Fourth Proposed Revisions to the CCPA Regulations: Additional Minor Modifications
On December 10, 2020, the California Attorney General published a fourth set of proposed modifications to the California Consumer Privacy Act. This follows revisions proposed in February, March and October 2020. As a reminder, the CCPA is in effect and being enforced by both the California AG and the plaintiffs’ bar. Generally speaking, these modifications present relatively […]
Regulating Big Data – European Commission Introduces Data Governance Bill
The European Commission published on November 25, 2020 a proposal for a Regulation on European Data Governance, also dubbed the Data Governance Act. It is one of several incoming pieces of legislation proposed at the EU level (including the Digital Services Act, expected in early December) in order to accomplish […]
Data Protection and Brexit: Key Areas to Consider
For better or for worse: 2020 is shortly coming to an end. This means that the end of the Brexit transition period is also just around the corner. Background On December 31, 2020, the post-Brexit transitional arrangements between the EU and the UK will expire. However, the EU GDPR will […]
A Methodology for Conducting Data Transfers in a Post Schrems II World
On November 10, 2020, the European Data Protection Board issued two new pieces of guidance. Read together, they outline a detailed methodology to follow when conducting data transfers under the EU General Data Protection Regulation – such guidance has been keenly anticipated following the Court of Justice for the European […]
California Voters Pass the California Privacy Rights Act of 2020
California voters appear to have approved Proposition 24, a proposal to adopt the California Privacy Rights Act of 2020 (CPRA). As of this posting, California voters had voted “yes” on the measure by a 55-44% margin with 71% of precincts reporting. Most major media outlets have projected that the measure […]
Third Proposed Revisions to the CCPA Regulations: New Illustrative Examples and Minor Changes
On October 12, 2020, the California Attorney General published a third set of proposed modifications to the regulations adopted pursuant to the California Consumer Privacy Act. This follows revisions proposed in February and March 2020 that were largely approved following review by the Office of Administrative Law. As a reminder, […]
CFIUS Rule Puts National Security Spotlight on Investments that Result in Foreign Access to Sensitive Personal Data
Personal data is now a strategic asset under federal regulations. On October 15, 2020, a Final Rule by the Committee on Foreign Investment in the United States (CFIUS or the Committee) will become effective, imposing new requirements for foreign investment in light of national security risks related to sensitive personal […]
Second Largest GDPR Fine Issued in Germany
On October 1, 2020, the Data Protection Authority of Hamburg (the Hamburg DPA) announced that it had fined a German subsidiary of the clothing retailer H&M (H&M Germany) €35.2 million (approximately US $41 million at the time of writing) for data protection violations relating to the excessive monitoring of “several […]
Swiss Data Protection Authority Finds Swiss-US Privacy Shield Inadequate
Key takeaways Switzerland aligns with the Schrems II decision +5,000 organizations impacted by the Swiss announcement Contractual and technical measures, on an ad hoc basis, could be put in place to adequately protect data Absent viable measures that meet Swiss law requirements, parties should not engage in cross-border data transfers […]
Cybersecurity Governance for Maturing Companies
With cyber resilience top of mind for investors, shareholders, regulators and the plaintiffs’ bar, growing organizations can no longer afford to put their cybersecurity efforts on the back burner. Building a cybersecurity program has become an essential element in the growth strategy. But where do you begin? Cooley’s cyber/data/privacy lawyers […]