ICO Issues Opinion on Data Protection and Privacy Expectations for Online Advertising Proposals

On 25 November 2021, the UK Information Commissioner’s Office (“ICO”) published an Opinion on Data Protection and Privacy Expectations for Online Advertising Proposals (“Opinion”). The Opinion emphasizes several data protection concerns relating to behavioural advertising and sets out overarching expectations that companies must meet to safeguard people’s privacy online when…

Read More

Approaching Deadline for Data Controller Registration and Representation Requirements in Turkey

Data controllers processing personal data in Turkey must register with the Turkish Data Controllers Registry, “VERBIS”, to notify the Turkish Data Protection Authority (“DPA”) of their processing activities by 31 December 2021, under penalty of a fine. In addition, data controllers not established in Turkey (“foreign controllers”) will need to…

Read More

EDPB Defines a "Transfer" Under the GDPR

On 18 November 2021 the European Data Protection Board (“EDPB”) released its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”) for public consultation.  The Guidelines clarify one of the most vexing issues in…

Read More

Québec Adopts New Comprehensive Data Protection Law

On September 22, 2021, Bill 64, the Act to Modernize Legislative Provisions respecting the Protection of Personal Information[1] (the “Act”) received royal assent in Québec.  This important and comprehensive new data protection law will usher in significant changes to the protection of personal data in Québec, bringing the privacy regulatory…

Read More

Biometrics Regulations: Navigating US Biometric Laws

The United States is in need of comprehensive federal data privacy legislation, which may finally be gaining traction. In late 2019, two competing federal privacy proposals were drafted. Senate Bill 2968 (the “Consumer Online Privacy Rights Act”), was introduced by Senator Maria Cantwell (D-WA), among others.  And the “United States…

Read More

China Publishes Draft Guidelines on Security Review Requirements for Data Exports

China’s new framework for regulating data transfers is beginning to take shape. On October 29, 2021, China’s cybersecurity regulator, the Cyberspace Administration of China (CAC), published draft guidelines outlining when and how data controllers must undergo a security assessment before transferring data out of China pursuant to the country’s recently-issued…

Read More

SEC Seeks Input on BD and RIA Digital Engagement Practices

Authored by: Nicholas Losurdo and Christopher Grobbel The SEC recently solicited public comment on digital engagement practices (DEPs) used by some broker-dealers and investment advisers, including predictive data analytics, differential marketing, and behavioral prompts (such as gamification).  The public comment window closes October 1, 2021.  Comments letters submitted already are available here—viewpoints run…

Read More

EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR: Another New Set of SCCs Seen

The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…

Read More