With about half a year to go until the California Consumer Privacy Act (CCPA)’s effective date, and with significant amendments still percolating to define the scope and impact of the CCPA come 2020, other states continue to consider whether to adopt new and broader privacy laws of their own, with Nevada recently taking the distinction of being the first to follow the CCPA trend. While the scope and obligations of the Nevada law is significantly narrower than the CCPA and thus largely will align with current CCPA implementation projects, the new Nevada law does expand upon the CCPA in one particularly notable way—it moves the deadline to facilitate opt-outs of sales of personal information up to October 2019. (more…)
More and more entities are deploying machine learning and artificial intelligence to automate tasks previously performed by humans. Such efforts carry with them real benefits, such as the enhancement of operational efficiency and the reduction of costs, but they also raise a number of concerns regarding their potential impacts on human society, particularly as computer algorithms are increasingly used to determine important outcomes like individuals’ treatment within the criminal justice system.
This mixture of benefits and concerns is starting to attract the interest of regulators. Efforts in the European Union, Canada, and the United States have initiated an ongoing discussion around how to regulate “automated decision-making” and what principles should guide it. And while not all of these regulatory efforts will directly implicate private companies, they may nonetheless provide insight for companies seeking to build consumer trust in their artificial intelligence systems or better prepare themselves for the overall direction that regulation is taking.
We held our 5th Annual Privacy and Cybersecurity Roundtable on May 1, in Washington, D.C. The event featured the Chair of the European Data Protection Board Andrea Jelinek and FTC Commissioner Noah Phillips. Other government speakers represented the White House, UK’s Information Commissioner’s Office, and staff members from the U.S. Senate and House of Representatives. Other distinguished panelists included Cam Kerry of Brookings and Jane Horvath from Apple. The speakers addressed privacy and cybersecurity enforcement in the U.S. and EU, Brexit, Online Harms and the prospects for federal privacy legislation. The insightful program was followed by a competition between the sausage-making (and brewing) achievements of leading privacy jurisdictions such as Brussels, California, Washington, D.C. and China (representing a privacy continuum!). Sidley also commemorated “20 Years of CyberLaw at Sidley” – two decades since the founding of today’s Privacy and Cybersecurity practice. We look forward to continuing to thrive and serve our clients. We hope to see you at next year’s Privacy and Cybersecurity Roundtable.
As the legislative session drew to a close, what once seemed like an inevitability suddenly looked unlikely. The Washington Privacy Act, SB 5376/HB1854, failed to make its way through the legislative process. The Bill’s sponsor, Sen. Reuven Carlyle, called the game on April 17, tweeting that despite the “unprecedented 46-1 vote” in the Senate, “[u]nfortunately, House failed to pass privacy legislation this year. We’re committed to 2020.” Nevertheless, the State of Washington did pass notable privacy legislation, albeit on a more narrow topic.
The Malaysia Personal Data Protection Act applies to all companies operating in Malaysia, as well as persons not established in Malaysia, if they use equipment in Malaysia for the processing of personal data otherwise than for the purposes of transit through Malaysia. (more…)
The updated 2019 Chambers Global Practice Guide for Data Protection & Cybersecurity is available, covering important developments across the globe and bringing expert legal commentary for businesses particularly involved in the life sciences sector. Read More
Wednesday, March 27, 2019 | 4:00 p.m. EDT / 1:00 p.m. PDT
CLE & CPE Credit Offered
When the California Consumer Privacy Act enters into force on January 1, 2020, it will grant consumers extensive new data rights and place a number of new obligations on companies – obligations that in some ways even exceed those imposed by the European General Data Protection Regulation (GDPR). This means that just about every company doing business in California or with Californians will need to take steps to comply with the CCPA, regardless of their GDPR status. Please join us for a discussion that identifies the key questions and issues companies should be considering before the CCPA enters into force on January 1, 2020. We’ll talk through the steps companies should take now to meet these new obligations.
- Colleen Theresa Brown, Partner
- Christopher C. Fonzone, Partner
- Alan Charles Raul, Partner
- Kate Heinzelman, Counsel
- Sheri Porath Rockwell,Associate
Singapore may soon mandate data breach notifications and data portability via amendments to the Singapore Personal Data Protection Act, or PDPA. The PDPA applies to all organizations that collect, use and disclose data in Singapore, and the PDPA has extraterritorial effect as it applies to all organizations collecting, using or disclosing personal data from individuals in Singapore (whether or not the company has a physical presence in Singapore).
Even a few short years ago, it seemed unlikely that Congress would enact comprehensive privacy legislation. But a series of high profile data breaches; increasing concerns about data practices, particularly when connected to political micro-targeting; fears about the rise of autonomous, and potentially invisible, decision-making; and the passage of far-reaching foreign and now State privacy laws have all changed the zeitgeist. Congress has taken notice, and, for the past year, Data Matters has been closely following the Legislative Branch’s moves as it a federal privacy bill looks more likely than it has in a generation. (more…)
On February 26, 2019, the Technology Policy Institute’s Two Think Minimum podcast featured Sidley Partner and founder of the Privacy and Cybersecurity practice, Alan Raul, alongside former FTC Acting Chairman and Commissioner of the FTC Maureen Ohlhausen. The topic of the day was the future of privacy legislation in 2019. Topics ranged from politics, U.S. State trends, activity in Europe, FTC enforcement powers and more.