On 17 December 2021, the Irish Data Protection Commission (“DPC”) published the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” (“the Fundamentals”). The Fundamentals set out principles and recommendations for companies to follow when processing children’s data in Ireland. The Fundamentals seek…
On January 6, 2022, the Israeli government released a long anticipated bill amending and updating Israel’s 1981 Privacy Protection Act (PPA) (the Bill). If passed, the Bill would constitute the most comprehensive update of the PPA in more than two decades. Primarily, the Bill greatly enhances the enforcement and investigation…
In a draft opinion published today, the Israeli Privacy Protection Authority (IPPA) relaxed one of the most stringent requirements under Israel’s data protection law, which for years cast doubts over the legality of any onward transfer in case of a data transfer from Israel. The opinion states that onward transfers…
Now that 2021 came to a close, what does our crystal ball predict for privacy developments in 2022? Here’s a quick rundown. Law and policy developments In 2022, expect an avalanche of new laws and regulations, attempting to govern and impose order on a dizzying array of tech developments. New…
In response to the growing threat to financial stability posed by cybersecurity incidents, the Office of the Comptroller of the Currency (OCC), the U.S. Department of the Treasury, the Federal Reserve Board, and the Federal Deposit Insurance Corporation (FDIC) (collectively, the “agencies”) published a rule titled “Computer-Security Incident Notification Requirements…
On 25 November 2021, the UK Information Commissioner’s Office (“ICO”) published an Opinion on Data Protection and Privacy Expectations for Online Advertising Proposals (“Opinion”). The Opinion emphasizes several data protection concerns relating to behavioural advertising and sets out overarching expectations that companies must meet to safeguard people’s privacy online when…
Data controllers processing personal data in Turkey must register with the Turkish Data Controllers Registry, “VERBIS”, to notify the Turkish Data Protection Authority (“DPA”) of their processing activities by 31 December 2021, under penalty of a fine. In addition, data controllers not established in Turkey (“foreign controllers”) will need to…
On 18 November 2021 the European Data Protection Board (“EDPB”) released its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”) for public consultation. The Guidelines clarify one of the most vexing issues in…
On September 22, 2021, Bill 64, the Act to Modernize Legislative Provisions respecting the Protection of Personal Information[1] (the “Act”) received royal assent in Québec. This important and comprehensive new data protection law will usher in significant changes to the protection of personal data in Québec, bringing the privacy regulatory…
View our Breaking Down the FTC’s Updates to the Safeguards Rule Webinar here. Below, find more details about what topics were covered in this webinar by Goodwin partners Boris Segalis and Anthony Alexis, and moderated by Mia Havel, Senior Privacy Counsel at Marsh & McLennan. You may also view materials…