The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to put in place to use Standard Contractual Clauses and Binding Corporate Rules.
In the wake of the Court of Justice of the European Union’s Schrems II judgment, on July 23, 2020, the European Data Protection Board (EDPB) adopted a Frequently Asked Questions document to “provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.” The EDPB stated that the document will be updated, and further guidance provided, as it continues to examine and consider the judgment. The six-page FAQs provides the following guidance.
In a ground-breaking opinion issued today, the Court of Justice of the European Union invalidated the EU-US Privacy Shield Decision as a method for transferring personal data from the EU to the US. In short, the Decision was invalidated over Privacy Shield’s failure to adequately address US government surveillance activities.
According to multiple sources, a bipartisan group of Senators plan to introduce a bill to regulate the use of contact-tracing and exposure notification apps. The bill, entitled the “Exposure Notification Privacy Act” is the latest in a series of bills that seek to regulate these new apps. The new bipartisan bill raises hopes that federal privacy legislation (albeit on a limited issue) may finally pass.
Although it is unclear whether the forthcoming bill has any chance of becoming law, it is further evidence that companies need to consider the significant privacy issues and risks associated with implementing COVID-19-related technology.
On April 30, 2020, a group of four Republican Senators announced their plan to introduce federal privacy legislation that would regulate the collection and use of personal information relating to the fight against the Coronavirus pandemic. How would the proposed bill, COVID-19 Consumer Data Protection Act, attempt to solve privacy concerns?
On Friday, February 28, 2020 the Washington House Innovation, Technology & Economic Development Committee (ITED) voted to pass a strengthened version of the Washington Privacy Act (WPA) out of committee. On February 14, the Washington Senate voted overwhelmingly to pass the WPA. Yet, after moving to the House, the WPA encountered substantial resistance from privacy advocates. At a public hearing on February 21, 2020 privacy advocates argued against the WPA’s lack of a private right of action, facial recognition provisions and preemption of local laws, among other things.
In a prior article, we analyzed Articles 1 through 4 of the California Attorney General’s proposed California Consumer Privacy Act (“CCPA”) regulations. This article discusses Article 5 (Special Rules Regarding Minors) and Article 6 (Non-Discrimination). The CCPA went into effect on January 1, 2020, which means that businesses should, at a minimum, be updating their online privacy policies and accepting and responding to consumer requests.
On October 10, 2019, the California Attorney General's office published its long-awaited proposed California Consumer Privacy Act (CCPA) regulations. What are they, and what should enterprises do to achieve compliance and avoid costly fines?
On October 10, 2019, the California Attorney General’s (AG) office published its long-awaited proposed California Consumer Privacy Act (CCPA) regulations. The AG’s office also announced that it will hold public hearings on the regulations on December 2-5.