On January 25, 2019, the European Commission published a statement to mark Data Protection Day (January 28, 2019) which, this year, comes eight months after the entry into force of the General Data Protection Regulation (“GDPR”) on May 25, 2018.
The statement indicates that the European Commission considers the GDPR to have had a positive effect, in particular because European citizens are now more conscious of the importance of data protection and of their rights. The European Commission also notes that the Data Protection Authorities (“DPAs”) are enforcing the new rules and better coordinating their actions in the European Data Protection Board. (more…)
*This article first appeared in the Hill.com on November 19, 2018
With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy. The new privacy zeitgeist follows years of data breaches as well as new concerns about invisible data collection, political micro-targeting and manipulation, the proliferation of internet-connected devices, and a potential lack of transparency in the decisions that machines increasingly make about us.
The fifth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. (more…)
* This article originally appeared in Law360 on September 27, 2018.
The expert committee set up by the Government of India recently published a new draft data privacy draft bill called the Personal Data Protection Draft bill 2018 along with a detailed companion report. This significant development brings India closer to a comprehensive law for personal data protection. The draft bill is modelled on the European Union’s General Data Protection Regulation (GDPR). If enacted into law, the draft bill would impose significant obligations on organizations, whether operating inside or outside India, including mandatory localization of personal data. The Government of India has invited comments to the draft bill by 30 September 2018. (more…)
On June 29, the day after California Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law, Data Matters provided a summary of the important new legislation. In doing so, we noted that the law was scheduled to go into effect on January 1, 2020 and that, if and when it did, it would be the “broadest privacy law in the United States” and “may well have an outsize influence on privacy laws nationwide.” Because of this, we further predicted that “[t]he coming months will no doubt stimulate considerable legislative and litigation activity to test the acceptability of [the CCPA’s] effects on interstate commerce, free speech, commercial innovation, reasonable regulatory burdens and meaningful privacy protection.” (more…)
*Originally Published July 12, 2018 by Chambers and Partners Data Protection & Cyber Security 2018
There is a lot going on with privacy around the world. As discussed in the chapters of this book, significant new laws are being adopted or taking effect, important judicial decisions are being decided to interpret existing legal requirements, and citizens are contending with their own expectations about confounding new technologies and business models. It is not clear, however, that the public policy being developed in any country is a thoughtful reaction to the promises and perils of today’s digital economy, rather than a knee-jerk over-reaction to imagined harms and a handful of high-profile incidents. (more…)
On June 25, the United States Court of Appeals for the First Circuit in Cullinane v. Uber Technologies, Inc., __ F.3d __, 2018 WL 3099388 (1st Cir. 2018), evaluated the enforceability of arbitration provisions in online contracts. The First Circuit found Uber’s arbitration provision, which contained a class action waiver, unenforceable because Uber did not make its terms of service sufficiently conspicuous. Cullinane highlights the importance of obtaining customers’ affirmative consent to an online contract and reaffirms that conspicuousness of the arbitration agreement and the form of assent that retailers require from consumers remain paramount.
On June 28, 2018, California Gov. Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose. (more…)
*UPDATE: The ballot initiative has been replaced by a new California law, AB 375. Please see California Enacts Broad Privacy Protections Modeled on GDPR for more information.
On June 25, 2018, California Secretary of State Alex Padilla announced that a potentially significant privacy initiative is eligible for the Nov. 6 general election ballot. If passed, the ballot initiative — the California Consumer Privacy Act (CCPA) — would immediately make sweeping changes to California’s privacy laws. This initiative would likely create a de facto national standard on transparency around third-party sharing as well as consumer rights to restrict data sharing and could affect many business models that depend on data monetization to offer a free good or service. Many see the law as having echoes of the new European General Data Protection Regulation (GDPR) that went into effect on May 25. If voters pass the initiative, it would go into effect shortly after the election — providing little time to develop an extensive internal regulatory program, yet providing immediate exposure to penalties for failures to have those extensive compliance processes in operation. (more…)