Search Results: Data Privacy in Transactions and Agreements

Latest EDPB Opinion: What You Need to Know About Using Processors and Sub-Processors

On October 9, 2024, the European Data Protection Board (“EDPB”) issued an Opinion 22/2024, offering guidance on the use of processors and sub-processors by controllers. Here are the key takeaways: If Your Business Acts as a Controller You Make the Final Call: Your processor might recommend using a particular sub-processor,…

Read More

Texas’ New Privacy Law Goes Into Effect – and Attorney General Builds Enforcement Team

Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town. On July 1, Texas’ Data Privacy and Security Act goes into effect as one of the strongest…

Read More

College Board Settles for $750,000 Penalty for Sharing and Selling Student Data in Violation of New York State’s Student Privacy Law

On February 13, 2024, New York State’s Attorney General (AG) Letitia James and the New York State Education Department (NYSED) announced a $750,000 settlement with the non-profit College Board over allegations that College Board shared and sold student personal information in violation of the state’s student privacy law, New York…

Read More

Data Privacy Day 2024: What’s Hot in Privacy? Everything

This year, Data Privacy Day, January 28, fell on a Sunday, allowing us extra time to contemplate – between NFL championship games – the top ten things to keep your eyes on in US privacy in 2024. The coming year will continue to feature a dizzying pace of developments, including…

Read More

Goodwin’s 2024 Data, Privacy & Cybersecurity Outlook

As we kick off 2024, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. Will AI continue to be the trendsetter, even among privacy regulators? And what will businesses do to keep up to date with all emerging laws,…

Read More

Delaware Personal Data Privacy Act: What Businesses Need to Know

On September 11, 2023, Delaware Governor John Carney signed House Bill No. 154, referred to as the Delaware Personal Data Privacy Act (DPDPA), into law. With the passage of the DPDPA, Delaware became the thirteenth state to adopt a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, and Oregon. The DPDPA…

Read More

EU Court of Justice Confirms GDPR Security Measures Can Be “Appropriate” Even If Not Foolproof

On December 14, 2023, the EU Court of Justice (“CJEU”) issued its first ever ruling on the scope of data security requirements under the GDPR. In VB v. NAP, the CJEU held that an organization is not liable for a security breach unless it failed to implement appropriate security measures….

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of October 30, 2023

Case Law Updates and Fines On May 29, 2023, the Hellenic Data Protection Authority (HDPA) published Decision No. 20/2023, in which it fined WIND Hellas Telecommunications S.A. (now NOVA Telecommunications & Media Monoprosopi SA) €150,000, for violations of the General Data Protection Regulation (GDPR), following a complaint. You can read the press release here and the…

Read More

New Swiss Data Protection Law Will Become Effective September 1st, 2023 – What You Need to Know

On September 25, 2020, the Swiss Parliament approved revisions to Switzerland’s data protection law, the Federal Act on Data Protection of June 19, 1992 or FADP (“Revised FADP”). On August 31, 2022, the Swiss Federal Council decided that the Revised FADP will be brought into force on September 1st, 2023…

Read More

CNIL Sets Parameters for Processors' Reuse of Data for Product Improvement

On January 12, 2022, the French data protection authority, Commission nationale de l’informatique et des libertés, issued guidance on the reuse of personal data by processors for their own purposes under the EU General Data Protection Regulation. The guidance addresses one of the most common — and hotly contested — aspects of…

Read More