Data Privacy

Subscribe to Data Privacy RSS Feed

Recommendations by the CNIL in the Context of COVID-19

On March 6, 2020, the CNIL published recommendations on the collection of personal data in the context of COVID-19. Health data is particularly protected within the framework of a series of regulations (notably GDPR, French Data Protection Act and French Public Health Code). Restrictions The CNIL insists that employers cannot take measures likely to impair … Continue Reading

California Attorney General Proposes Further Modifications to Proposed CCPA Regulations

On March 11, 2020, the California Attorney General (“AG”) published a second round of modifications to the proposed regulations under the California Consumer Privacy Act of 2018 (“CCPA”). The AG initially published the proposed regulations in October 2019 and then published modifications to such proposed regulations in February 2020. The deadline for submitting comments on … Continue Reading

Thought Leaders In Privacy: An interview with Rosa Barcelo

Partner Rosa Barcelo sat down with OneTrust DataGuidance for their “Thought Leaders In Privacy” segment, to discuss major data privacy issues that have been a focus over the past year, as well as provide insights for organisations looking to comply with recent guidance issued by the CNIL and ICO, key points regarding proposed ePrivacy Regulations … Continue Reading

Russia Increases Fines for Violation of its Data Localization Law

Russia’s Federal Law No. 242-FZ, On the Introduction of Amendments to Certain Legislative Acts of the Russian Federation with regard to the Clarification of the Procedure for the Processing of Personal Data in Data Telecommunications Networks, took effect on September 1, 2015 and requires that Russian citizens’ personal data gathered by operators, be stored by … Continue Reading

Territorial Scope of the GDPR Following EDPB’s Final Guidelines (Part 2)

Article 3(2) of the GDPR and the second criterion: Targeting criterion   Article 3 of the GDPR defines the territorial scope of the regulation using two main criteria with respect to businesses: “Establishment” (Article 3(1)) and “Targeting” (Article 3(2)).  Our first post in this series examined the “Establishment” criterion. In this post, we will move … Continue Reading

Territorial Scope of the GDPR Following EDPB’s Final Guidelines (Part 1)

The General Data Protection Regulation (EU) 2016/679, or GDPR, has a much wider territorial scope than organisations may expect. Some organisations that are not established in the EU may have to comply with the GDPR. Even for groups established in the EU, their operations outside of the EU may, in certain circumstances, fall under the … Continue Reading

ICO Consults on Draft Subject Access Request Guidance

The ICO has published draft guidance (the “guidance”) on data subject access requests (“DSARs”), which updates the previous code of practice, last issued in 2017. This guidance takes into account the relevant provisions of the GDPR and UK Data Protection Act 2018 (“DPA”). The ICO will be consulting on this draft guidance until 12 February … Continue Reading

Webinar: The Final California Consumer Privacy Act – What Are Your Obligations?

The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020. The California legislature passed a number of amendments on September 13, 2019, that alter the law in important ways. These amendments are now being reviewed by the governor and will be finalized by October 13, 2019. Join our webinar just a few days later, … Continue Reading

Polish Data Protection Authority’s Position on Making Copies of Identity Documents by Banks

  On September 9, the Polish Data Protection Supervisory Authority (UODO) issued its response to the letter of the President of the Polish Bank Association, wherein it clearly stated that the provision of the banking law (i.e. article 112b of the act) does not entitle banks to make copies of personal ID cards of their … Continue Reading

Data Protection Update for Poland

Updated Black List of Processing Operations Requiring DPIA On July 8, 2019 the updated list of operations requiring a data protection impact assessment (DPIA) was published in the official gazette of the Republic of Poland. The “black list” was updated by the Polish data protection authority, after the European Data Protection Board (EDPB) raised its … Continue Reading

Join Us– Webinar: Understanding and Preparing for the California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will impose burdensome GDPR-like transparency and individual rights requirements on almost every company that handles “personal information” regarding California residents, regardless of where the business is based. The Act will impact information regarding not only consumers, but also employees and business contacts. Join us for … Continue Reading

Can Police Require Individuals to Unlock Their Smartphones?

Recently Chase Goldstein and Thomas Zeno contributed to our Anticorruption Blog. Their article reviews whether police can force individuals to unlock their smartphones. To unlock or not to unlock? Different rules apply depending on where you are located, as the states of Massachusetts and have seen conflicting rulings. There is also an international dimension, illustrated … Continue Reading

Data Privacy or Cybersecurity: Which is More Important?

To any good lawyer, the answer is ‘both’ are important.  However, most in-house counsel know the answer is which receives the limited available budget.  Compliance budgets usually follow the greatest risks for the company.  Therefore, in Europe, where the EU’s General Data Protection Regulation is the scariest new compliance issue, it stands to reason that … Continue Reading
LexBlog