New York Passes Two Laws Protecting Employee Privacy

The city and state governments of New York each recently passed laws to protect employee privacy ­– one law addressing use of automated decision-making tools in job interviews and promotions, and the other addressing electronic monitoring of employee communications.

France Issues Processor Guidelines on “Reusing Personal Data to Improve or Develop Services or Products”

On January 12, 2022, the French Data Protection Authority (CNIL) issued guidance (available in French only) that sets out the conditions for processors to reuse the personal data entrusted by controllers for their own purposes. The CNIL notably refers to a scenario where a processor wants to reuse the personal […]

New UK International Data Transfer Tools Presented to UK Parliament

Background Standard contractual clauses are one of the key tools relied upon by organizations that transfer personal data to recipients in ‘inadequate’ countries under the UK and/or the EU General Data Protection Regulation. However, unlike in the European Union – where new SCCs were adopted in 2021 (the “New EU […]

Cooley Privacy Talks: Reconciling the GDPR With the Clinical Trial Regulation (CTR)

This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data protection frameworks […]

‘Controller,’ ‘Processor’ and ‘Transfer’: Some GDPR Concepts Re-Explained

Happy Data Privacy Day! Many companies are still struggling with some basic concepts of the General Data Protection Regulation, such as “controller,” “processor” and “transfer” of personal data. The European Data Protection Board (EDPB) has tried to shed some light on these concepts in its guidelines on the concepts of […]

PRC’s New Efforts to Facilitate Data Trading: Shanghai Data Exchange Kicks Off Trading

The new year ushered in a new way to commoditize personal data: the Shanghai Data Exchange (SDE). With the Personal Information Protection Law (PIPL) becoming effective on November 1, 2021 – as well as the Data Security Law (DSL) effective September 1, 2021, and the Cybersecurity Law (CSL) effective June […]

You’re Invited: Privacy Talks – Session 3 – Overview of Privacy Enforcement Actions in the US and EU

Join cyber/data/privacy vice chair and partner Patrick Van Eecke, partner, Tiana Demas and associate, Claire Blakey on Tuesday, January 11, 2022 from 9:00 am – 10:00 am Pacific Standard Time as they discuss “Overview of Privacy Enforcement Actions in the US and EU.” The lawyers will address the following questions: […]

Cooley Privacy Talks: UK Privacy Update

This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data protection frameworks […]

French Data Protection Authority CNIL on a Hunt for Cookies

France’s data protection authority (CNIL) has proved again its determination to continue its enforcement strategy by issuing some 30 new formal notices to comply with its new guidelines on cookies on December 14, 2021. Previously, about 60 organizations were served with formal notices for not allowing website visitors to refuse […]

36-Hour Breach Notification Rule to Go into Effect for Banking Organizations

On November 18, 2021, three US agencies – the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FRB) and the Federal Deposit Insurance Corporation (FDIC) – issued a joint rule concerning computer-security incident notifications, which will go into effect on April 1, 2022, with a full […]