Privacy Compliance & Data Security

The Latest Developments in Global Data Privacy Law, and Data Breach Prevention and Response

Latest from Privacy Compliance & Data Security

No Time (For Cross Border Transfers) to Die?

September 24, 2021

A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They include: Exploring changes when authorizing and overseeing surveillance programs to better protect data privacy or otherwise address EU concerns; Strengthening the Privacy and Civil Liberties Oversight Board (PCLOB) by urging the Administration to fill the open positions and considering whether to amend the…

Privacy Compliance & Data Security

Already Recognized as “Adequate,” Uruguay Issues Updated Guidance on Cross Border Data Transfers

By Odia Kagan

September 21, 2021

The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements in the wake of SchremsII: All contracts need to include: purpose of processing applicable data protection law definitions content of the transfer (as accurately and completely as possible) onward transfers (and what are the conditions to enable them) transparency…

Privacy Compliance & Data Security

Where Does GDPR Stand and Where Is It Headed?

By Odia Kagan

September 17, 2021

Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium. Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés (CNIL), Spain’s Agencia Española de Protección de Datos (AEPD), Denmark’s Datatilsynet and other DPAs who have been hard at work enforcing and issuing fines. Is this enough enforcement? Not if you ask noyb.eu, which is taking the…

Privacy Compliance & Data Security

Office of the Privacy Commissioner for Bermuda Issues Data Breach Guide

By Odia Kagan

September 13, 2021

The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach. The office also referred to the Future of Privacy Forum research on potential harms. Read more here: …

Privacy Compliance & Data Security

Key Takeaways: The KVKK Fine Against WhatsApp

By Odia Kagan

September 9, 2021

Key practice takeaways from the Kişisel Verileri Koruma Kurumu (KVKK) Turkey EUR 195,000 fine against WhatsApp (which echoes the Data Protection Commission Ireland decision in many respects): Consent as a legal basis can only be used when it is obtained for a specific data processing. Agreement to terms, which include transfers to third parties and cross border transfers, cannot constitute valid consent. Including transfers, especially ones that are not reasonably expected by users, as part…

Privacy Compliance & Data Security

The (Internet) Cookies Continue to Crumble

By Odia Kagan

September 7, 2021

The UK’s Information Commissioner’s Office (ICO) is taking on cookie banners. The office will call on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups in favor of software and device privacy settings. “Joined by the Organisation for Economic Co-operation and Development (OECD) and the World Economic Forum (WEF), each G7 authority will present a specific technology or innovation issue they believe closer cooperation is needed,” reads an ICO news release…

Privacy Compliance & Data Security

Holiday Weekends Offer No Time Off From Cyber Threats

By Fox Rothschild LLP

September 3, 2021

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory aimed at reminding businesses to be on guard over the Labor Day and other holiday weekends against cyberattacks. History has shown threat actors often ramp up ransomware and other attacks over holidays when businesses let down their guard. Nate Williams of the firm’s Privacy & Data Security Practice and Data Breach Prevention & Response Team summarizes the guidance in …

Privacy Compliance & Data Security

Ireland’s Data Protection Commission Fined Whatsapp $267 Million: What You Need to Know

By Odia Kagan

September 2, 2021

Ireland’s Data Protection Commission has imposed a fine of €225 million (more than $267 million) on WhatsApp, a popular messaging app owned by Facebook. Here are some key takeaways for companies subject to GDPR: Drafting privacy notice disclosures When providing disclosures in your privacy notice, make them easy to understand. It is important to keep the relevant disclosures in one place. Don’t make users click through many documents to collate information that is sometimes repetitive.…

Privacy Compliance & Data Security

Illinois’ Protecting Household Privacy Act Was Signed Into Law. Now What?

By Odia Kagan

September 1, 2021

On August 27, 2021, Illinois Governor JB Pritzker signed the Protecting Household Privacy Act into law. It goes into effect Jan. 1, 2022. House Bill 2553 prohibits Illinois law enforcement agencies from obtaining household electronic data or direct the acquisition of household electronic data from a private third party. This includes any information or input provided by a person to any device primarily intended for use within a household that is capable of facilitating any…

Privacy Compliance & Data Security

UK Provides Helpful Documents Regarding DCMS’ International Transfers Initiative

By Odia Kagan

August 30, 2021

Here is one more note on the UK Department for Digital, Culture, Media and Sport’s (DCMS) new international transfers initiative: The documents contain a template and a detailed questionnaire for assessing the adequacy of the destination third country in connection with data protection. These are organized, thorough and very user-friendly documents that should even prove useful to us in conducting Schrems II TIAs. They also are easier to use than either the European Data Protection…

Privacy Compliance & Data Security

The Latest Developments in Global Data Privacy Law, and Data Breach Prevention and Response

Blog Authors

No Time (For Cross Border Transfers) to Die?

Already Recognized as “Adequate,” Uruguay Issues Updated Guidance on Cross Border Data Transfers

Where Does GDPR Stand and Where Is It Headed?

Office of the Privacy Commissioner for Bermuda Issues Data Breach Guide

Key Takeaways: The KVKK Fine Against WhatsApp

The (Internet) Cookies Continue to Crumble

Holiday Weekends Offer No Time Off From Cyber Threats

Ireland’s Data Protection Commission Fined Whatsapp $267 Million: What You Need to Know

Illinois’ Protecting Household Privacy Act Was Signed Into Law. Now What?

UK Provides Helpful Documents Regarding DCMS’ International Transfers Initiative

Stay Connected

Company

Products

Support

New to the Network