Category: Policy & Legislation

Fintech Faces Expanded Applicability of GLBA’s Privacy and Security Requirements

In a little-noticed consent decree in the fall of 2019, the Federal Trade Commission took the position that businesses whose services facilitate financial operations on behalf of financial institutions may themselves be financial institutions subject to the privacy and data security requirements under the Gramm-Leach Bliley Act. This decision may […]

Europe’s Highest Court Invalidates the EU-US Privacy Shield, Casts Doubt on Viability of Model Clauses for Data Transfers to the US

On July 16, 2020, the Court of Justice of the European Union issued a decision that uprooted long-standing legal frameworks on which thousands of US and EU companies have relied to transfer personal data from the EU to the US.

CCPA Round-Up: Enforcement Begins; “CCPA 2.0” Qualifies for November Ballot; Facebook Updates CCPA Stance

The California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) took effect today, July 1, 2020, after a busy week of CCPA-related developments that included: The California Privacy Rights Act of 2020 (aka “CCPA 2.0”) qualifying for California’s November 3, 2020 General Election ballot; and Facebook’s announcement […]

California Attorney General Submits Final CCPA Regulations for Review

On June 1, the California Attorney General submitted its final proposed regulations implementing the CCPA to the California Office of Administrative Law (OAL) for its review and approval. The final regulations contain no material changes from the second modified draft regulations issued on March 11, 2020 (which is discussed in […]

How the CLOUD Act is Likely to Trigger Legal Challenges

New York Law Journal “The CLOUD Act is about to stir up a legal storm. The act was originally passed in March 2018 to ensure US law enforcement officials could obtain information from US-based communications providers even if that information is stored overseas. But the act has another, more controversial provision: […]

Rigorous Privacy and InfoSec Requirements May Be in Store for Companies That Accept Government Equity Stakes

Federal government agencies, government-controlled corporations and some government contractors must comply with robust federal laws that govern federal agencies’ privacy and information security practices – the Privacy Act and FISMA, respectively. Now, these laws may apply to companies that accept federal government aid under the Coronavirus Aid, Relief, and Economic […]

Round 3: California AG Revises Proposed CCPA Regulations

On March 11, 2020, the California Attorney General released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act. These modifications include important updates to the first round of modifications that were released on February 10, 2020. We have summarized the notable changes below.

Round 2: California AG Revises Proposed CCPA Regulations

On February 7 and 10, 2020, the California Attorney General released modifications to the proposed regulations implementing the California Consumer Privacy Act. The modifications substantially revise the initial version of the proposed regulations released last October. Notable changes focus on the following topics:  Definitions of “personal information” and other key […]

Data Protection Post-Brexit: Business as Usual (at Least Until 2021)

The United Kingdom left the European Union at 11:00 pm on January 31, 2020. However, the UK has entered into transitional arrangements with the EU under which the existing data protection frameworks established by the GDPR, including the EU-US Privacy Shield, will continue to apply until December 31, 2020 (the period until […]

Schrems 2.0 – The Advocate General’s Opinion

Background The Court of Justice of the European Union Advocate General issued his much‑anticipated opinion in the case commonly known as “Schrems 2.0.”   The AG’s opinion is not legally binding. However, it is likely to influence the CJEU’s decision in the case, which is expected to be handed down […]