David Kessler (US)

Firm/Organization: Norton Rose Fulbright

Blogs: Data Protection Report, Financial services: Regulation tomorrow

Latest Articles

Mic Drop: California AG releases long-awaited CCPA Rulemaking

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US), Anna Rudawski (US) & Max Kellogg (US) on October 11, 2019

On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with groundbreaking new rights on the use…

Data Protection Report

First Data Access Agreement under the CLOUD Act signed by UK and US

By David Kessler (US) & Susan Ross (US) on October 10, 2019

Financial services: Regulation tomorrow

First Data Access Agreement under the CLOUD Act signed by UK and US

By Susan Ross (US), David Kessler (US), Andrew Reeves (UK) & Lorenza Cocco (UK) on October 10, 2019

On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement) under the US Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) and the UK Crime (Overseas Production Orders) Act 2019. The Agreement seeks to facilitate faster and more direct access by each country’s agencies in criminal matters to electronic information held by companies in the other jurisdiction (and in particular data held by technology companies on…

Data Protection Report

New York’s Breach Law Amendments and New Security Requirements

By David Kessler (US) & Susan Ross (US) on October 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. S.B. 5575). Anyone with personal information about a New York resident is potentially affected by these far-reaching amendments. Breach Law Changes Readers may recall that New York’s security breach notification law (N.Y. Gen. Bus. Law…

Data Protection Report

CCPA: “Wait and see” is not the right approach

By Chris Cwalina (US), David Kessler (US), Steve Roosa (US), Jeewon Kim Serrato (US) & Susan Ross (US) on August 29, 2019

We are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable. Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links below). Others point to the California Attorney General regulations that will be released in draft form in the next few…

Data Protection Report

US CLOUD Act and International Privacy

By Marcus Evans (UK), David Kessler (US), Jim Lennon (AU) & Susan Ross (US) on August 1, 2019

The U.S. Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is apparently the Goldilocks of the privacy world, according to recent statements issued by two international jurisdictions. The CLOUD Act’s requirements are “too hard” for Australian law, according to the Law Council of Australia, but the privacy protections are “too soft” for the European Data Protection Board and European Data Protection Supervisor. The current lack of any executive agreements between the U.S. and another…

Data Protection Report

Back At The Negotiating Table: CCPA Amendments Debate Continues

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US) & Anna Rudawski (US) on July 16, 2019

In a 12-hour marathon hearing, the California Senate Judiciary Committee on July 9, 2019, debated, struck down, scaled back and put back on the negotiating table key amendments to the California Consumer Privacy Act (“CCPA”). Read below to find out what happened to the much-anticipated “employee exception” bill, “customer loyalty program” bill, and the bill to remove the toll-free number requirement.…

Data Protection Report

CCPA: “Attorney General Amendment” Likely Dead

By David Kessler (US), Spencer Persson (US), Steve Roosa (US), Jeewon Kim Serrato (US) & Susan Ross (US) on May 17, 2019

This is the Data Protection Report’s ninth blog post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. On May 16, 2019, the California Senate Appropriations Committee held a hearing that included S.B. 561, the “Attorney General amendment” to the California Consumer Privacy Act (“CCPA”). The bill is being held in committee and under submission, which means the…

Data Protection Report

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

By David Kessler (US), Christoph Ritzer (DE), Sven Jacobs (DE), Anna Rudawski (US) & Max Kellogg (US) on February 19, 2019

On January 23, 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the Clinical Trials Regulation (“CTR”) and the General Data Protection Regulation (“GDPR”). See our previous blog posts on the GDPR here and here. The opinion also addresses GDPR requirements regarding (1) the legal basis for processing personal data in the course of a clinical trial protocol (primary use) and (2) the further use of clinical trial data…

Data Protection Report

Companies’ right to privacy

By David Kessler (US) & Susan Ross (US) on February 13, 2019

On January 3, 2019, the federal trial court in Manhattan issued a preliminary injunction, temporarily halting a new local law aimed at required disclosures by home-sharing platforms, such as Airbnb and HomeAway, to the city. The court granted the preliminary injunction on the basis that the city’s broad requirement that the services turn over detailed customer information on a monthly basis likely violated the Fourth Amendment to the U.S. Constitution—infringing the privacy rights of the…

David Kessler (US)

Mic Drop: California AG releases long-awaited CCPA Rulemaking

First Data Access Agreement under the CLOUD Act signed by UK and US

First Data Access Agreement under the CLOUD Act signed by UK and US

New York’s Breach Law Amendments and New Security Requirements

CCPA: “Wait and see” is not the right approach

US CLOUD Act and International Privacy

Back At The Negotiating Table: CCPA Amendments Debate Continues

CCPA: “Attorney General Amendment” Likely Dead

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

Companies’ right to privacy

Company

Support

New to the Network