On July 7, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (CPA), making Colorado the most recent state to enact comprehensive privacy legislation. While the CPA does not take effect until July 1, 2023, it contains robust provisions that businesses will need some time to prepare for.
Tag Archives: data
On June 10, 2021, China adopted a new Data Security Law that will impact every business operating in or doing business with China. The law, which will take effect in less than a month (September 1, 2021), is sweeping in scope, imposes extensive data processing obligations, and establishes potentially severe penalties for violations. Although many of the details surrounding implementation remain unclear, given the law’s extensive requirements and severe penalties for noncompliance,… More
In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers.
The draft regulations share many of the same structures as those utilized by the Children’s Online Privacy Protection Act (“COPPA”) in the United States:
- online service operators will have to obtain parental consent based on a comprehensive disclosure about the collection,…
Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio. These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws. Cybersecurity has become increasingly important for business of all sizes. While identity thieves may focus on the target rich environments of large-scale enterprises,… More
In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict. As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to create new data protection laws to address the interaction of anti-doping testing and the laws regarding transfer of data among and between different countries. … More
On September 23, 2018, California Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the Golden State’s landmark Consumer Privacy Act (“CCPA”). California enacted the CCPA in June after legislators reached a last-minute compromise with a group of privacy activists who would have put a more stringent data protection measure on the November ballot. Given the hasty enactment of the law,… More
Our experience in advising clients about GDPR and assisting them in the compliance process is that there are often misconceptions about the so-called “right to be forgotten”. The purpose of this post is to address some of these misconceptions.
- The “right to be forgotten” was not created by the GDPR
The late rapper known as The Notorious B.I.G. recorded a song called, “Mo Money, Mo Problems.” Many of the lyrics can’t be repeated here, but the refrain can:
“It’s like the more money we come across
The more problems we see.”
After the European Court of Justice invalidated Safe Harbor on October 6, 2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of January 2016 to find alternative means to transfer data to the US and, if they failed to do so, EU Data Protection Authorities would pursue enforcement measures.… More
The GDRP sets out uniform new rules in the field of data protection across the EU, rules that will standardize the law in the 28 EU Member States and have an impact on both European and non-European companies. For example:
- data controllers (companies collecting and using personal information) will have a wide range of new obligations,…