Breach of Patients’ Data Leads to Heavy Sanctions in France
At the end of February 2021, the French Data Protection Authority (CNIL) found out via the media about a massive personal data breach involving health-related data of about 500,000 French patients. After more than a year of investigation, CNIL has published its decision (available in French only) imposing a fine […]
Companies Respond to SEC’s Proposed Cybersecurity Disclosure Framework
As we reported in our March 2022 client alert, the Securities and Exchange Commission released proposed cybersecurity reporting rules and solicited feedback through a 60-day comment period. The comment period ended on May 9, 2022, and the SEC received 100+ comments from business, legal, nonprofit and government sectors. While the […]
EU Data Governance Act: Europe Regulating Big Data
What you need to know in a nutshell The Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance will go by its short name: Data Governance Act (DGA). The DGA was published in the Official Journal of the European Union […]
FTC Commissioners Ponder Future of Section 13(b) and Alternative Enforcement Mechanisms
Nearly a year after the Supreme Court stripped the FTC of its ability to obtain equitable monetary relief under Section 13(b) of the Federal Trade Commission Act (FTCA) in AMG Capital Management LLC v. FTC, the Commission convened an open meeting to discuss the impact of this decision on their activities, […]
Part 3: PIPL’s Localization Requirements and Restrictions on Responding to Foreign Judicial and Enforcement Agencies
Localization requirements China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that reaches “the threshold specified by” the Cyberspace Administration of China (CAC) store personal information collected and generated in China locally.[1] […]
Part 2: PIPL and GDPR Compliance Obligations on Cross-Border Transfers of Personal Information
As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection Regulation (GDPR) set out further compliance obligations on the cross-border transfer of personal information.[1] Before controllers (under the GDPR) […]
Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA
Multinational companies often encounter questions regarding if and when they can transfer personal information[1] across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new considerations for these inquiries[2], such as: Can employers in the China store their Chinese employees’ personal information on databases hosted in foreign […]
Cooley Privacy Talks: European Data Transfers: Where Do We Stand Now?
This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data protection frameworks arising in […]
New UK International Data Transfer Tools in Force Starting March 21
After being presented to the UK Parliament in February 2022, the UK’s new data transfer tools are now in force and ready for use.
Data Act: EU Proposes Rules for Accessing and Sharing Industrial Data
On February 23, 2022, the European Commission published its proposal for the Data Act, which aims to maximize the value of industrial data in the economy by ensuring that a wider range of stakeholders gain control over their industrial data – and that more data is available for innovative use […]