Florida may be next state to join the growing number of states with a consumer privacy law, as both chambers of Florida’s legislature are currently considering comprehensive state privacy legislation. Both HB 969 and SB 1734 resemble the California Consumer Privacy Act (“CCPA”), though they contain some notable differences. Florida Governor Ron DeSantis expressed support … Continue Reading
The five members of the California Privacy Protection Agency (“CPPA”) were announced today. The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).… Continue Reading
As the push for Congress to pass comprehensive consumer privacy legislation increases, Rep. Suzan DelBene (D-WA) has re-introduced the Information Transparency & Personal Data Control Act, a compromise proposal that contains provisions sought by both parties. This bill would create national data privacy standards and increase the enforcement authority of the Federal Trade Commission (FTC) … Continue Reading
On February 18, 2021, the District Court of Berlin overturned a €14.5 million fine that had been imposed on German real estate company Deutsche Wohnen SE. The Court held that the fine – which was issued by the Berlin Supervisory Authority (“SA”) and had been the second highest fine in Germany so far under the … Continue Reading
On March 2, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA), becoming the second U.S. state to enact a comprehensive privacy law (Nevada has enacted an online privacy law, albeit with a narrower scope). As we have previously explained, the VCDPA follows the framework established by the Washington Privacy … Continue Reading
On February 19, 2021, the European Commission published two draft decisions finding that UK law provides an adequate level of protection for personal data. The first would allow private companies in the EU to continue to transfer personal data to the UK without the need for any additional safeguards (e.g., the Commission’s standard contractual clauses), … Continue Reading
In January 2021, the French Supervisory Authority (“CNIL”) published a summary report of contributions it received in response to a public consultation and survey on the digital rights of minors launched in April 2020 (see the press release here and a summary report here, both in French). Stakeholders who responded to the consultation included companies, … Continue Reading
Several states have proposed new privacy bills since their sessions began. Some of the proposed bills carry over or re-introduce bills drafted in previous legislative sessions, while others are introducing first-in-time omnibus privacy bills. In the high-level chart below, we compare five of the key state privacy frameworks: the CPRA, VCDPA (which we blogged about here), the NYPA, the general privacy provisions of the Washington Privacy Act, and … Continue Reading
Until now, damages claims awarded by German courts pursuant to Article 82 of the General Data Protection Regulation (“GDPR”) – in particular, claims for non-material damages – have been relatively low. This restrained approach thus far has been predicated primarily on the position that German law requires a serious violation of personality rights to justify … Continue Reading
The EU’s ePrivacy Regulation, like the EU GDPR, has been highly anticipated since it was first proposed in 2017. What are the current developments and next steps in the process to enactment? What are some of the complicating factors of the proposed Regulation? Are there major differences between the initial proposal and where the text … Continue Reading
On February 3, 2021, the Conference of the Supervisory Authorities (“SAs”) of Germany (known as the Datenschutzkonferenz or “DSK”) published minutes from its meetings held in November 2020 (available here, in German). The minutes include discussions about how the German SAs plan to enforce the recent Schrems II ruling of the Court of Justice of … Continue Reading
On February 14, 2021, the Abu Dhabi Global Market (“ADGM”), one of two significant financial services free zones in the United Arab Emirates, enacted its new Data Protection Regulations 2021 (the “Regulations”). The Regulations will come into force and replace the current Data Protection Regulations 2015 following a transition period of 12 months for current … Continue Reading
On February 11, 2021, the European Commission launched a public consultation on its initiative to fight child sexual abuse online (the “Initiative”), which aims to impose obligations on online service providers to detect child sexual abuse online and to report it to public authorities. The consultation is part of the data collection activities announced in … Continue Reading
The Virginia Consumer Data Protection Act (HB 2307 / SB 1392), introduced in the House of Delegates on January 20, passed both houses of Virginia’s state legislature on February 5 with large bipartisan majorities. This comprehensive privacy bill, which would take effect on January 1, 2023, follows a similar framework as the current version of … Continue Reading
On January 18, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 01/2021 on Examples regarding Data Breach Notification (“Guidelines”) (available here). The Guidelines aim to assist data controllers in responding to and assessing the risk of personal data breaches, providing “practice-oriented, case-based guidance” which draws from the experiences of European supervisory authorities … Continue Reading
On this special tenth episode of our Inside Privacy Audiocast, we celebrate Data Privacy Day 2021. Join Dan Cooper and Kurt Wimmer as they discuss the key global data privacy developments in 2020 and trends to look out for in 2021. Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe … Continue Reading
On January 12, 2021, the German Ministry for the Economy and Energy released a new draft Law on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (“TTDSG” or “draft law”). If enacted, the draft law will replace the existing data protection and privacy provisions of Germany’s Telemedia Act and Telecommunications Act (“Telemedia … Continue Reading
On January 13, 2021, the Advocate General (“AG”), Michal Bobek, of the Court of Justice of the European Union (“CJEU”) issued his Opinion in Case C-645/19 Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA v. the Belgian Data Protection Authority (“Belgian DPA”). The AG determined that the one-stop shop mechanism under the EU’s General Data … Continue Reading
Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.” Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to … Continue Reading
On January 5, 2021, the Council of the European Union released a new, draft version of the ePrivacy Regulation, which is meant to replace the ePrivacy Directive. The European Commission approved a first draft of the ePrivacy Regulation in January 2017. The draft regulation has since then been under discussion in the Council. On January … Continue Reading
On December 15, 2020, the Irish Data Protection Commission (“DPC”) fined Twitter International Company (“TIC”) EUR 450,000 (USD 500,000) following a narrow investigation into TIC’s compliance with obligations to (a) notify a personal data breach within 72 hours under Article 33(1) GDPR; and (b) document the facts of the breach under Article 33(5) GDPR. The … Continue Reading
As the year comes to a close, a reminder that the California Consumer Privacy Act requires companies to update their privacy policies annually. Consequently, as you get ready to spread the holiday cheer, make sure your privacy policy gets some attention as well.… Continue Reading
In a new post of the Covington Digital Health blog, our colleagues discuss the proposed rule issued by the Office for Civil Rights of the U.S. Department of Health and Human Services to modify the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for … Continue Reading
Yesterday, the California Attorney General (“AG”) proposed a fourth set of modifications to the California Consumer Privacy Act regulations. These modifications build on the third set of proposed regulations released by the AG in October, which we discussed here. Interested parties have until December 28 to submit comments in response.… Continue Reading
