On September 25, 2020, the Swiss Parliament approved revisions to Switzerland’s data protection law, the Federal Act on Data Protection of June 19, 1992 or FADP (“Revised FADP”). On August 31, 2022, the Swiss Federal Council decided that the Revised FADP will be brought into force on September 1st, 2023…
On January 12, 2022, the French data protection authority, Commission nationale de l’informatique et des libertés, issued guidance on the reuse of personal data by processors for their own purposes under the EU General Data Protection Regulation. The guidance addresses one of the most common — and hotly contested — aspects of…
In a draft opinion published today, the Israeli Privacy Protection Authority (IPPA) relaxed one of the most stringent requirements under Israel’s data protection law, which for years cast doubts over the legality of any onward transfer in case of a data transfer from Israel. The opinion states that onward transfers…
Authored by: Nicholas Losurdo and Christopher Grobbel The SEC recently solicited public comment on digital engagement practices (DEPs) used by some broker-dealers and investment advisers, including predictive data analytics, differential marketing, and behavioral prompts (such as gamification). The public comment window closes October 1, 2021. Comments letters submitted already are available here—viewpoints run…
The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…
Goodwin is thrilled to welcome Omer Tene and Lore Leitner to the data + privacy + cybersecurity group! More info
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reigns on how the New SCCs cover data transfers and what companies need to do to take advantage of them and comply with regulatory implementation guidance, including in relation to…
Since its passage almost three years ago, the California Consumer Privacy Act (“CCPA”) has offered California-based consumers certain rights over the personal information companies collect and process about them. While responding to any request to exercise CCPA rights creates its own set of challenges, one right in particular – the right to…
New York City tenants harboring “big brother” concerns over landlords abusing data collected through smart access (i.e., keyless entry) systems will soon be able to rest easier. Following California, Virginia, and the British Virgin Islands, the New York City Council recently became the latest legislative body to pass privacy legislation with the Tenant Data…
Corporate Social Responsibility (“CSR”) and Environmental, Social, and Governance (“ESG”) practices have increasingly become priorities for many organizations as they assess their obligations to their employees, customers, and the broader community. As companies work towards meeting these CSR and ESG objectives, one focus area is data rights and data privacy. Data…