Search Results for:

European Top Court Confirms Companies Need to Name “Recipients” of Personal Data When Responding to Access Requests, Not Just Categories

On January 12, 2023, the Court of Justice of the European Union (“CJEU”) ruled in case C-154/21 | Österreichische Post AG that controllers must provide the specific identity of any “recipient” of personal data in response to a GDPR access request. While the GDPR itself states that controllers may inform…

Read More

EU Commission Publishes Draft Adequacy Decision on Privacy Shield 2.0

On December 13, 2022, the European Commission published a draft adequacy decision on the EU-US Data Privacy Framework (the “Framework”), the successor to the EU-US Privacy Shield Framework that was famously struck down by Europe’s top court two years ago. While the purpose of the draft adequacy decision, once adopted,…

Read More

President Biden Signs “Privacy Shield” Executive Order to Address European Concerns Over Surveillance Practices in the United States

UPDATE: On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence that will form the basis of a new EU-U.S. Data Privacy Framework (“DPF”). The DPF, which President Biden and European…

Read More

The Sephora Case: Do Not Sell - But Are You Selling?

Businesses barely had time to recover from a hectic privacy summer, with U.S. privacy legislation making progress on the Hill and the U.S. Federal Trade Commission’s launch of a sweeping rulemaking initiative, when California Attorney General Rob Bonta dropped a bombshell: The first enforcement settlement under the California Consumer Privacy Act. Pursuant…

Read More

FTC Announces Advanced Notice of Proposed Rulemaking on Privacy and Data Security

On August 11, 2022, the FTC issued an Advanced Notice of Proposed Rulemaking (ANPR) to request public comment on commercial privacy and security practices and their effects on consumers. The ANPR is a first – and tentative – step towards the development of privacy and data security regulations that would,…

Read More

U.S. and EU Reach Political Agreement On a New Trans-Atlantic Data Privacy Framework: The Implications for Businesses

On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…

Read More

Utah Passes Comprehensive Consumer Privacy Legislation

On March 24, 2022, Utah became the fourth U.S. state to adopt consumer data privacy legislation after Utah Gov. Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”).  The UCPA is largely based on the Virginia Consumer Data Protection Act (“VCDPA”). It regulates how a controller (defined by the UCPA…

Read More

CNIL Sets Parameters for Processors' Reuse of Data for Product Improvement

On January 12, 2022, the French data protection authority, Commission nationale de l’informatique et des libertés, issued guidance on the reuse of personal data by processors for their own purposes under the EU General Data Protection Regulation. The guidance addresses one of the most common — and hotly contested — aspects of…

Read More

EDPB Defines a "Transfer" Under the GDPR

On 18 November 2021 the European Data Protection Board (“EDPB”) released its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”) for public consultation.  The Guidelines clarify one of the most vexing issues in…

Read More