On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the GDPR. The decision signals European regulators’ growing scrutiny of how companies exercise discretion in incident response decisions….
Regulation of the collection and use of biometric data is on the rise, a trend which is likely to continue through 2021 and beyond. Currently, three states have laws that regulate what private businesses can do with biometric data, and nearly a dozen other states and cities have proposed bills…
The UK Information Commissioner’s Office (“ICO”) has published a letter sent to the U.S. Securities and Exchange Commission. The ICO confirms that it is possible for SEC regulated UK firms to transfer personal data to the U.S. where the transfer is necessary for important reasons of public interest (the derogation in Article…
The recent flurry of Biometric Information Privacy Act (BIPA) activity in California and elsewhere has called into question the effectiveness of an increasingly common defense to BIPA litigation in Illinois: that federal courts in Illinois do not have personal jurisdiction over companies headquartered and incorporated in other states, and conducting…