Archives: GDPR

Subscribe to GDPR RSS Feed

EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and … Continue Reading

Deeper Dive: GDPR a Game-Changer for Data Breach Notification

When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches. It also substantially raised the stakes: Entities found to have violated the GDPR’s data security and breach reporting obligations could face much steeper regulatory fines than those available … Continue Reading

EU Regulators Increase Focus on Cookie Practices

In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures. Recent cookies-related regulatory guidance, however, from the Dutch data protection authority, Autoriteit Persoonsgegevens (“Dutch DPA”), … Continue Reading

California Sets Forth Further Legislation Imposing New Obligations on Companies

Over the past few weeks, California Republican lawmakers have introduced a new package of legislation called “Your Data, Your Way,” which would expand and strengthen consumer privacy rights beyond what is required by the new California Consumer Privacy Act (CCPA). The “Your Data, Your Way” package is comprised of bills that would impose new obligations … Continue Reading

Washington State Proposes Sweeping Privacy Legislation

On Jan. 17, 2019, a new privacy law was proposed in the Washington state Senate. If passed, the Washington Privacy Act would impose far-reaching responsibilities on companies to protect the privacy of “personal data.” Lifting many provisions almost entirely from the text of the European Union’s General Data Protection Regulation (GDPR), the legislation would arguably … Continue Reading

Racing to Meet the 72-hour Deadline to Report a Personal Data Breach in the EU? A GDPR Resource Is Available

Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data breach to European Union (EU) supervisory authorities within 72 hours of becoming aware of the breach if it is likely to result in a … Continue Reading

Advocate General Opinion Supports Limiting the “Right to be Forgotten” to the EU

On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU.  The advocates general assist the judges of the Court of Justice of the European Union (CJEU), providing independent legal solutions to issues presented … Continue Reading

Brazil Enacts Measure Creating a Data Supervisory Authority; Delays Implementation of the LGPD

While the inauguration of a polarizing new president dominated the news of Brazil around the beginning of the new year, outgoing President Michel Temer, before leaving office, issued an executive order that has important ramifications for Brazil’s recently enacted General Data Protection Regulation (Lei Geral de Proteção de Dados or LGPD). Provisional Measure No. 869/2018 … Continue Reading

New FTC Provides Insights Into Its Plan for a Balanced Approach to Data Privacy and Security

This year brought unprecedented focus on consumer privacy – the rollout of the European Union General Data Protection Regulation (GDPR), the Cambridge Analytica controversy and Congressional hearings, a GDPR-light law coming out of California, more and bigger security incidents, and multiple proposals for an omnibus federal data protection law. The Federal Trade Commission (FTC or … Continue Reading

New Guidance on GDPR Data Processing Contracts Published by the UK ICO

The U.K. Information Commissioner’s Office (ICO) recently published guidance on contracts between controllers and processors. This new guidance provides a more in-depth and detailed discussion of the key issues than did a previously released primer published by the ICO, which set out key points along with helpful checklists. The new guidance discusses (1) when a … Continue Reading

Cookies and Consent Under the EU GDPR

According to a recent story published by The Register, the U.K. data privacy watchdog, the Information Commissioner’s Office (ICO) has issued a warning to the U.S.-based newspaper The Washington Post (WaPo) about obtaining consent under the EU General Data Protection Regulation (GDPR) and allowing its readers to switch off tracking and cookies. Article 6(1) of … Continue Reading

The Weekly Privacy Rewind

Class Actions Pennsylvania Supreme Court Declares Employers Have Affirmative Duty to Protect Employee Personal Information • According to a recent opinion by the Pennsylvania Supreme Court, “an employer has a legal duty to exercise reasonable care to safeguard its employees’ sensitive personal information stored by the employer on an internet-accessible computer system.” • The putative … Continue Reading

GDPR Spurring Legal Reforms in South America With New Legislation in Brazil

As organizations continue to grapple with the requirements of the EU General Data Protection Regulation (GDPR) even months after its effective date, one thing is clear: The impact of the regulation extends far beyond an organization’s European operations. The global effects of the GDPR are even more apparent when one surveys new and proposed data … Continue Reading

The Weekly Privacy Rewind

Canada Canadian Banks Notify 90,000 Following Breach • Bank of Montreal and Canadian Imperial Bank of Commerce announced that they were contacted by hackers and informed that nearly 90,000 customers’ personal information was accessed. • The banks will notify customers of the breach and indicate they believe they have fixed the vulnerabilities that led to … Continue Reading
LexBlog