
Courtney M. Bowman
Subscribe to all posts by Courtney M. Bowman
The California Consumer Privacy Act (CCPA) is a major new state law poised to affect the privacy landscape not just in California, but in the U.S. as a whole. (For a detailed overview of the CCPA, read our previous post.) On August 31, the California legislature passed several amendments to the CCPA that will have a … Continue Reading
This has been a big year in the data protection world, with the headline-grabbing General Data Protection Regulation (GDPR) occupying most of the spotlight with its plethora of privacy-related requirements and potential for high fines for violators. While companies (justifiably) may be focused on the GDPR at the moment, it’s also important to keep an … Continue Reading
In November 2017, New York Attorney General Eric Schneiderman introduced the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) in the state’s Legislature. Companies – big and small – that collect information from New York residents should take note, as the Act could mean increased compliance costs, as well as potential enforcement actions for those that … Continue Reading
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies are on the lookout for any interpretive guidance from EU or member state authorities that will help them focus their compliance efforts. … Continue Reading
China’s new Cybersecurity Law is one of the most important pieces of privacy and cybersecurity legislation we’ll see this year, and companies of all sizes need to be aware of its requirements – regardless of whether or not they have a physical presence in China. The new law goes into effect on June 1, 2017, … Continue Reading
In 2017, there are few words that make companies – and their counsel – shudder more than “data breach.” Recent high-profile breaches and the resulting litigation have shown that breaches can be embarrassing, harmful to a company’s brand, and extremely expensive to handle – both in terms of response costs and, potentially, damages paid to … Continue Reading
Proskauer litigation associate Courtney Bowman and Jonathan Reardon, head of the Al Khobar, Saudi Arabia office of the Middle East-based firm Al Tamini & Co., recently co-authored an article published by Bloomberg about Saudi Arabia’s draft cloud computing regulations. The article analyzes the draft regulations and their potential impact on cloud service providers seeking to … Continue Reading
At the end of last year, Qatar became the first Gulf state to enact a comprehensive privacy law. Until now, the many companies that market to consumers or have employees based in Gulf Cooperation Council (GCC) countries have had to determine their local practices based on the various countries’ patchwork of sector-specific laws and regulations, … Continue Reading
On Friday, the Article 29 Working Party issued official guidance relating to the General Data Protection Regulation, or GDPR (which we’ve covered in previous posts here and here). The Article 29 Working Party is comprised of representatives of the various EU Member States’ data protection authorities (DPAs), so this marks the first time that the … Continue Reading
Proskauer litigation associate Courtney Bowman and Jonathan Reardon, head of the Al Khobar, Saudi Arabia office of the Middle East-based firm Al Tamini & Co., recently co-authored an article published by Corporate Counsel about privacy laws in Saudi Arabia. The article provides valuable insight into the Kingdom’s privacy regime and focuses specifically on the central … Continue Reading
On October 19, the Court of Justice of the European Union (CJEU) ruled that dynamic IP addresses may qualify as “personal data” under EU privacy law. As we covered here on the blog a few months ago, this decision is significant because it clarifies that companies that collect, store, process, and/or transfer dynamic IP addresses … Continue Reading
The Privacy Shield is now live, having gone into effect on August 1. Perhaps emboldened by the Article 29 Working Party’s late July announcement that European regulators will not challenge the program’s adequacy for at least a year (after the first annual review of the program in May 2017), companies have begun self-certifying in order … Continue Reading
Yesterday, the European Commission adopted the EU-US Privacy Shield, a framework designed to replace the invalidated Safe Harbor program. In theory, the Privacy Shield offers its adherents a relatively simple, straightforward way to legally transfer personal data from the EU to the US. In reality, however, the Privacy Shield is likely to face legal challenges … Continue Reading
As a result of Thursday’s historic referendum, the United Kingdom will be leaving the EU. The decision will have a profound effect on many areas, including the global economy, trade, immigration and, potentially, the continued unity of the UK. The United Kingdom won’t be departing immediately, though – it must invoke Article 50 of the … Continue Reading
Last month, one of the Advocate Generals (“AG”) of the Court of Justice of the European Union (“CJEU”), Manuel Campos Sánchez-Bordona, issued an opinion suggesting that dynamic IP addresses should be recognized as “personal data” under EU law. If the CJEU adopts this reasoning, it would represent a landmark decision that would resolve a contentious … Continue Reading
On May 16, 2016, the Supreme Court decided Spokeo, Inc. v. Robins, ruling that a plaintiff must sufficiently allege an injury that is both concrete and particularized in order to have Article III standing, and further that a “bare procedural violation” of a plaintiff’s statutory right may not be sufficiently “concrete” under this analysis. This ruling … Continue Reading
On Wednesday, the EU’s Article 29 Working Party issued its much-anticipated statement on the viability of the proposed EU-US Privacy Shield. As we’ve detailed previously, EU and US officials reached agreement on the Privacy Shield arrangement, which was meant to serve as a replacement for the invalidated Safe Harbor program, back in February, and released … Continue Reading
After a decade of winding its way through the legislative process, Turkey’s new Data Protection Law entered into force on April 7. Although Turkey previously had a few sectoral data protection laws on the books, this is the first time the country has had an omnibus data protection law. Although details remain somewhat scant at … Continue Reading
Yesterday, the European Commission announced that EU and US officials had reached an agreement to implement a program known as the EU-US Privacy Shield. Privacy Shield is designed to be the successor to the Safe Harbor program, which the European Court of Justice (CJEU) invalidated last October. The announcement brings some relief to the many … Continue Reading
Companies anxiously watching their calendars to see if a new Safe Harbor program will be introduced before the end of January may get their wish: yesterday, a European Commission official announced that the Commission will inform the European Parliament of the outcome of negotiations for a new Safe Harbor program by Monday, February 1. This … Continue Reading
Now that it’s been approved by the EU Parliament’s Civil Liberties Committee, Europe’s General Data Protection Regulation (the “GDPR” or the “Regulation”) is well on its way to replacing the 20-year-old Data Protection Directive (the “Directive”) as the EU’s omnibus data protection law. Although it won’t officially become law until it receives the approval of … Continue Reading
Following yesterday’s announcement that European officials had agreed on the language of the EU’s new General Data Protection Regulation (“GDPR” or “Regulation”), today the EU Parliament’s Civil Liberties Committee approved the text of the GDPR. The GDPR isn’t law yet, as it still needs to be approved by the EU Parliament next month. However, the … Continue Reading
Poland’s data protection authority, the Generalny Inspektor Ochrony Danych Osobowych (GIODO), recently issued its opinion on the continued validity of personal data transfers to the US. The opinion comes at a time when nearly every means of legitimizing data transfers from the EU to the US has come under fire: on October 6, the European … Continue Reading
Today, the European Court of Justice (CJEU) invalidated the US-EU Safe Harbor framework, effective immediately. This momentous decision jeopardizes the continued flow of data from Europe to the US. As the Safe Harbor framework has been in place for 15 years and counts more than 4500 companies among its participants, today’s ruling is poised to … Continue Reading
California Legislature Passes Amendments to the California Consumer Privacy Act
By Courtney M. Bowman and Kristen J. Mathews on Posted in California, Data Privacy Laws, Privacy Law
The California Consumer Privacy Act of 2018
By Courtney M. Bowman and Kristen J. Mathews on Posted in California, Data Privacy Laws, Privacy Law
A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements
By Courtney M. Bowman on Posted in Cybersecurity, Data Breaches, Privacy Law, Security Breach Notification Laws
GDPR Compliance Update: Which Government Authorities Have Issued Official GDPR Guidance?
By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International, Privacy Law
A Primer on China’s New Cybersecurity Law: Privacy, Cross-Border Transfer Requirements, and Data Localization
By Courtney M. Bowman, Lijuan Hou and Ying Li on Posted in Cybersecurity, Data Privacy Laws, International, Privacy Law
Part 1: Data Breach 101 – Data Breach Notification Laws
By Courtney M. Bowman on Posted in Commercial Litigation, Data Breaches
Kingdom in the Cloud: Saudi Arabia’s Draft Cloud Computing Regulations
By Courtney M. Bowman on Posted in Cloud Computing, International
Qatar’s New Personal Data Privacy Law
By Courtney M. Bowman on Posted in Data Privacy Laws, International, Privacy Law
European DPAs Issue First GDPR Guidance
By Courtney M. Bowman on Posted in European Union, International, Privacy Law
Privacy Law in Saudi Arabia: A Primer for Businesses
By Courtney M. Bowman on Posted in Data Privacy Laws, International
EU Court Rules that Dynamic IP Addresses are Personal Data…Sometimes
By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
German DPA Plans to Challenge Privacy Shield
By Courtney M. Bowman on Posted in European Union
Privacy Shield Adopted, But Uncertainty Remains
By Courtney M. Bowman on Posted in European Union, International
Brexit: Potential Implications for Privacy
By Courtney M. Bowman on Posted in European Union, International
Are Dynamic IP Addresses Personal Data? A Primer
By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International, Online Privacy
The Supreme Court’s Spokeo Decision and its Potential Impact on Privacy and Data Security Class Actions
By Courtney M. Bowman on Posted in Commercial Litigation, Privacy Litigation
Article 29 Working Party has “Strong Concerns” About Privacy Shield
By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
An Overview of Turkey’s New Data Protection Law
By Courtney M. Bowman on Posted in Data Privacy Laws, International
Safe Harbor 2.0 Agreement Reached; New Program to be Named “Privacy Shield”
By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
New Safe Harbor Deal Possible by February 1
By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
A Primer on the GDPR: What You Need to Know
By Courtney M. Bowman on Posted in European Union, International
GDPR Text Approved
By Courtney M. Bowman on Posted in European Union, International
Polish DPA Speaks Out on Data Transfers to the U.S.
By Courtney M. Bowman on Posted in European Union, International
US-EU Safe Harbor Invalidated: What Now?
By Courtney M. Bowman on Posted in European Union, International