Data Privacy

Subscribe to Data Privacy RSS Feed

A New Era of Automotive Data Compliance is Coming

A Brief Analysis of Several Provisions on the Security Management for Automotive Data (Trial Implementation) Connected vehicles capable of connecting to the internet and sharing data with external parties are experiencing exponential growth in China. Despite the apparent benefits of new technologies, they have also raised significant concerns over personal information protection, data protection and … Continue Reading

Narrowing the Scope of Data Breach Claims? – Warren v DSG Retail Ltd

Over the past few years, there has been an increasing number of claims against businesses and public bodies for distress caused by data breaches. The pattern is, by now, a familiar one. A claimant will make a claim for breach of data protection legislation, seeking damages at a relatively low value for the distress and … Continue Reading

NEW: China’s Personal Information Protection Law

After three rounds of revisions, on August 20, 2021, the National People’s Congress Standing Committee of the People’s Republic of China officially passed the Personal Information Protection Law (the “PIPL”). Fundamental Principle. The fundamental principles under the PIPL is that collection and processing PI should be limited only the minimum level as necessary to fulfill … Continue Reading

China Passes New Data Privacy and Security Laws

The People’s Republic of China (China), has been active lately in passing several new laws and regulations relating to data privacy and security. Here are 2 of the recent laws which tend to focus more on those handling data national security and/or public interest (ala Critical Information Infrastructure or Important Data).… Continue Reading

What is the Cookieless Future?

With this post, we are excited to announce the launch of our Cookieless Future Webinar Series. The Association of National Advertisers will host our first program on Thursday, July 29. Register here to attend free. The so-called “cookieless future” is a result of Google’s planned deprecation of third-party cookies on its Chrome browser, which it … Continue Reading

Informational Privacy as a Branding & Asset Management Opportunity

Informational privacy is a hot topic. Just recently new privacy laws in California and Virginia have brought Europe-inspired requirements on how companies process personal information to the US. Data is a valuable, but challenging asset. Organizations can only meaningfully protect, and effectively make the most of, their digital assets if they know what data they … Continue Reading

China Issues Draft Interim Measures on Personal Information Protection of Mobile Internet Applications

China continues to be a hotbed of activity in the areas of privacy and cybersecurity legislation.  For background on the draft Personal Information Protection Law (“PIPL”) and proposed modifications published in April 2021, please see: China’s Personal Information Protection Law: What It Means to Companies (Client Alert) China Releases Second Draft of the Personal Information … Continue Reading

New Standard Contractual Clauses for Transfer of Personal Data outside the EEA – Getting Warmer by the Day

We are one (penultimate) step closer to the final adoption of new Standard Contractual Clauses (“SCCs”) by the European Commission. The final version of a long overdue update to the 2004 (in case of controller-to-controller)/2010 (in case of controller-to-processor) model clauses which companies use to safeguard personal data transfers to controllers/processors outside the EEA under … Continue Reading

SPB Speaks at the Privacy + Security Forum Spring Academy 2021

Squire Patton Boggs is pleased to announce, Partners Alan Friel and Elliot Golding will both speak at this year’s Privacy + Security Forum Spring Academy. This virtual event will take place May 24-26, 2021. Alan Friel will join a panel sharing wins and losses on California Consumer Privacy Act (CCPA) preparedness, in retrospect, and apply … Continue Reading

Webinar: Got Data?: How the Health Data Rules are Changing

On June 1, Elliot Golding and other industry experts will co-present on the ABA Webinar: Got Data?: How the Health Data Rules are Changing. The program, organized by the American Bar Association (ABA) will address recent and upcoming developments impacting health data including, CMS and ONC final rules on information blocking and interoperability, HIPPA and … Continue Reading

Poland: Expected Enforcement Actions in 2020 and Beyond. Who Should Beware?

The reorganization of the Personal Data Protection Office (UODO), which took place in December 2019, warrants an assumption that 2020 will see increased activity from the supervisory authority. The UODO’s creation of three new departments indicates that the officers intend to specialize further to boost the efficiency of personal data protection inspections, in particular data … Continue Reading

Recommendations by the CNIL in the Context of COVID-19

On March 6, 2020, the CNIL published recommendations on the collection of personal data in the context of COVID-19. Health data is particularly protected within the framework of a series of regulations (notably GDPR, French Data Protection Act and French Public Health Code). Restrictions The CNIL insists that employers cannot take measures likely to impair … Continue Reading

California Attorney General Proposes Further Modifications to Proposed CCPA Regulations

On March 11, 2020, the California Attorney General (“AG”) published a second round of modifications to the proposed regulations under the California Consumer Privacy Act of 2018 (“CCPA”). The AG initially published the proposed regulations in October 2019 and then published modifications to such proposed regulations in February 2020. The deadline for submitting comments on … Continue Reading

Thought Leaders In Privacy: An interview with Rosa Barcelo

Partner Rosa Barcelo sat down with OneTrust DataGuidance for their “Thought Leaders In Privacy” segment, to discuss major data privacy issues that have been a focus over the past year, as well as provide insights for organisations looking to comply with recent guidance issued by the CNIL and ICO, key points regarding proposed ePrivacy Regulations … Continue Reading

Russia Increases Fines for Violation of its Data Localization Law

Russia’s Federal Law No. 242-FZ, On the Introduction of Amendments to Certain Legislative Acts of the Russian Federation with regard to the Clarification of the Procedure for the Processing of Personal Data in Data Telecommunications Networks, took effect on September 1, 2015 and requires that Russian citizens’ personal data gathered by operators, be stored by … Continue Reading

Territorial Scope of the GDPR Following EDPB’s Final Guidelines (Part 2)

Article 3(2) of the GDPR and the second criterion: Targeting criterion   Article 3 of the GDPR defines the territorial scope of the regulation using two main criteria with respect to businesses: “Establishment” (Article 3(1)) and “Targeting” (Article 3(2)).  Our first post in this series examined the “Establishment” criterion. In this post, we will move … Continue Reading

Territorial Scope of the GDPR Following EDPB’s Final Guidelines (Part 1)

The General Data Protection Regulation (EU) 2016/679, or GDPR, has a much wider territorial scope than organisations may expect. Some organisations that are not established in the EU may have to comply with the GDPR. Even for groups established in the EU, their operations outside of the EU may, in certain circumstances, fall under the … Continue Reading

ICO Consults on Draft Subject Access Request Guidance

The ICO has published draft guidance (the “guidance”) on data subject access requests (“DSARs”), which updates the previous code of practice, last issued in 2017. This guidance takes into account the relevant provisions of the GDPR and UK Data Protection Act 2018 (“DPA”). The ICO will be consulting on this draft guidance until 12 February … Continue Reading
LexBlog