject to the privacy and data security requirements under the Gramm-Leach Bliley Act. This decision may […]