Tag Archives: GDPR

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

International Data Protection Update – Summer 2021

By Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on September 21, 2021 Posted in Data Protection, Enforcement, EU, GDPR, International Privacy Law

This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer. Asia-Pacific China’s Data Security Law and Personal Information Protection Law – This summer, the People’s Republic of China passed two new data protection laws. The Data Security Law (DSL) passed in June … Continue Reading

Updated EU Standard Contractual Clauses Are Finally Here

By Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on June 8, 2021 Posted in EU, GDPR

On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait for revised SCCs. The new SCCs resolve certain practical issues companies faced when using the older versions but … Continue Reading

Privacy and Product Counseling: 2020 in Review

By Kyle R. Fath, Gerald J. Ferguson and Nichole Sterling on December 17, 2020 Posted in Privacy

Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic … Continue Reading

European Authorities Release Back-to-Back Drafts Addressing Cross-Border Data Transfers

By Melinda L. McLellan and Nichole Sterling on November 19, 2020 Posted in EU, GDPR

Last week, both the European Data Protection Board (EDPB) and the European Commission released highly anticipated draft documents offering guidance to organizations that engage in cross-border data transfers involving EU personal data. The EDPB, an independent body responsible for consistent application of data protection rules throughout the EU, published draft recommendations on supplemental measures for transfer … Continue Reading

Nevada Adds “Do Not Sell” Requirement to Privacy Law

By Shea M. Leitch and Alan L. Friel on June 5, 2019 Posted in CCPA, Consumer Data, GDPR

Last week, Nevada Governor Steve Sisolak signed new privacy legislation into law in Nevada. Senate Bill 220 (SB-220) updates Nevada Revised State 603A to provide consumers a new right to opt out of the sale of their data. Effective Oct. 1, 2019, the new law will come into effect prior to the more comprehensive California … Continue Reading

EU Regulators Increase Focus on Cookie Practices

By Laura E. Jehl, Kyle R. Fath, Jean Shin and Monique Matar on March 14, 2019 Posted in Enforcement, GDPR

In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures. Recent cookies-related regulatory guidance, however, from the Dutch data protection authority, Autoriteit Persoonsgegevens (“Dutch DPA”), … Continue Reading

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

By Laura E. Jehl, Kyle R. Fath and Jaime B. Petenko on January 31, 2019 Posted in EU-U.S. Privacy Shield Framework, International Privacy Law

With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data … Continue Reading

Racing to Meet the 72-hour Deadline to Report a Personal Data Breach in the EU? A GDPR Resource Is Available

By Laura E. Jehl and Jaime B. Petenko on January 28, 2019 Posted in GDPR, International Privacy Law

Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data breach to European Union (EU) supervisory authorities within 72 hours of becoming aware of the breach if it is likely to result in a … Continue Reading

Advocate General Opinion Supports Limiting the “Right to be Forgotten” to the EU

By Laura E. Jehl, Emily R. Fedeles and Nichole Sterling on January 23, 2019 Posted in GDPR, International Privacy Law

On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU. The advocates general assist the judges of the Court of Justice of the European Union (CJEU), providing independent legal solutions to issues presented … Continue Reading

NFA’s Amended Cybersecurity Guidance Includes New Incident Reporting Requirement

By Jonathan A. Forman on January 17, 2019 Posted in Cybersecurity, Incident Response

Following other regulators, the National Futures Association (NFA) recently amended its cybersecurity guidance to, among other things, impose a new cybersecurity incident reporting requirement on members. Cybersecurity Incident Reporting. According to the amended guidance, members will be required to report to NFA any cybersecurity incident related to the member’s commodity interest business that resulted in … Continue Reading

Privacy Shield Update: Commission Report, Ombudsperson Deadline, Brexit Guidance

By Melinda L. McLellan, Emily R. Fedeles and Kyle R. Fath on January 2, 2019 Posted in EU-U.S. Privacy Shield Framework, International Privacy Law, Online Privacy, Privacy Litigation

The end of 2018 saw heightened activity surrounding the EU-U.S. Privacy Shield Framework. This blog post provides a news roundup on the following developments: • The European Commission’s (the “Commission”) December 19th report (the “Report”) summarizing the second annual joint review that was held in October 2018. • The Report’s February 28, 2019 deadline for … Continue Reading

New FTC Provides Insights Into Its Plan for a Balanced Approach to Data Privacy and Security

By Alan L. Friel, John Busch and Carolina Alonso on December 19, 2018 Posted in Federal Legislation, GDPR, Online Privacy

This year brought unprecedented focus on consumer privacy – the rollout of the European Union General Data Protection Regulation (GDPR), the Cambridge Analytica controversy and Congressional hearings, a GDPR-light law coming out of California, more and bigger security incidents, and multiple proposals for an omnibus federal data protection law. The Federal Trade Commission (FTC or … Continue Reading

The Weekly Privacy Rewind

By Aaron Lancaster on December 5, 2018 Posted in Weekly Privacy Rewind

GDPR European Regulators Fine Uber Over 2016 Data Breach • British and Dutch privacy regulators issued fines totaling approximately $1.2 million against ride-hailing company Uber over its 2016 data breach. • According to the U.K.’s Information Commissioner’s Office, “a series of avoidable data security flaws” led to the exposure of personal information of approximately 2.7 … Continue Reading