Category

Legislation

21 November 2019

The Sixth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Available

The sixth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)

EmailShare
12 November 2019

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

As submitted for the comment period on Initiatives – Active Measures for Initiative 19-0021 on November 8, 2019.

Dear Mr. Mactaggart,

As privacy practitioners, we share your passion and dedication to the development of information privacy and data protection law in the United States. We acknowledge your achievement in pushing for the enactment of the California Consumer Privacy Act (CCPA) and contributing to the ongoing national conversation to advance privacy rights. Your commitment to these issues is clear, and we commend the seriousness of your work in addressing privacy rights in accordance with your vision.

We write in the spirit of constructive development of privacy regulation, and offer the following comments in the hope of contributing to the goal we share with you: improving the quality and effectiveness of U.S. privacy and data protection law while ensuring the continued innovation and flexibility that so benefit our society. Although we often advise the regulated community on privacy and data protection matters, the views expressed here are our own.

At the outset, we note that there are important improvements in your proposed initiative relative to the enacted CCPA. Many of your new initiative’s provisions could serve to move privacy and data security law in a positive direction. In this vein, we note the following: (more…)

EmailShare
29 October 2019

Observations from Albania: the 41st Annual International Conference of Data Protection and Privacy Commissioners (October 23-24, 2019)

UK ICO Commissioner Liz Denham, who serves as Conference Chair, welcomed attendees at the public session and provided a brief summary of what transpired at the Commissioners’ closed door sessions. She noted that “privacy” has gone “mainstream.” People around the world expect more information about how their data is used. She stressed the importance of future international collaboration and regulatory cooperation to develop shared strategies and tactics “to protect people from big companies.”

Commissioner Denham also highlighted the increased focus on the role of data protection as a relevant consideration in competition analysis by international regulators. She noted that the International Privacy Commissioners’ Conference, and the ongoing assembly of global regulators, resolved to be more transparent in the future with respect to the regulated community and other interested parties. Finally, she hinted that a new name for the group would be announced before the 2019 conference concludes.

(more…)

EmailShare
24 October 2019

CCPA In-Depth Series: Draft Attorney General Regulations on Verification, Children’s Privacy and Non-Discrimination

This post is the third in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations: Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination. Today we look at verification, children’s privacy and the non-discrimination provisions. Visit the CCPA Monitor for a collection of all our CCPA insights.

INTRO AND BACKGROUND. In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time. Facing a procedural deadline for a ballot initiative, the Legislature acted with dispatch, as it did not want to add to the State Constitution, with its super-majority amendment requirements, many of the provisions that ultimately found their way into the CCPA. This abbreviated legislative process produced a bill with numerous gaps and anomalies, however. Businesses, consumer advocates, and privacy watchers have thus been eagerly waiting for over a year for the Attorney General to propose the regulations the CCPA requires him to promulgate.

On October 10, 2019, this wait finally ended. As laid out below, the nature and breadth of the Attorney General’s proposed regulations explain why they took so long to produce. Put simply, the proposed regulations are significant and will have substantial implications on businesses’ ongoing efforts to comply with the CCPA with less than three months left to go before the effective date. Indeed, even if they do not resolve all of the Law’s many ambiguities, they do provide helpful implementation guidance – along with surprising new requirements, some of which may questionably extend beyond the CCPA itself.

(more…)

EmailShare
23 October 2019

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Requests

This post is the second in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations:  Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination.  Today we look at consumer requests.  Check back daily for the next installment, or visit the CCPA Monitor for a collection of all our CCPA insights.

Intro and Background.  In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time.  Facing a procedural deadline for a ballot initiative, the Legislature acted with dispatch, as it did not want to add to the State Constitution, with its super-majority amendment requirements, many of the provisions that ultimately found their way into the CCPA.  This abbreviated legislative process produced a bill with numerous gaps and anomalies, however.  Businesses, consumer advocates, and privacy watchers have thus been eagerly waiting for over a year for the Attorney General to propose the regulations the CCPA requires him to promulgate.

On October 10, 2019, this wait finally ended.  As laid out below, the nature and breadth of the Attorney General’s proposed regulations explain why they took so long to produce.  Put simply, the proposed regulations are significant and will have substantial implications on businesses’ ongoing efforts to comply with the CCPA with less than three months left to go before the effective date.  Indeed, even if they do not resolve all of the Law’s many ambiguities, they do provide helpful implementation guidance – along with surprising new requirements, some of which may questionably extend beyond the CCPA itself.

(more…)

EmailShare
22 October 2019

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

This post is the first in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations:  Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination.  Today we look at consumer notice.  Check back daily for the next installment, or visit the CCPA Monitor for a collection of all our CCPA insights.

Intro and Background.  In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time.  Facing a procedural deadline for a ballot initiative, the Legislature acted with dispatch, as it did not want to add to the State Constitution, with its super-majority amendment requirements, many of the provisions that ultimately found their way into the CCPA.  This abbreviated legislative process produced a bill with numerous gaps and anomalies, however.  Businesses, consumer advocates, and privacy watchers thus have been eagerly waiting for over a year for the Attorney General to propose the regulations the CCPA requires him to promulgate.

On October 10, 2019, this wait finally ended.  As laid out below, the nature and breadth of the Attorney General’s proposed regulations explain why they took so long to produce.  Put simply, the proposed regulations are significant and will have substantial implications on businesses’ ongoing efforts to comply with the CCPA with less than three months left to go before the effective date.  Indeed, even if they do not resolve all of the Law’s many ambiguities, they do provide helpful implementation guidance – along with surprising new requirements, some of which may questionably extend beyond the CCPA itself.

(more…)

EmailShare
10 October 2019

California Attorney General Releases Proposed CCPA Regulations

Earlier today, the California Attorney General ended months of anticipation by releasing the text of his proposed California Consumer Privacy Act (CCPA) regulations.  Comments on the proposed regulations are due by December 6, 2019, and the Attorney General’s office will hold public hearings on the regulations on December 2 (Sacramento), December 3 (Los Angeles), December 4 (San Francisco), and December 5 (Fresno).

(more…)

EmailShare
24 September 2019

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

*Jan Yves Remy is a former Sidley Austin Associate and now serves as the Deputy Director at Shridath Ramphal Centre for International Trade Law, Policy and Services at the University of the West Indies in Barbados.  As with all posts, this article is for your informational purposes only; Sidley Austin does not have offices in or practice law in Barbados.

Today, more than 120 countries have privacy and data protection laws or regulations in place. Many of the new or modernized laws tend to be based on comprehensive legislation, rather than sectoral rules, as data needs to move across industry groups and borders. With its new data protection bill, Barbados is planning to join the ranks; this is a significant move, and it is one fueled at least in part by the entry into force of the European Union’s General Data Protection Regulation (“GDPR”) on May 25, 2018. The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

(more…)

EmailShare
17 September 2019

Final California Consumer Privacy Act Amendments Bring Practical Changes (But Your Business May Now Be a California “Data Broker”)

After months of wrangling, the California legislature has finally passed a set of significant amendments to the California Consumer Privacy Act (CCPA), a sweeping data privacy and security law commonly referred to as “California’s GDPR” (Europe’s General Data Protection Regulation). Employee personal information and personal information obtained in business-to-business (B2B) interactions are now mostly out of scope. Personal information in credit reports and other data covered by the Fair Credit Reporting Act is also largely exempt. Only personal information that is “reasonably” capable of being associated with a consumer or household is subject to the act. And aggregate or deidentified information definitively does not qualify as CCPA personal information.

(more…)

EmailShare
12 September 2019

Where Does Privacy Go From Here: California, EU and Indian Data Privacy Laws and Global Compliance Programs

This article first appeared on Thomson Reuters Regulatory Intelligence.

The summer of 2018 may be regarded as a pivotal time in the history of data privacy laws. The European Union’s General Data Protection Regulation (GDPR) came into effect in May 2018, the California Consumer Privacy Act (CCPA) was signed into law in June 2018 (and comes into effect on January 1, 2020), and a draft of India’s Personal Data Protection Bill (India DP Bill) was released in July 2018 (and is now under review by India’s government).

These developments, and more generally, the recent proliferation of data privacy laws around the world (notably, in Australia, China, Brazil, Hong Kong, and Singapore) represent a compliance challenge for many multinational organizations.

Read More

EmailShare
1 2 3 12
XSLT Plugin by BMI Calculator