Swiss Data Protection Authority Finds Swiss-US Privacy Shield Inadequate
Key takeaways Switzerland aligns with the Schrems II decision +5,000 organizations impacted by the Swiss announcement Contractual and technical measures, on an ad hoc basis, could be put in place to adequately protect data Absent viable measures that meet Swiss law requirements, parties should not engage in cross-border data transfers […]
Cybersecurity Governance for Maturing Companies
With cyber resilience top of mind for investors, shareholders, regulators and the plaintiffs’ bar, growing organizations can no longer afford to put their cybersecurity efforts on the back burner. Building a cybersecurity program has become an essential element in the growth strategy. But where do you begin? Cooley’s cyber/data/privacy lawyers […]
European Parliament Debates the Impact of Schrems 2 on EU-US Data Transfers
On 3 September 2020, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) held a debate with the EU Commission, the European Data Protection Board and Max Schrems himself to discuss the impact of the Court of Justice of the European Union judgment in the […]
California Legislature Passes One-Year Extension of CCPA’s Human Resources and B2B Exemptions
On August 30, 2020, the California Legislature passed Assembly Bill 1281, which would extend until January 1, 2022 the exemptions under the California Consumer Privacy Act for certain human resources and business-to-business information. Governor Newsom has until September 30, 2020 to sign or veto AB 1281. If the governor takes […]
New York Department of Financial Services Launches Enforcement of Cybersecurity Rules
The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.
LGPD Update: Brazil’s Data Protection Law Moves Closer to Taking Effect
Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD) (English translation available here), took a significant step forward on August 26, 2020, when the Brazilian Senate rejected the Chamber of Deputies’ proposal to postpone the LGPD’s effective date until December 31, 2020. The Senate also adopted a proposal […]
CCPA Regulations Take Effect August 14, 2020, California AG Announces Final Revisions
On August 14, 2020, the California Attorney General announced that the state’s Office of Administrative Law approved the AG’s proposed regulations pursuant to the California Consumer Privacy Act. The final regulations, which took immediate effect on the day of the announcement, reflect the withdrawal of the following provisions (as well […]
Fintech Faces Expanded Applicability of GLBA’s Privacy and Security Requirements
In a little-noticed consent decree in the fall of 2019, the Federal Trade Commission took the position that businesses whose services facilitate financial operations on behalf of financial institutions may themselves be financial institutions subject to the privacy and data security requirements under the Gramm-Leach Bliley Act. This decision may […]
Europe’s Highest Court Invalidates the EU-US Privacy Shield, Casts Doubt on Viability of Model Clauses for Data Transfers to the US
On July 16, 2020, the Court of Justice of the European Union issued a decision that uprooted long-standing legal frameworks on which thousands of US and EU companies have relied to transfer personal data from the EU to the US.
CCPA Round-Up: Enforcement Begins; “CCPA 2.0” Qualifies for November Ballot; Facebook Updates CCPA Stance
The California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) took effect today, July 1, 2020, after a busy week of CCPA-related developments that included: The California Privacy Rights Act of 2020 (aka “CCPA 2.0”) qualifying for California’s November 3, 2020 General Election ballot; and Facebook’s announcement […]