Despite intensive lobbying from industry groups, multiple amendments before its effective date, and extensive proposed regulations from the California attorney general, the California Consumer Privacy Act (CCPA) went into effect earlier this month with still many questions left unanswered: What compromises will be made regarding employee and business-to-business data? Will there be further insight into loyalty programs? Does the use of third-party cookies constitute a sale? What is the extent of the health care and …

With the Artificial Intelligence Video Interview Act (effective January 1, 2020), or “AI Video Act,” Illinois has passed a groundbreaking new law regulating the use of artificial intelligence (“AI”) in video recruitment practices. Background Employers increasingly seek tech-enabled tools to facilitate the hiring, evaluation, retention and development of their workforces. However, as the implementation of new technology grows, old problems, like bias and disparate impact, may surface in new ways. While the White House has …

On 13 November 2019, the European Data Protection Board (EDPB) adopted the guidelines on Data Protection by Design and Default (DPbDD) for public consultation (link here) until 16 January 2020, providing an in-depth analysis of the components that make up DPbDD under GDPR article 25. We highlight below some of the key definitions. Background DPbDD refers to the effective implementation of data protection principles and data subjects’ rights and freedoms by Design and…

Background On October 23, 2019, the European Commission (EC) released its report on a third annual review of the EU-U.S. Privacy Shield. While the report confirms that the U.S. continues to provide an adequate level of protection for personal data transfers in the context of the Privacy Shield, there are some gaps between the expectations of the EC and U.S. authorities, particularly in relation to the lack of transparency concerning U.S. enforcement activities and a…

This week the EU’s independent data protection authority (DPA), the European Data Protection Supervisor (EDPS), published a preliminary opinion on data protection and scientific research subject to the General Data Protection Regulation 679/2016 (GDPR) and Regulation 1725/2018 governing data protection in EU institutions (Preliminary Opinion). Regulation 1725/2018 is very similar to the GDPR’s provisions in this area, and the EDPS states that the Preliminary Opinion may be regarded as relevant to data processing under both…

As we look toward a new year and a new decade, advertisers will need to be a step ahead of the market, in order to keep up with changing trends, a world impacted by an increased sensitivity to privacy and the use of data, and consumers who have grown savvy to influencer marketing and product placement. This article published on Law360 by Jason Gordon and Casey Perrino notes some of the cutting-edge trends to watch…

2019 signalled significant growth in both regulatory focus and litigation involving biometric privacy. The passage of the California Consumer Privacy Act (CCPA), the addition of biometrics to numerous state data breach notification laws (including New York), and continued class action lawsuits emanating from Illinois’ Biometric Information Privacy Act (BIPA) made biometrics a trend line in 2019 that shows no signs of slowing down in 2020. State legislatures will continue to take note of BIPA’s…