Corporate Social Responsibility (“CSR”) and Environmental, Social, and Governance (“ESG”) practices have increasingly become priorities for many organizations as they assess their obligations to their employees, customers, and the broader community. As companies work towards meeting these CSR and ESG objectives, one focus area is data rights and data privacy. Data…
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the GDPR. The decision signals European regulators’ growing scrutiny of how companies exercise discretion in incident response decisions….
Regulation of the collection and use of biometric data is on the rise, a trend which is likely to continue through 2021 and beyond. Currently, three states have laws that regulate what private businesses can do with biometric data, and nearly a dozen other states and cities have proposed bills…
On March 2, 2021, Virginia enacted the Consumer Data Protection Act (“VCDPA”). The VCDPA will become effective January 1, 2023. The VCDPA shares its roots with the California Consumer Protection Act (“CCPA”) and the recently approved California Privacy Rights Act (“CPRA”), and will regulate how businesses (the VCDPA refers to businesses as “controllers”) collect and share…
The recent flurry of Biometric Information Privacy Act (BIPA) activity in California and elsewhere has called into question the effectiveness of an increasingly common defense to BIPA litigation in Illinois: that federal courts in Illinois do not have personal jurisdiction over companies headquartered and incorporated in other states, and conducting…
Earlier this year, the European Data Protection Board (“EDPB”) issued additional guidance on the application of the General Data Protection Regulation (“GDPR”) in the area of scientific health research. In Key Takeaways from the Guidance, The EDPB: Confirmed that the informed consent that individuals must provide under ethical standards to participate in…
New York State Legislature Proposes Biometric Privacy Act On January 6, 2021, the New York state legislature proposed the Biometric Privacy Act (AB 27) to regulate the collection of biometric information by companies doing business in the state. The bill is currently in committee, and if enacted, New York would…