New Competition Regulations Aimed at Big Tech

Big DataOn June 11, 2021, the US House introduced five antitrust bills aimed at Big Tech. At the same time, across the Atlantic, a meeting in Cornwall, England, of the Group of Seven world leaders ended with a joint communique calling for cooperation on a number of digital matters.

Continue Reading

SPB speaks at Cyber Security & Data Privacy ConfEx

Squire Patton Boggs is pleased to announce senior associate, Kristin Bryan will host a presentation during the Cyber Security & Data Privacy ConfEx. This case study presentation, titled, “What Do the Next Four Years Hold for Cyber Security & Data Privacy in the USA Region?” will take place June 16, 2:20-3:00pm PDT. Topics will include, how organizations are seizing opportunities presented by their digitization journey, addressing unique cybersecurity and trust challenges in the U.S., maintaining control of your data, and building a competitive advantage, as well as understanding how your data is managed.

For more information about this conference or to register, please visit the Cyber Security & Data Privacy ConfEx website.


New Standard Contractual Clauses for the Transfer of Personal Data Outside the EEA – Adopted On the Eve of Publication

The much-awaited new Standard Contractual Clauses (“SCCs”) have been adopted by the European Commission on June 4, 2021 and should be published in the next few weeks.

The nPadlock and EU flagew SCCs will go into effect twenty (20) days following publication in the Official Journal of the European Union (“EU”) and the old SCCs will be repealed three months after that date (“Date of Repeal”).

Continue Reading

Informational Privacy as a Branding & Asset Management Opportunity

Informational privacy is a hot topic. Just recently new privacy laws in California and Virginia have brought Europe-inspired requirements on how companies process personal information to the US.

Data is a valuable, but challenging asset.

Organizations can only meaningfully protect, and effectively make the most of, their digital assets if they know what data they have, the usage limitations that apply to it and where it resides and who has access to it. Data management is a huge challenge for organizations in the modern hyper-connected tech-enabled world; yet challenges can be turned into opportunities by organizations willing and able to step-up to them.

Data management is not just about legal compliance.  In many ways, it comes down to branding. Continue Reading

China Issues Draft Interim Measures on Personal Information Protection of Mobile Internet Applications

China continues to be a hotbed of activity in the areas of privacy and cybersecurity legislation.  For background on the draft Personal Information Protection Law (“PIPL”) and proposed modifications published in April 2021, please see:

China’s Personal Information Protection Law: What It Means to Companies (Client Alert)

China Releases Second Draft of the Personal Information Protection Law: Comparison of Proposed Changes to First Draft (Security & Privacy // Bytes Blog)

China’s Personal Information Protection Law (Second Draft) – What to Expect (Consumer Privacy World Blog)

In a related development, on April 26, 2021, the Ministry of Industry and Information and Technology of People’s Republic of China (the “MIIT”) issued draft Interim Measures on Personal Information Protection of Mobile Internet Applications “Measures”), for public comments.

This draft Measures follow several rounds of enforcement actions relating to mobile applications (“apps”) in recent years, targeting the over-collection of users’ personal information (“PI”) by demanding access to camera, microphone, photos, contact lists, etc. Currently, these activities are covered by two app-related practical guidelines, and the proposed Measures are the first comprehensive rules on the topic. The draft Measures specify various requirements and obligations applicable to app developers, distribution platforms, third-party app service providers, mobile device manufacturers and network access service providers. Other important provisions may be summarized as follows: Continue Reading

China Releases Second Draft of the Personal Information Protection Law: Comparison of Proposed Changes to First Draft

On April 29, 2021, the National People’s Congress Standing Committee of the People’s Republic of China released a second draft of the Personal Information Protection Law (the “PIPL”) for public comment. In general, the second draft does not deviate much from the prior version released in October 2020. For further details on the original draft of the PIPL, please see our previous blog and client alert.

China’s Personal Information Protection Law: What It Means to Companies (Client Alert)

China’s Personal Information Protection Law (Second Draft) – What to Expect (Consumer Privacy World Blog)

We have summarized the highlights of the proposed changes contained in the second draft below: Continue Reading

New Standard Contractual Clauses for Transfer of Personal Data outside the EEA – Getting Warmer by the Day

Padlock and EU flagWe are one (penultimate) step closer to the final adoption of new Standard Contractual Clauses (“SCCs”) by the European Commission.

The final version of a long overdue update to the 2004 (in case of controller-to-controller)/2010 (in case of controller-to-processor) model clauses which companies use to safeguard personal data transfers to controllers/processors outside the EEA under Article 46.2(c) of the GDPR, has cleared one of its final hurdles.

Today, the Article 93 Committee, consisting of the representatives of EU governments, unanimously approved new draft SCCs proposed by the Commission. The Committee is named after Article 93 of the GDPR, referencing the examination procedure, which the draft SCCs of the European Commission (including the one on the new SCCs) had to go through on its way to final adoption. Continue Reading

SPB Speaks at the Privacy + Security Forum Spring Academy 2021

Squire Patton Boggs is pleased to announce, Partners Alan Friel and Elliot Golding will both speak at this year’s Privacy + Security Forum Spring Academy. This virtual event will take place May 24-26, 2021.

Alan Friel will join a panel sharing wins and losses on California Consumer Privacy Act (CCPA) preparedness, in retrospect, and apply those learnings to how to prepare for the California Public Records Act (CPRA), the Virginia Consumer Data Protection Act (CDPA), the cookieless digital ecosystem and whatever curve ball that is yet to present itself.  Joining Alan will be Linda Trickey, Assistant General Counsel, Privacy & Security, Cox Communications, and David Manek, Senior Managing Director, Ankura. Their session, titled “CCPA Workshop” is set for 10 AM EDT on Monday, May 24, 2021.

Elliot Golding will join a panel discussion of federal and state laws governing health information besides HIPAA. The panel will cover what laws practitioners need to know, and walk through hypothetical scenarios and provide practical tips and recommendations. Elliot will present alongside Trinity Car, Associate General Counsel and Privacy Officer at eHealth and Joanne Charles, Privacy & Regulatory Affairs Attorney at Microsoft. Their session, titled “Beyond HIPAA – Regulating Data in the Health Sector” is set for 2 PM EDT on Wednesday, May 26, 2021.

For more information or to register, visit the Privacy + Security Forum web site.

Robust Data Retention Programs Required By New Laws

A little noticed provision of new consumer privacy laws in California and Virginia, effective January 2023, is the need for detailed data retention schedules and defensible destruction programs. Partner Alan Friel and Counsel Kyle Fath joined data management professionals on a recent panel at the International Association of Privacy Processional’s annual summit to explain these new requirements and how to prepare for them.  You can watch the recording for free here: Trim Costs, Reduce Risks and Improve Compliance: Data Retention the Right Way

Keep reading for tips on how to develop and implement a data retention program by Kyle Fath and Exterro’s Rebecca Perry. Continue Reading

Webinar: Got Data?: How the Health Data Rules are Changing

On June 1, Elliot Golding and other industry experts will co-present on the ABA Webinar: Got Data?: How the Health Data Rules are Changing. The program, organized by the American Bar Association (ABA) will address recent and upcoming developments impacting health data including, CMS and ONC final rules on information blocking and interoperability, HIPPA and guidance related to COVID-19, OCR enforcement priorities and trends (including audit results), and the recent Notice of Proposed Rulemaking to amend the HIPAA regulations. Additionally, the webinar will cover recent and upcoming modifications to the 42 CFR Part 2 rules and the interplay between health data regulations and state privacy laws, such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and Virginia Consumer Data Protection Act (CDPA).

Additional information about the session and registration may be found here.