On Episode 19 of Covington’s Inside Privacy Audiocast, Dan Cooper and and Yan Luo discuss the key provisions of China’s draft SCCs, compare the draft legislation with the GDPR, and talk through actions that companies should be considering in order to comply with the new cross-border data requirements.

This audiocast episode is repurposed from a

After years of negotiations, members of the U.S. Senate and House of Representatives have released bipartisan comprehensive privacy legislation—the American Data Privacy and Protection Act.  Democrats and Republicans have put forward separate proposals in the past that have more in common than different.  The two main points of disagreement that have historically stalled a comprehensive

In advance of the June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) staff has posted draft rules implementing the California Privacy Rights Act (CPRA).  The draft regulations keep much of the pre-existing California Consumer Privacy Act (CCPA) regulations intact, but modify certain provisions and propose new regulations.  A copy of the proposed

In the Queen’s Speech on 10 May 2022, the UK Government set out its legislative programme for the months ahead. This includes: reforms to UK data protection laws (no details yet); confirmation that the government will strengthen cybersecurity obligations for connected products and make it easier for telecoms providers to improve the UK’s digital infrastructure; and new rules to enable the use of self-driving cars on public roads. In addition, the government confirmed its plans to move forward with the Online Safety Bill. As part of the government’s broader agenda to “level up” the UK and provide a post-Brexit economic dividend, many of the legislative initiatives referenced in the Queen’s Speech are presented as seeking to encourage greater use of data and technology to support innovation and enable growth.

We summarize below the key digital policy announcements in the Queen’s Speech and how they fit into wider developments in the UK’s regulatory landscape.

Continue Reading UK Privacy and Digital Policy & Legislative Roundup

Nine million texts are sent daily in Ireland, a huge increase on when the first text was sent in 1992.  All are subject to the data retention and access regime currently in place under the Communications (Retention of Data) Act 2011.  That regime has now been given the kiss of death by the Court of Justice of the European Union (“CJEU”) in its recent decision on a referral by the Irish Supreme Court dealing with the validity of electronic communications evidence collected under it.

The legislation, brought in to transpose EU Directive 2006/24, regulates the retention of data by electronic communications providers and access to that data by state authorities.

Continue Reading CJEU Strikes Down Metadata Collection in Irish Criminal Case

The Irish Data Protection Commission (“DPC”), having last month released its annual report (see our blog post here), has now also issued two additional reports detailing statistics on its handling of cross-border cases (see here) and a recently completed Resource Allocation Audit conducted by independent consultants (see here).  Each is important in its own right for the reputation and development of this regulator, the lead EU supervisory authority for many of the large technology companies.

Continue Reading Irish DPC Reports on Cross-Border Activity and Resources

A California federal district court recently granted partial dismissal of privacy claims brought by several Google users in Rodriguez v. Google, LLC, No. 20-cv-5688 (N.D. Cal.).  The Rodriguez plaintiffs claimed that Google engaged in unlawful wiretapping under section 631 of the California Invasion of Privacy Act (“CIPA”) by collecting data from third-party apps after users turned off certain data tracking in their Google privacy settings; they also claimed that Google breached a unilateral contract they had formed by selecting those privacy settings.  The court disagreed, and dismissed these two claims without leave to amend.
Continue Reading Court Grants Dismissal of Wiretapping and Contract Claims in Putative Privacy Class Action Involving Google Privacy Settings

In a new post on the Inside Class Actions blog, our colleagues discuss a recent Western District of New York report and recommendation concluding that any risk of identity theft or other injury was too “speculative” to show standing in the putative data breach class action Tassmer et al v. Professional Business Systems

Consumer Law Developments

Over the past 5 years, the EU has launched several legislative initiatives aimed at revamping EU consumers protection laws.  One such initiative was the “New Deal for Consumers” adopted by the European Commission on April 11, 2018.  The New Deal for Consumers amends existing EU consumer legislation in order to, on the