This year, Data Privacy Day, January 28, fell on a Sunday, allowing us extra time to contemplate – between NFL championship games – the top ten things to keep your eyes on in US privacy in 2024. The coming year will continue to feature a dizzying pace of developments, including…
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the “Data Security Law”) went into effect. The Data Security Law and the Personal Information…
On 17 December 2021, the Irish Data Protection Commission (“DPC”) published the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” (“the Fundamentals”). The Fundamentals set out principles and recommendations for companies to follow when processing children’s data in Ireland. The Fundamentals seek…
On January 6, 2022, the Israeli government released a long anticipated bill amending and updating Israel’s 1981 Privacy Protection Act (PPA) (the Bill). If passed, the Bill would constitute the most comprehensive update of the PPA in more than two decades. Primarily, the Bill greatly enhances the enforcement and investigation…
On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee of China’s National People’s Congress, China’s top legislative body, and is slated to take effect on…
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the GDPR. The decision signals European regulators’ growing scrutiny of how companies exercise discretion in incident response decisions….
The UK Information Commissioner’s Office (“ICO”) has published a letter sent to the U.S. Securities and Exchange Commission. The ICO confirms that it is possible for SEC regulated UK firms to transfer personal data to the U.S. where the transfer is necessary for important reasons of public interest (the derogation in Article…