Privacy & Data Security

December 10, 2019

In less than one month, the California Consumer Privacy Act of 2018 (CCPA) will go into effect and begin a new era of data breach litigation. While the California Attorney General is charged with generally enforcing the state’s landmark privacy law, consumers’ ability to rely on a violation of the CCPA as a basis for violations of other state law statutes will be a concern. For background, Section 1798.150(a)(1) of the CCPA gives consumers a…

Data Privacy Monitor

BakerHostetler Comments on Draft CCPA Regulations

By Kyle R. Fath & Taylor A. Bloom

December 9, 2019

The California attorney general (the AG) has concluded the first round of public comments on the proposed regulations that would serve to interpret and implement California’s sweeping new privacy law, the California Consumer Privacy Act (the CCPA). After just under two months since the release of the proposed regulations (the Regs) by the AG and a series of four public hearings across the state in the past week, the final deadline to submit written comments…

Steptoe Cyberblog

Episode 292: Debating FISA 215 after Pensacola

By Stewart Baker

December 9, 2019

The apparent terror attack at Naval Air Station Pensacola spurs a debate among our panelists about whether the FISA Section 215 metadata program deserves to be killed, as Congress has increasingly signaled it intends to do. If the Pensacola attack involved multiple parties acting across US borders, still a live possibility as we talked, then it would be just about the first such attacks since 9/11 – and exactly the kind of attack the…

Global Regulatory Enforcement Law Blog

France’s discriminatory Digital Services Tax prompts hefty tariff proposal from the USTR

By Michael J. Lowell, Manasi Venkatesh & Sarah Wronsky

December 9, 2019

On December 2, 2019, the Office of the U.S. Trade Representative (USTR) issued a Section 301 Investigation Report on France’s Digital Services Tax (DST), concluding that France’s DST discriminates against U.S. companies, is inconsistent with prevailing principles of tax policy, and is unusually burdensome for affected U.S. companies. In response, the USTR proposed up to 100 percent tariff on French products. Members of our International Trade Team explain these developments in our recent client alert…

Privacy & Data Security Insight

Business Considerations: California Consumer Privacy Act

By Scot Ganow

December 9, 2019

As we have written in blog posts over the past year, the California Consumer Privacy Act (CCPA) is the most comprehensive state privacy law to date. While there are a number of conditions and exemptions in play, the law goes into effect on Jan. 1, 2020, and will be enforced starting in July 2020. In anticipation of the law’s effective date and requirements, we have provided a checklist to help you assess the applicability of the…

Privacy & Information Security Law Blog

FTC Issues Final Order in Cambridge Analytica Case

By Hunton Andrews Kurth LLP

December 9, 2019

On December 6, 2019, the Federal Trade Commission announced its Final Order and Opinion in the matter of Cambridge Analytica, LLC, finding that Cambridge Analytica violated the FTC Act’s Section 5 prohibition against “unfair or deceptive acts or practices” when harvesting personal information through its “GSRApp” Facebook application.…

Privacy Compliance & Data Security

Next Up: Software Alliance Provides Its Comments on CCPA Regs

By Odia Kagan

December 9, 2019

The Software Alliance filed comments to the California Attorney General on draft regulations to implement the California Consumer Privacy Act (CCPA) intended to avoid upsetting the business-service provider relationship set out in the statute. Proposed revisions: A service provider may use personal information received from a business or consumer to serve another entity when a business or consumer directs it to do so. A service provider may combine information received from one or more businesses,…

Privacy Compliance & Data Security

Reminder: California’s IoT Law Also Takes Affect in January

By Odia Kagan

December 9, 2019

California’s Internet of Things (IoT) law, which goes into effect on January 1, will regulate organizations that manufacture (or contract with another company to manufacture) certain types of connected devices that are sold or offered for sale in California. The law will require IoT device manufacturers to equip each connected device “with a reasonable security feature or features” that are: Appropriate to the nature and function of the device Appropriate to the information the device…

Privacy Compliance & Data Security

Consumer Privacy Advocate Provides Comments on the IAB CCPA Privacy Framework

By Odia Kagan

December 9, 2019

A “sale” by any other name? “We consider, and think the average consumer would consider, that when information is exchanged across devices and platforms, such that an ad follows the consumer from desktop to phone and from site to site, this constitutes a sale of their personal information from one business to another.” Californians for Consumer Privacy has provided this and other comments on the IAB CCPA framework. Click here for the full statement.…

Workplace Privacy, Data Management & Security Report

Maryland Again Amends its Data Breach Notification Law

By Joseph J. Lazzarotti & Maya Atrakchi

December 9, 2019

In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. In 2017 Maryland amended its Personal Information Protection Act (PIPA) with expansion of the definition of personal information, modification of the definition of “breach of the security of the system”, establishing a 45-day timeframe for notification and expansion of the class of information subject to Maryland’s data destruction laws. Now, Maryland has again…