Melinda L. McLellan

Subscribe to all posts by Melinda L. McLellan

International Data Protection Update

Photo of Nichole SterlingPhoto of Melinda L. McLellanPhoto of Andreas KaltsounisBy Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on Posted in Data Protection
This Update highlights some of the international data protection issues that caught our attention and the attention of our clients over the winter, including updates on European data transfers and cookie compliance, regulatory enforcement actions, and data protection laws in Canada, China, India and Saudi Arabia. Russia’s Attack on Ukraine Government cybersecurity agencies worldwide are … Continue Reading

International Data Protection Update – Summer 2021

Photo of Nichole SterlingPhoto of Melinda L. McLellanPhoto of Andreas KaltsounisBy Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on Posted in Data Protection, Enforcement, EU, GDPR, International Privacy Law
This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer. Asia-Pacific China’s Data Security Law and Personal Information Protection Law – This summer, the People’s Republic of China passed two new data protection laws. The Data Security Law (DSL) passed in June … Continue Reading

Updated EU Standard Contractual Clauses Are Finally Here

Photo of Nichole SterlingPhoto of Andreas KaltsounisPhoto of Melinda L. McLellanBy Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on Posted in EU, GDPR
On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait for revised SCCs. The new SCCs resolve certain practical issues companies faced when using the older versions but … Continue Reading

Highly Anticipated SCOTUS Ruling Upends TCPA Landscape

Photo of Melinda L. McLellanPhoto of BakerHostetlerBy Melinda L. McLellan and BakerHostetler on Posted in Telephone Consumer Protection Act
In a landmark decision issued April 1, 2021, the Supreme Court settled a hotly-contested debate over the definition of “automatic telephone dialing system” (or “autodialer”) under the 1991 Telephone Consumer Privacy Act (“TCPA”). The Court’s decision is likely to upend the TCPA compliance and litigation landscape, as the law’s private right of action coupled with … Continue Reading

International Data Protection Update – First Quarter 2021

Photo of Nichole SterlingPhoto of Andreas KaltsounisPhoto of Melinda L. McLellanBy Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on Posted in Data Protection
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months. Europe, the Middle East and Africa Cookies and Tracking Technologies – On March 31, 2021, the revised guidelines on cookies and trackers from the French data protection authority, … Continue Reading

European Authorities Release Back-to-Back Drafts Addressing Cross-Border Data Transfers

Photo of Melinda L. McLellanPhoto of Nichole SterlingBy Melinda L. McLellan and Nichole Sterling on Posted in EU, GDPR
Last week, both the European Data Protection Board (EDPB) and the European Commission released highly anticipated draft documents offering guidance to organizations that engage in cross-border data transfers involving EU personal data. The EDPB, an independent body responsible for consistent application of data protection rules throughout the EU, published draft recommendations on supplemental measures for transfer … Continue Reading

5 Key Things to Know about the Landmark Schrems II Decision

Photo of Andreas KaltsounisPhoto of Melinda L. McLellanPhoto of Jeewon SerratoPhoto of Nichole SterlingBy Andreas Kaltsounis, Melinda L. McLellan, Jeewon Serrato and Nichole Sterling on Posted in EU-U.S. Privacy Shield Framework, GDPR
Quick Links CJEU Press Release CJEU Decision Press Releases from the Parties Irish Data Protection Commission Max Schrems U.S. Department of Commerce Electronic Privacy Information Center (EPIC) BSA The Software Alliance DIGITALEUROPE 1. Is the EU-U.S. Privacy Shield framework dead? Yes, the Privacy Shield framework has been invalidated. The Court of Justice of the European … Continue Reading

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Photo of Nichole SterlingPhoto of Andreas KaltsounisPhoto of Melinda L. McLellanBy Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on Posted in Enforcement
Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO). This decision should cause entities to reconsider appointing … Continue Reading

Focus on Children’s Privacy Intensifies as Daily Life Moves Online

Photo of Carolina AlonsoPhoto of Melinda L. McLellanBy Carolina Alonso and Melinda L. McLellan on Posted in Children’s Privacy
With physical schools closed indefinitely, classrooms have moved online, either introducing or significantly expanding children’s use of virtual education technology and highlighting certain privacy concerns. Responding to this evolving environment, on April 9 the Federal Trade Commission (FTC) issued COPPA Guidance for Ed Tech Companies and Schools during the Coronavirus to address some common compliance … Continue Reading

The Privacy Governance and Technology Transactions Team

Photo of Janine Anthony BowenPhoto of Melinda L. McLellanBy Janine Anthony Bowen and Melinda L. McLellan on Posted in Consumer Data
The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Assets and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on display in its latest Practice Group, Digital Asset and Data Management (DADM), which offers holistic, enterprise-wide risk … Continue Reading

Following SCOTUS Cert Denial, Facebook Settles BIPA Case for $550 Million

Photo of Melinda L. McLellanBy Kamran Salour and Melinda L. McLellan on Posted in Biometrics
One decision, two far-reaching effects. This aptly describes the Supreme Court’s Jan. 21, 2020, decision to deny Facebook’s petition for certiorari in Patel v. Facebook. The Supreme Court’s denial spelled an end to Facebook’s nearly five-year quest to dismiss this case, which began in August 2015 when three Facebook users filed a consolidated putative class action alleging that … Continue Reading

CCPA Exceptions: What Qualifies as Activity ‘Wholly Outside’ of California?

Photo of Melinda L. McLellanBy Melinda L. McLellan and Arielle Brown on Posted in CCPA
Much has been said about the scope of the California Consumer Privacy Act (CCPA) and the far-reaching implications the law will have on businesses throughout the United States. Although it is true that the territorial reach of the law is broad, it is not without limits. The CCPA explicitly includes a geographic exception that may … Continue Reading

CCPA Amendment Progress Report: July Update

Photo of Melinda L. McLellanPhoto of Taylor A. BloomBy Melinda L. McLellan and Taylor A. Bloom on Posted in CCPA
As we reported in April, May and June, a number of potentially significant amendments to the California Consumer Privacy Act (CCPA) continue to make their way through the state legislative process. Below we provide a summary of recent developments from earlier this month, including changes that may materially affect how businesses approach their CCPA compliance … Continue Reading

EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

Photo of Melinda L. McLellanBy Melinda L. McLellan and Kyle R. Fath on Posted in GDPR
Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and … Continue Reading

In BIPA’s Wake, a Wave of New Biometric Privacy Proposals

Photo of Robyn M. FeldsteinPhoto of Melinda L. McLellanBy Robyn M. Feldstein and Melinda L. McLellan on Posted in Biometrics
Over the past year, a host of new national, state and local laws have been introduced to regulate the collection and use of biometric information. Although these proposals vary in their requirements, certain elements appear to be inspired in part by the Illinois Biometric Information Privacy Act (BIPA), which has been the subject of significant … Continue Reading

The California Consumer Privacy Act: Frequently Asked Questions

Photo of Melinda L. McLellanBy Alan L. Friel, Laura E. Jehl and Melinda L. McLellan on Posted in CCPA
The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on January 1, 2020. In the wake of the CCPA’s passage, approximately 15 other states introduced their own CCPA-like privacy legislation, and similar proposals are being considered at the federal level. Among the many differences between the CCPA … Continue Reading

Privacy Shield Update: Commission Report, Ombudsperson Deadline, Brexit Guidance

Photo of Melinda L. McLellanBy Melinda L. McLellan, Emily R. Fedeles and Kyle R. Fath on Posted in EU-U.S. Privacy Shield Framework, International Privacy Law, Online Privacy, Privacy Litigation
The end of 2018 saw heightened activity surrounding the EU-U.S. Privacy Shield Framework.  This blog post provides a news roundup on the following developments: • The European Commission’s (the “Commission”) December 19th report (the “Report”) summarizing the second annual joint review that was held in October 2018. • The Report’s February 28, 2019 deadline for … Continue Reading

Wearables in The Arena: The Shifting Legal Landscape Governing Fitness Trackers in Professional Sports

Photo of Melinda L. McLellanPhoto of Ron GaitherPhoto of Elizabeth McCurrachPhoto of Robyn M. FeldsteinBy Melinda L. McLellan, Ron Gaither, Elizabeth McCurrach and Robyn M. Feldstein on Posted in Biometrics, Internet of Things
The use of wearable technology (colloquially known as “wearables”) has been on the radar of athletes, sponsors, sports teams and leagues for years, with the various constituencies carefully balancing the necessity for player privacy with growing professional and financial interests. Following the Supreme Court’s decision in Murphy v. NCAA, which overturned the Professional and Amateur … Continue Reading

Canadian Breach Notification Requirements Take Effect November 1

Photo of Melinda L. McLellanPhoto of Julie HeinBy Melinda L. McLellan and Julie Hein on Posted in Data Breach Notification Laws, Data Security Incident Response
On April 18, 2018, the Canadian government published long-awaited Breach of Security Safeguards Regulations specifying the requirements for notifying the Office of the Privacy Commissioner and affected individuals of data breaches that pose a “real risk of significant harm.” The Regulations will come into force on November 1. As we previously reported, the Digital Privacy Act, … Continue Reading

Court Limits 2015 Text Marketing Rules, Gives New FCC an Opportunity to Provide Clarity

Photo of Melinda L. McLellanBy Alan L. Friel and Melinda L. McLellan on Posted in Advertising, Marketing
On March 16, the D.C. Circuit issued a long-awaited decision in a challenge to the Federal Communications Commission’s July 10, 2015 Declaratory Ruling and Order regarding the Telephone Consumer Protection Act (the July 2015 Order). We have previously explained the challenges created by the July 2015 Order here and here. On the whole, the unanimous 3-0 Decision offers some good … Continue Reading

Clock Ticking, European Commission Launches GDPR Implementation Guidance Website

Photo of Melinda L. McLellanBy Melinda L. McLellan and Aaron Lancaster on Posted in Enforcement, International Privacy Law
With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading

From the Mouths of Babes: FTC Issues COPPA Enforcement Policy Regarding Voice Recordings

Photo of Carolina AlonsoPhoto of Melinda L. McLellanBy Carolina Alonso, Alan L. Friel and Melinda L. McLellan on Posted in Children’s Privacy, Enforcement, Internet of Things, Online Privacy
On October 23, the Federal Trade Commission (FTC) released new guidance on how the Children’s Online Privacy Protection Act (COPPA) Rule may apply to audio recordings of children’s voices collected by websites and online services. Reflecting the FTC’s recent focus on privacy and security concerns related to the Internet of Things (IoT), the nonbinding Enforcement … Continue Reading

Privacy Shield Update: Ahead of First Joint Review, Europeans Remain Skeptical as FTC Announces Enforcement Actions

Photo of Melinda L. McLellanBy Melinda L. McLellan and Emily R. Fedeles on Posted in Enforcement, International Privacy Law
On September 8, 2017, the Federal Trade Commission (FTC) announced enforcement actions against three companies alleged to have falsely claimed participation in the EU-U.S. Privacy Shield Framework. The move follows several months of uncertainty surrounding the Framework’s future as EU officials and privacy advocates have questioned its efficacy and validity in the run-up to the … Continue Reading
LexBlog