privacy law

Subscribe to privacy law via RSS

It has been reported that European Commission will publish the final versions of new forms of Standard Contractual Clauses (“SCCs”) shortly (even potentially within the next few days). The Commission published draft versions of these SCCs and the implementing Commission Decisions in December 2020. These new SCCs are, arguably, the most significant development in European data protection law since the coming into force of the EU General Data Protection Regulation (“GDPR”) in May 2018, which was three years ago this month.  These new SCCs will replace prior versions of the SCCs, some of which date back to 2001 and pre-date the GDPR. We are closely monitoring developments in this area and will report on the new SCCs as soon as these are published. We expect the impact of these SCCs to be significant on organizations which are directly subject to the GDPR or which receive personal data from organizations that are subject to the GDPR.

COVID-19, the California Consumer Privacy Act (CCPA) coming into force, and the invalidation of the EU-US Privacy Shield already made 2020 an especially active year for privacy and data security risks and obligations. Rounding out the year, December then brought discovery of the unprecedented Solarwinds cyberattack affecting government agencies, critical

A previous blog post discussed FTC Chairwoman Slaughter’s first priority as the newly designated chairwoman – the COVID-19 pandemic. The FTC’s second priority, racial equity, can be broken down into two sub issues. First, the FTC plans to investigate biased and discriminatory algorithms that target vulnerable communities. As the FTC acknowledges, the analysis of data can help companies and consumers, “as it can guide the development of new products and services, predict the preferences of individuals, help tailor services and opportunities, and guide individualized marketing.”  Nonetheless, the FTC cautions companies to consider the below before making decisions based on the results of big data analysis.

On January 21, 2021, President Biden designated Federal Trade Commission (the “FTC”) Commissioner Rebecca Kelly Slaughter as acting chair of the FTC. Soon thereafter in one of her first speeches in her new role, Chairwoman Slaughter announced two substantive areas of priority for the FTC – the COVID-19 pandemic and racial equity.

On February 4, 2021, the Eleventh Circuit affirmed the dismissal of a customer’s proposed class action lawsuit against a Florida-based fast-food chain, PDQ, over a data breach. The three-judge panel rejected the argument that an increased risk of identity theft was a concrete injury sufficient to confer Article III standing,

The California Consumer Privacy Act (CCPA) is a major new state law poised to affect the privacy landscape not just in California, but in the U.S. as a whole. (For a detailed overview of the CCPA, read our previous post.) On August 31, the California legislature passed several amendments to the CCPA that will have a significant impact on its implementation.

This has been a big year in the data protection world, with the headline-grabbing General Data Protection Regulation (GDPR) occupying most of the spotlight with its plethora of privacy-related requirements and potential for high fines for violators. While companies (justifiably) may be focused on the GDPR at the moment, it’s also important to keep an eye on new privacy laws on the horizon in order to avoid last-minute scrambles for compliance as effective dates near. Foremost among these new laws is the California Consumer Privacy Act of 2018. The Act was introduced and signed quickly in order to prevent voters from facing a similar ballot initiative in the November election. This post provides an overview of the new law, which will go into effect beginning January 1, 2020.