Tag: CCPA
CFPB Announces Plans to Extend FCRA to Data Brokers through Rulemaking
At an August 15, 2023, White House roundtable, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced plans to issue rules that would extend the Fair Credit Reporting Act (FCRA) to certain “data broker practices.” This announcement and a concurrently issued fact sheet come on the heels of a March […]
California Attorney General Announces Investigative Sweep Focused on Employment-Related Data
On July 14, 2023, the office of the California attorney general announced an investigative sweep of “large California employers” to request “information on the companies’ compliance with the California Consumer Privacy Act (CCPA) with respect to the personal information of employees and job applicants.” The attorney general has previously conducted […]
California Legislature Declines to Extend the CCPA’s HR and B2B Exemptions
Last week, the California Legislature adjourned its 2022 legislative session without passing proposed legislation (AB 2871, AB 2891, SB 1454, AB 1102) that would have extended or made permanent exemptions under the California Consumer Privacy Act (CCPA) applicable to personal information collected in human resources (HR) and business-to-business (B2B) contexts. […]
California Attorney General Announces $1.2 Million CCPA Settlement With Sephora Amid Ongoing Enforcement Sweep
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million settlement with cosmetics retailer Sephora to resolve allegations that it violated the California Consumer Privacy Act (CCPA) and failed to cure those violations within the CCPA’s 30-day cure period.
Part 3: PIPL’s Localization Requirements and Restrictions on Responding to Foreign Judicial and Enforcement Agencies
Localization requirements China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that reaches “the threshold specified by” the Cyberspace Administration of China (CAC) store personal information collected and generated in China locally.[1] […]
Part 2: PIPL and GDPR Compliance Obligations on Cross-Border Transfers of Personal Information
As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection Regulation (GDPR) set out further compliance obligations on the cross-border transfer of personal information.[1] Before controllers (under the GDPR) […]
Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA
Multinational companies often encounter questions regarding if and when they can transfer personal information[1] across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new considerations for these inquiries[2], such as: Can employers in the China store their Chinese employees’ personal information on databases hosted in foreign […]
Cooley Privacy Talks: Overview of Privacy Enforcement Actions in the US and EU
This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data protection frameworks arising in […]
Takeaways from the California Attorney General’s First-Year CCPA Enforcement Update
Just over one year ago, on July 1, 2020, the California attorney general began enforcing the California Consumer Privacy Act. To mark the one-year anniversary of enforcement actions, California Attorney General Rob Bonta provided an update on his office’s CCPA enforcement efforts over the past year (and published an accompanying […]
Global Privacy Roundup: The World Beyond Europe and California
Since Europe’s General Data Protection Regulation took effect in May 2018, a growing number of legislatures around the world have introduced comprehensive data protection laws that emulate the GDPR or have updated existing laws to align with it. California became the first major non-European economy to catch the GDPR wave […]