Tag: GDPR

February 28, 2024

This month the EDPB shed light on the question of lead supervisory authorities. The issue arose in response to a question late last month from the French supervisory authority. Some background. As most international organizations are aware, GDPR provides for […]

December 22, 2023

The General Data Protection Regulation (GDPR) has brought significant changes to how companies handle personal data—and cookies are easily one of the largest sources of personal information for businesses. Find out all about the essentials of the GDPR and cookies, […]

October 10, 2023

The UK government has published the Data Protection (Adequacy) (United States of America) Regulations 2023 (SI 2023/1028) (the UK-US Data Bridge Regulations) which adopted an adequacy decision for the US (the UK-US Data Bridge) and will come into force on […]

September 28, 2023

In this day and age, data privacy is a hot topic. Many Americans believe their personal data is less secure now than ever and that data collection poses more risks than benefits.[1] For this reason, among others, businesses must consider […]

September 7, 2023

Under the European GDPR, if the personal information that an organization is going to use as part of training an AI has been collected directly from individuals, then those individuals should be provided with a copy of the organization’s privacy […]

July 24, 2023

The European Commission published a very significant adequacy decision last week, which is expected to facilitate transfers of personal information from Europe to the United States. The decision came as part of the Commission’s official recognition of a revised arrangement […]

June 27, 2023

Of the many worries on privacy compliance teams’ lists as we face the onslaught of state “general” privacy laws are the impacts they have on vendor contracts. Fortunately for those who have already had to deal with contracts with vendors […]

May 26, 2023

International data protection law has taken a lead from the lessons learned in Europe since the introduction of GDPR. What influence have they had in APAC? It has been five years since the enactment of the European Union’s General Data […]

September 22, 2022

After Europe blazed the trail by passing the sweeping General Data Protection Regulation (“GDPR”) in 2016, California followed closely in the footsteps of European efforts by passing the most comprehensive data privacy law in the United States, the California Consumer […]

June 8, 2022

On Friday, June 3, 2022, the Senate and House released a draft of the American Data Privacy and Protection Act, (ADPPA), a watershed privacy bill that would introduce a federal standard. Currently, a hodgepodge of industry-specific and state laws make […]

June 6, 2022

The emergence of data protection laws has given greater meaning to how customers and businesses view consent in the context of collecting personal data from consumers. In recent years, regulations such as the General Data Protection Regulation (GDPR) and California […]

April 28, 2022

Ransomware attacks are when a type of malware attempts to unlawfully encrypt files on a host computer system rendering them inaccessible and unusable (ICO). Victims of ransomware attacks are asked to pay, often in cryptocurrency, to have the data returned […]

April 21, 2022

This time last year, the European Union took a decisive first step in the direction of regulating lawful, safe and trustworthy artificial intelligence technologies by publishing the so-called AI Act—officially known as the “Proposal for a Regulation laying down harmonized […]

April 21, 2022

Automated and algorithmic decision-making tools have become run-of-the-mill in everything from loan and apartment applications to employment searches and university acceptances. Such tools provide increased efficiency, accuracy, and customer satisfaction for, among many others, banks and financial institutions. These innovations […]

February 8, 2022

Consent plays a role in almost all modern privacy statutes. In some privacy statutes, like the GDPR, it can function as one of many lawful purposes to process data. In other privacy statutes, like the VCDPA and the CPA, it […]

February 3, 2022

In late December, the Austrian Data Protection Authority (“DPA”) ruled that a local Austrian website’s use of Google Analytics—specifically, the sharing of personal data with the U.S.-based provider—violated the privacy protections set forth in the General Data Protection Regulation (“GDPR”) […]

January 24, 2022

The Austrian data protection authority (the “Austrian DPA”) recently published a decision in a case brought against an Austrian website provider and Google by the non-governmental organization co-founded by privacy activist Max Schrems, None of Your Business (“NOYB”). The Austrian […]

January 21, 2022

When an employee leaves, it is often a first step for the business that his personal access to their professional mailbox is cancelled as soon as possible (often even during the exit meeting). But most often that mailbox will remain […]

April 7, 2021

Virginia has joined California as the second state to enact a comprehensive data privacy law. On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. The VCDPA does not go into effect […]

February 16, 2021

Any day now, Virginia will likely become the second state, behind California, to adopt a GDPR-inspired comprehensive data protection law for Virginia residents. What are the main points covered by Virginia’s Consumer Data Protection Act (“CDPA”)? Like Europe’s GDPR and […]