Category

Legislation

16 November 2020

Important Changes to the Singapore Data Privacy Regime

On November 2, 2020, Singapore’s legislature finally approved amendments to the Personal Data Protection Act (PDPA). The changes become law once a government gazette is passed (possibly before the end of 2020). If you operate in Singapore, handle Singapore data, or maintain a server in Singapore, it is crucial that you have protocols in place to guide employees on what to do when a data breach occurs and consider doing a data breach tabletop exercise. (We have organized a number of these drills for clients in preparation for breach notification requirements in Australia and now Singapore.) (more…)

EmailShare
04 November 2020

California Privacy Law Overhaul – Proposition 24 Passes

The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24.  The law, most of which does not go into effect until January 1, 2023, will substantially overhaul and amend the California Consumer Privacy Act (CCPA) which went into effect just this year, on January 1, 2020, with final regulations issued just a few months ago, on August 14, 2020.  And indeed, CCPA obligations continue to evolve, with proposed amendments to the regulations proposed by the Attorney General’s Office mid-October 2020.

(more…)

EmailShare
29 October 2020

CCPA Update: Comment Period Closes on Third Round of Proposed Modifications to CCPA Regulations; CCPA Litigation Gaining Steam; Consumer Groups and Major Newspapers Urge “No” Vote on California’s Privacy Initiative

New privacy developments continue to come from California, with a new proposed modifications to CCPA regulations, continuing CCPA litigation, and voting beginning on Proposition 24, an initiative to overhaul the CCPA.  We provide insight into each below.

Proposed Third Modified CCPA Regulations

In mid-October 2020, just a few months after the “finalization” of the regulations, the California Office of Attorney General proposed a handful of proposed modifications to regulations implementing the California Consumer Privacy Act.  The abbreviated comment period for the proposed modifications closed on October 28th, which means the Attorney General must now review the comments, draft a response, and either further modify the proposed regulations or submit them in their current form for approval by the California Office of Administrative Law (OAL).

(more…)

EmailShare
14 October 2020

California Amends Privacy Laws Again: CCPA Health Information Amendment and Employee/B2B Exemption Signed into Law; Vetoes for Genetic Privacy and Social Media Parental Consent Bills

California’s Governor Gavin Newsom recently signed into law two bills to amend the California Consumer Privacy Act (“CCPA”).  He also vetoed two other consumer privacy bills based on concerns about potential conflicts with existing state and federal law. Collectively, these four bills represented the most significant privacy legislation that came out of the California Legislature’s 2019-20 term, which came to a close on September 30th.

Only one of the two new CCPA amendments, AB713, includes substantive changes to the law.  It streamlines the CCPA’s health information exception and imposes new obligations on CCPA businesses and others that handle deidentified patient information.

The other CCPA amendment, AB1281, simply extends the CCPA’s employee and B2B exemptions to January 1, 2022 if voters fail to pass Proposition 24 (CPRA or CCPA 2.0) in November.  Those exemptions are currently set to expire on December 31st of this year.

Newsom also vetoed two consumer privacy bills despite expressing support for the goals of each.  SB980 would have expanded consumer rights with respect to genetic information collected by direct-to-consumer genetic testing companies.  Newsom’s veto was motivated by concerns that the law could have “unintended consequences” for the operation of the state’s communicable disease reporting requirements, including those applicable to COVID-19.  The other bill, AB1138, would have imposed additional parental consent requirements on social media network operators.  Newsom vetoed it to avoid potentially overlapping state and federal compliance obligations, citing parallels between the bill and federal regulations under the Children’s Online Privacy Protection Act (“COPPA”).

Here we outline the significant features of each of the new CCPA amendments.

(more…)

EmailShare
29 September 2020

An Early Recap of Privacy in 2020: A US Perspective

*This article was adapted from “Global Overview,” appearing in The Privacy, Data Protection and Cybersecurity Law Review (7th Ed. 2020)(Editor Alan Charles Raul), published by Law Business Research Ltd., and first published by the International Association of Privacy Professionals Privacy Perspectives series on September 28, 2020.

Privacy, like everything else in 2020, was dominated by the COVID-19 pandemic. Employers and governments have been required to consider privacy in adjusting workplace practices to account for who has a fever and other symptoms, who has traveled where, who has come into contact with whom, and what community members have tested positive or been exposed.

As a result of all this need for tracking and tracing, governments and citizens alike have recognized the inevitable trade-offs between exclusive focus on privacy versus exclusive focus on public health and safety.

(more…)

EmailShare
25 September 2020

The Swiss Parliament Agrees on the Draft Bill of a New Data Protection Act

After three years of discussions and in a final debate, the Swiss parliament has agreed on the final draft bill of a new and modernized data protection law.

In particular, the National Council and the Council of States found a compromise on the these outstanding issues: (more…)

EmailShare
22 September 2020

Swiss Parliament Fails to Reach Agreement on New Swiss Data Protection Act

In 2017, the Swiss government issued a draft bill for a new Swiss Data Protection Act (“nDPA”) with two main goals:  (1) to enhance the level of protection of personal data provided in the current Swiss Data Protection Act which dates back to 1992 (largely, to align with the EU GDPR); and (2) to ensure that there is an “adequate” level of data protection to allow for the continued flow of personal data from the EEA to Switzerland.

(more…)

EmailShare
06 August 2020

Key Takeaways from Sidley’s Privacy and Cybersecurity Monitor-Side Chat Featuring Adam Klein, Chairman of the PCLOB

Posting revised August 13, 2020

On July 2, 2020, Sidley partner Alan Raul, founder and co-head of Sidley’s Privacy and Cybersecurity practice, hosted Adam Klein, Chairman of the Privacy and Civil Liberties Oversight Board (“PCLOB” or “the Board”), for a Monitor-Side Chat.

The discussion focused largely on the Commission’s work since Mr. Klein became Chairman in October, 2018. Key topics of the chat included:

  • Mission, Operation and Access of PCLOB
  • Balancing Counter-Terrorism and Privacy
  • Comparison of U.S. and Foreign Checks and Balances
  • FISA Reform
  • Emerging Technologies

(more…)

EmailShare
22 July 2020

Brazilian Data Protection Law Update – Delayed Enforcement, Lack of Administrative Structure, and Market Unreadiness

(*As with all posts, this article is for informational purposes only; Sidley Austin LLP does not have offices in or practice law in Brazil; Felipe Saraiva is a former Sidley associate licensed to practice law in Brazil.)

The enactment of Law n. 13.709/2018 (the Brazilian Data Protection Law, or “LGPD”) in 2018 was followed by great enthusiasm from the general public in Brazil. Indeed, the comprehensive law has been viewed as a necessary measure for the country to join a select but growing group of nations in the systematic protection of individuals’ personal data.

Originally, the LGPD provided for a 12-month grace period for its enforcement; however, this term was subsequently extended to 24 months, as legislators understood the initial time frame wouldn’t give companies enough time to adapt. As previously analyzed in an article by these authors published on January 20, 2020, the LGPD’s provisions require a great deal of compliance effort from all organizations that are subject to the law.

In view of the current crisis caused by the spread of COVID-19, the compliance difficulties companies are facing, and the fact that the actual creation of the National Agency of Data Protection (“ANPD”) called for in the law is still pending, Brazilian legislators are further extending the LGPD’s grace period; these legislators now indicate that enforcement of the law’s general provisions are extended to May 3, 2021, while its legal sanctions would become enforceable as of August 1, 2021.

(more…)

EmailShare
30 June 2020

Key Takeaways From Sidley’s Privacy and Cybersecurity Monitor-Side Chat Featuring Bruno Gencarelli, Head of International Data Flows and Protection at the European Commission

On June 25, 2020, Sidley partner, Alan Raul, founder and co-head of Sidley’s privacy and cybersecurity practice, hosted Bruno Gencarelli, head of International Data Flows and Protection at the European Commission, for a Monitor-Side Chat.

The discussion focused largely on the Commission’s report on two years of the GDPR which was issued on 24 June 2020. Key themes of the report include:

  • EU data protection authorities (“DPAs”) should increase their efforts towards the adoption of a harmonised approach to responding to cross-border investigations;
  • a call for greater resources to be given to DPAs by EU Member States to ensure the GDPR is sufficiently enforced;
  • a need for greater consistency among EU Member States on interpretations of the GDPR in national laws in order to avoid unnecessary burdens on companies; and
  • greater utilisation of the data portability right under the GDPR to ensure individuals have greater involvement in the digital economy by enabling them to switch between different service providers and make use of other innovative services.

(more…)

EmailShare
1 2 3 14
XSLT Plugin by BMI Calculator