Data Privacy

Yesterday, the California Attorney General (“AG”) proposed a fourth set of modifications to the California Consumer Privacy Act regulations. These modifications build on the third set of proposed regulations released by the AG in October, which we discussed here. Interested parties have until December 28 to submit comments in response.
Continue Reading California Attorney General Releases Fourth Set of Proposed Modifications to California Consumer Privacy Act Regulations

On 11 November 2020, the European Data Protection Board (“EDPB”) issued two draft recommendations relating to the rules on how organizations may lawfully transfer personal data from the EU to countries outside the EU (“third countries”).  These draft recommendations, which are non-final and open for public consultation until 30 November 2020, follow the EU Court of Justice (“CJEU”) decision in Case C-311/18 (“Schrems II”).  (For a more in-depth summary of the CJEU decision, please see our blog post here and our audiocast here. The EDPB also published on 24 July 2020 FAQs on the Schrems II decision here).

The two recommendations adopted by the EDPB are:


Continue Reading EDPB adopts recommendations on international data transfers following Schrems II decision

Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect.  As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing of personal information for cross-context behavioral advertising and the use of “sensitive” personal information, as well as creating a new correction right.  It also establishes a new agency to enforce California privacy law.  The key provisions of the bill will not go into effect until January 1, 2023, providing much-needed time to clarify the details and for businesses to adjust their CCPA compliance approaches to account for the additional requirements.

Continue Reading Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act

On our fourth episode of our Inside Privacy Audiocast, we are aiming our looking glass at the California Privacy Rights Act, and are joined by guest speaker Jacob Snow, Technology and Civil Liberties Attorney with the American Civil Liberties Union of Northern California.

In September 2019, Alastair Mactaggart, Board Chair and Founder of Californians for

The California legislature has approved a contingency plan to ensure that certain California Consumer Privacy Act (“CCPA”) exemptions will be extended beyond December 2020.  Regardless of what happens with the November ballot initiative, businesses will have at least another year before they must comply with all of the CCPA’s provisions when collecting or using certain

Two developments in the past week will likely have a significant impact on businesses subject to the California Consumer Privacy Act (“CCPA”): the long-awaited CCPA regulations have been finalized and put into immediate effect with modifications, while at the same time it seems increasingly likely that the exemptions for employees’ and business-to-business contacts’ data will be extended beyond January 2021.
Continue Reading Final CCPA Regulations Take Effect With Modification; Extension of Employee and Business-to-Business Exemptions Advances

 On May 4th, 2020, Californians for Consumer Privacy confirmed that they had submitted hundreds of thousands more signatures than required to qualify for a ballot initiative. It is still yet unknown whether the Attorney General will qualify the ballot for the November 2020 election, let alone whether it would pass. If the initiative passes, it will be noteworthy for a number of reasons.
Continue Reading CCPA 2.0 And Where We Go From Here

In the latest development in the CCPA saga, the California Attorney General has further modified the draft regulations implementing the California Consumer Privacy Act (“CCPA”). His office’s website posted clean and redlined versions of the new regulations (the “March draft regulations”). Below, please find a summary of some of the most notable changes:
Continue Reading California AG Releases Draft CCPA Regulations: Round 3

The California Attorney General has released both clean and redlined versions of proposed modifications to the draft implementing regulations for the California Consumer Privacy Act (“CCPA”). Below is a high-level overview of some key changes:

  1. Service Providers. The modified draft restricts a service provider from processing the personal information it receives from a business except