Melinda L. McLellan

Subscribe to all posts by Melinda L. McLellan

International Data Protection Update – First Quarter 2021

This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months. Europe, the Middle East and Africa Cookies and Tracking Technologies – On March 31, 2021, the revised guidelines on cookies and trackers from the French data protection authority, … Continue Reading

European Authorities Release Back-to-Back Drafts Addressing Cross-Border Data Transfers

Last week, both the European Data Protection Board (EDPB) and the European Commission released highly anticipated draft documents offering guidance to organizations that engage in cross-border data transfers involving EU personal data. The EDPB, an independent body responsible for consistent application of data protection rules throughout the EU, published draft recommendations on supplemental measures for transfer … Continue Reading

5 Key Things to Know about the Landmark Schrems II Decision

Quick Links CJEU Press Release CJEU Decision Press Releases from the Parties Irish Data Protection Commission Max Schrems U.S. Department of Commerce Electronic Privacy Information Center (EPIC) BSA The Software Alliance DIGITALEUROPE 1. Is the EU-U.S. Privacy Shield framework dead? Yes, the Privacy Shield framework has been invalidated. The Court of Justice of the European … Continue Reading

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO). This decision should cause entities to reconsider appointing … Continue Reading

Focus on Children’s Privacy Intensifies as Daily Life Moves Online

With physical schools closed indefinitely, classrooms have moved online, either introducing or significantly expanding children’s use of virtual education technology and highlighting certain privacy concerns. Responding to this evolving environment, on April 9 the Federal Trade Commission (FTC) issued COPPA Guidance for Ed Tech Companies and Schools during the Coronavirus to address some common compliance … Continue Reading

The Privacy Governance and Technology Transactions Team

The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Assets and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on display in its latest Practice Group, Digital Asset and Data Management (DADM), which offers holistic, enterprise-wide risk … Continue Reading

Following SCOTUS Cert Denial, Facebook Settles BIPA Case for $550 Million

One decision, two far-reaching effects. This aptly describes the Supreme Court’s Jan. 21, 2020, decision to deny Facebook’s petition for certiorari in Patel v. Facebook. The Supreme Court’s denial spelled an end to Facebook’s nearly five-year quest to dismiss this case, which began in August 2015 when three Facebook users filed a consolidated putative class action alleging that … Continue Reading

CCPA Exceptions: What Qualifies as Activity ‘Wholly Outside’ of California?

Much has been said about the scope of the California Consumer Privacy Act (CCPA) and the far-reaching implications the law will have on businesses throughout the United States. Although it is true that the territorial reach of the law is broad, it is not without limits. The CCPA explicitly includes a geographic exception that may … Continue Reading

CCPA Amendment Progress Report: July Update

As we reported in April, May and June, a number of potentially significant amendments to the California Consumer Privacy Act (CCPA) continue to make their way through the state legislative process. Below we provide a summary of recent developments from earlier this month, including changes that may materially affect how businesses approach their CCPA compliance … Continue Reading

EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and … Continue Reading

In BIPA’s Wake, a Wave of New Biometric Privacy Proposals

Over the past year, a host of new national, state and local laws have been introduced to regulate the collection and use of biometric information. Although these proposals vary in their requirements, certain elements appear to be inspired in part by the Illinois Biometric Information Privacy Act (BIPA), which has been the subject of significant … Continue Reading

The California Consumer Privacy Act: Frequently Asked Questions

The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on January 1, 2020. In the wake of the CCPA’s passage, approximately 15 other states introduced their own CCPA-like privacy legislation, and similar proposals are being considered at the federal level. Among the many differences between the CCPA … Continue Reading

Privacy Shield Update: Commission Report, Ombudsperson Deadline, Brexit Guidance

The end of 2018 saw heightened activity surrounding the EU-U.S. Privacy Shield Framework.  This blog post provides a news roundup on the following developments: • The European Commission’s (the “Commission”) December 19th report (the “Report”) summarizing the second annual joint review that was held in October 2018. • The Report’s February 28, 2019 deadline for … Continue Reading

Wearables in The Arena: The Shifting Legal Landscape Governing Fitness Trackers in Professional Sports

The use of wearable technology (colloquially known as “wearables”) has been on the radar of athletes, sponsors, sports teams and leagues for years, with the various constituencies carefully balancing the necessity for player privacy with growing professional and financial interests. Following the Supreme Court’s decision in Murphy v. NCAA, which overturned the Professional and Amateur … Continue Reading

Canadian Breach Notification Requirements Take Effect November 1

On April 18, 2018, the Canadian government published long-awaited Breach of Security Safeguards Regulations specifying the requirements for notifying the Office of the Privacy Commissioner and affected individuals of data breaches that pose a “real risk of significant harm.” The Regulations will come into force on November 1. As we previously reported, the Digital Privacy Act, … Continue Reading

Court Limits 2015 Text Marketing Rules, Gives New FCC an Opportunity to Provide Clarity

On March 16, the D.C. Circuit issued a long-awaited decision in a challenge to the Federal Communications Commission’s July 10, 2015 Declaratory Ruling and Order regarding the Telephone Consumer Protection Act (the July 2015 Order). We have previously explained the challenges created by the July 2015 Order here and here. On the whole, the unanimous 3-0 Decision offers some good … Continue Reading

Clock Ticking, European Commission Launches GDPR Implementation Guidance Website

With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading

From the Mouths of Babes: FTC Issues COPPA Enforcement Policy Regarding Voice Recordings

On October 23, the Federal Trade Commission (FTC) released new guidance on how the Children’s Online Privacy Protection Act (COPPA) Rule may apply to audio recordings of children’s voices collected by websites and online services. Reflecting the FTC’s recent focus on privacy and security concerns related to the Internet of Things (IoT), the nonbinding Enforcement … Continue Reading

Privacy Shield Update: Ahead of First Joint Review, Europeans Remain Skeptical as FTC Announces Enforcement Actions

On September 8, 2017, the Federal Trade Commission (FTC) announced enforcement actions against three companies alleged to have falsely claimed participation in the EU-U.S. Privacy Shield Framework. The move follows several months of uncertainty surrounding the Framework’s future as EU officials and privacy advocates have questioned its efficacy and validity in the run-up to the … Continue Reading

SEC Cybersecurity Risk Alert Emphasizes Proactive Compliance and Ongoing Vigilance

On August 7, 2017, the Securities and Exchange Commission (SEC) released its latest cybersecurity risk alert, detailing findings from the examination of 75 broker-dealers, investment advisers and investment companies carried out by its Office of Compliance Inspections and Examinations (OCIE) pursuant to its 2015 cybersecurity examination initiative. In contrast with the previous round of examinations, … Continue Reading

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Carried Over

Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016.  Similar to its predecessors, the new Nevada … Continue Reading

New York DFS Updates FAQs to Clarify Applicability of Cybersecurity Regulation

With the first compliance deadline now less than two months away, the New York Department of Financial Services (NYDFS) has provided additional clarity concerning its new Cybersecurity Requirements for Financial Services Companies (the “Cybersecurity Regulation”) by publishing an update to previously issued Frequently Asked Questions. We reported on the forthcoming Cybersecurity Regulation in January and … Continue Reading

Washington State Passes Legislation Governing the Use of Biometric Information

Effective July 23, 2017, Washington will join Illinois and Texas as the third U.S. state to impose statutory restrictions on how businesses collect, use, disclose and retain biometric information. House Bill 1493 applies to entities that “enroll a biometric identifier in a database for a commercial purpose” and includes requirements to provide notice to individuals … Continue Reading
LexBlog