European Parliament Debates the Impact of Schrems 2 on EU-US Data Transfers
On 3 September 2020, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) held a debate with the EU Commission, the European Data Protection Board and Max Schrems himself to discuss the impact of the Court of Justice of the European Union judgment in the […]
California Legislature Passes One-Year Extension of CCPA’s Human Resources and B2B Exemptions
On August 30, 2020, the California Legislature passed Assembly Bill 1281, which would extend until January 1, 2022 the exemptions under the California Consumer Privacy Act for certain human resources and business-to-business information. Governor Newsom has until September 30, 2020 to sign or veto AB 1281. If the governor takes […]
New York Department of Financial Services Launches Enforcement of Cybersecurity Rules
The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.
LGPD Update: Brazil’s Data Protection Law Moves Closer to Taking Effect
Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD) (English translation available here), took a significant step forward on August 26, 2020, when the Brazilian Senate rejected the Chamber of Deputies’ proposal to postpone the LGPD’s effective date until December 31, 2020. The Senate also adopted a proposal […]
CCPA Regulations Take Effect August 14, 2020, California AG Announces Final Revisions
On August 14, 2020, the California Attorney General announced that the state’s Office of Administrative Law approved the AG’s proposed regulations pursuant to the California Consumer Privacy Act. The final regulations, which took immediate effect on the day of the announcement, reflect the withdrawal of the following provisions (as well […]
Fintech Faces Expanded Applicability of GLBA’s Privacy and Security Requirements
In a little-noticed consent decree in the fall of 2019, the Federal Trade Commission took the position that businesses whose services facilitate financial operations on behalf of financial institutions may themselves be financial institutions subject to the privacy and data security requirements under the Gramm-Leach Bliley Act. This decision may […]
Europe’s Highest Court Invalidates the EU-US Privacy Shield, Casts Doubt on Viability of Model Clauses for Data Transfers to the US
On July 16, 2020, the Court of Justice of the European Union issued a decision that uprooted long-standing legal frameworks on which thousands of US and EU companies have relied to transfer personal data from the EU to the US.
CCPA Round-Up: Enforcement Begins; “CCPA 2.0” Qualifies for November Ballot; Facebook Updates CCPA Stance
The California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) took effect today, July 1, 2020, after a busy week of CCPA-related developments that included: The California Privacy Rights Act of 2020 (aka “CCPA 2.0”) qualifying for California’s November 3, 2020 General Election ballot; and Facebook’s announcement […]
California Attorney General Submits Final CCPA Regulations for Review
On June 1, the California Attorney General submitted its final proposed regulations implementing the CCPA to the California Office of Administrative Law (OAL) for its review and approval. The final regulations contain no material changes from the second modified draft regulations issued on March 11, 2020 (which is discussed in […]
Workplace Testing and Data Protection: Guidance for Employers
As the UK begins to ease lockdown measures, employers in all sectors are considering how their employees can return to work in the safest possible way. For many, this will include testing to check whether employees have (or have already had) COVID-19. Any employer wishing to carry out such testing […]