The deadline is quickly approaching for businesses to post their consumer request metrics under the California Consumer Privacy Act (CCPA) Regulations.
Continue Reading CCPA Consumer Request Metrics Reporting Due July 1, 2021
Privacy Policies
2021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington
Several states have proposed new privacy bills since their sessions began. Some of the proposed bills carry over or re-introduce bills drafted in previous legislative sessions, while others are introducing first–in-time omnibus privacy bills. In the high-level chart below, we compare five of the key state privacy frameworks: the CPRA, VCDPA (which we blogged about here), the NYPA, the general privacy provisions of the Washington Privacy Act, and the newly introduced Washington People’s Privacy Act (HB 1433).
Continue Reading 2021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington
The Gift of an Updated Privacy Policy
As the year comes to a close, a reminder that the California Consumer Privacy Act requires companies to update their privacy policies annually. Consequently, as you get ready to spread the holiday cheer, make sure your privacy policy gets some attention as well.
Continue Reading The Gift of an Updated Privacy Policy
Belgian Supervisory Authority’s GDPR Track Record So Far
On May 25, 2020, the second anniversary of the GDPR, the Belgian Supervisory Authority (“SA”) released an overview of its first full year of activity (available in French here, and in Dutch here). To be clear, this was not a delay in reporting, but rather shows that the Belgian legislature was late in creating its oversight and enforcement authority for data protection.
According to the activity overview, the SA has received over 900 security breach notifications and around 350 complaints. It has performed over 100 inspections and imposed 59 sanctions, 9 of which resulted in fines for a total of €189,000. In fact, the SA has imposed the bulk of these fine amounts only in the last two months.Continue Reading Belgian Supervisory Authority’s GDPR Track Record So Far
House Energy and Commerce Committee Circulates Draft Privacy Bill Expanding FTC Authority
On December 18, 2019, staffers on the House Energy and Commerce Committee circulated a draft of a bipartisan privacy bill. The draft is currently unnamed and unfinished, but it lays out a comprehensive framework that expands both individuals’ rights to their data and the FTC’s enforcement role over digital privacy. Rep. Cathy McMorris-Rodgers (R-Wash.) and Rep. Jan Schakowsky (D-Ill.) have been particularly involved in working on the bill.
“We welcome input from all interested stakeholders and look forward to working with them going forward,” an Energy and Commerce spokesperson told The Hill. “This draft seeks to protect consumers while also giving data collectors clear rules of the road. It reflects many months of hard work and close collaboration between Democratic and Republican Committee staff.”
The draft bill echoes many of the provisions in the Consumer Online Privacy Rights Act (COPRA) introduced last month by Democratic senators. However, unlike COPRA, the bill is silent on two notable issues: whether individuals have a private right of action to assert violations and whether the bill would preempt state laws.
Continue Reading House Energy and Commerce Committee Circulates Draft Privacy Bill Expanding FTC Authority
New Calculation Model for Data Protection Fines in Germany
On October 16, 2019, the body of German Supervisory Authorities known as the Datenschutzkonferenz (“DSK”) released a document proposing a model for calculating fines under the GDPR. The DSK indicated that this model is subject to change and will be superseded by any method put forward in guidance issued by…
Continue Reading New Calculation Model for Data Protection Fines in Germany
ICO Updates Guidance on Cookies and Similar Technologies
Back in 2013, we published a blog post entitled, “European Regulators and the Eternal Cookie Debate” about what constitutes “consent” for purposes of complying with the EU’s cookie rules. The debate continues… Yesterday, the ICO published new guidance on the use of cookies and a related “myth-busting” blog…
Continue Reading ICO Updates Guidance on Cookies and Similar Technologies
German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services
On April 5, 2019, the association of German Supervisory Authorities for data protection (‘Datenschutzkonferenz’ or ‘DSK’) published a guideline regarding the applicability of the German Telemedia Act (‘TMG’) to telemedia services – including, for example, the use of website cookies for targeted advertising post-GDPR.
Continue Reading German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services
Polish Supervisory Authority issues GDPR fine for data scraping without informing individuals
On March 26, 2019, the Polish Supervisory Authority (“SA”) issued a fine of around €220,000 against a company that processed contact data obtained from publicly available sources without informing the individuals concerned (decision in Polish here and English summary here). Article 14 of the GDPR requires data controllers, who…
Continue Reading Polish Supervisory Authority issues GDPR fine for data scraping without informing individuals
EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR
On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU). The case centers on the use of consent for the processing of personal data and consent for the use of cookies.
Planet49 GmbH offered…
Continue Reading EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR