Big California Privacy News: Legislative and Enforcement Updates
Privacy never sleeps in California. In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country. For businesses operating in California or whose websites, products or services reach California residents, these changes mean new compliance obligations, some of which could require significant investments of time and resources. The impact of these changes highlight once again how the United States lacks a consistent national policy on privacy that could be set by a comprehensive federal privacy law. (more…)
Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law
Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law. Kentucky Governor Andy Beshear signed House Bill 474 into law, and Maryland Governor Larry Hogan signed SB 207. (more…)
Connecticut Makes Five: The Constitution State Enacts Broad Data Privacy Law Effective July 2023
Connecticut has passed a new state data privacy law slated to go into effect on July 1, 2023. The law largely tracks other new state data privacy laws recently passed in Virginia and Colorado, but also includes several provisions that could impact compliance plans, including a new obligation to provide a mechanism for consumers to revoke their consent to the processing of their data. (more…)
UK Consults on Algorithmic Processing
Algorithms touch upon multiple aspects of digital life, and their use potentially falls within several separate – though converging – regulatory systems. More than ever, a ‘joined up’ approach is required to assess them, and the UK’s main regulators are working together to try to formulate a coherent policy, setting an interesting example that could be a template for global approaches to digital regulation. (more…)
Data Regulation Ramps Up in Europe: DMA, DSA, and the UK Online Safety Bill
Location
WEBINAR
REGISTER HERE
11:00 a.m. ET | 4:00 p.m. BST | 5:00 p.m. CET
Date
Wednesday, June 8, 2022
Since the EU announced its Digital and Data Strategy in February 2020, the European Commission has released several legislative proposals to regulate digital platforms and services, including with respect to access and the use of data. Included within the proposals are the Digital Markets Act (DMA) and the Digital Services Act (DSA).
The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech
As regulators around the world fiercely debate new ways to oversee competition in the digital sector, the EU is on the brink of formally approving a landmark new law. The Digital Markets Act (DMA) will impose a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and give the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance.
Once it comes into force, the DMA is set to revolutionize the way in which so-called Big Tech is regulated in the EU, shifting toward ex-ante rulemaking and away from traditional after-the-fact enforcement. Given the far-reaching nature of the DMA obligations, their effects will likely be felt globally.
There is a lot to digest, so below is our breakdown of the top 10 key points you should know about the EU’s new rules. (more…)
CISA: “We don’t stab the wounded.”
Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), repeatedly emphasizes CISA’s cooperative approach with the U.S. private sector. During her interview with Sidley’s Alan Raul on April 13, 2022, Easterly emphasized that CISA’s role was not to “name, blame, shame, or stab the wounded” victims of cybersecurity incidents. Instead, she described the Agency as a coequal partner with the private sector in securing U.S. infrastructure. CISA desires to partner with other agencies as well, operating as the “front door” to federal agency support and cyber security resources, she stated. During the Raul interview, she also provided insight into the Agency’s perspective on the newly enacted Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). (more…)
EU Data Governance Act – Edging Closer to a European Single Market for Data
On 6 April 2022, the European Parliament formally approved the Data Governance Act (“DGA”), which establishes a legal framework to promote the availability of data and increase trust in data sharing across sectors in the EU. Some of the key objectives of the new legislation include enabling the re-use of certain categories of protected public sector data and making it easier and safer for citizens and businesses to share their data with relevant stakeholders. (more…)
Utah Joins the Comprehensive Privacy Law Club
Utah has become the fourth state, following California, Virginia and Colorado, to enact a comprehensive consumer data privacy law. The Utah Consumer Privacy Act (“UCPA”), formerly known as Senate Bill 227, passed the Utah Senate and House with no opposition, and was signed by Governor Cox on March 24, 2022.
The UCPA shares many similarities with Virginia’s Consumer Data Protection Act (“VCDPA”) and the Colorado Privacy Act (“CPA”), and some similarities with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”). That said, the UCPA is somewhat narrower and more business friendly than other state privacy law analogs. The UCPA will go into effect on December 31, 2023. (more…)
Understanding China’s Data Regulatory Regime: What Are Important Data? And Can They Be Transferred Outside Of China?
The concept of “important data” is a cornerstone of China’s data regulatory regime. The Cyber Security Law (2017) (the CSL) prohibits operators of critical information infrastructures (CIIs) from transferring their “important data” and personal information outside of China. The Data Security Law (2021) (the DSL) and some recent draft regulations indicate that the prohibition on exports of “important data” is likely to apply to all companies, whether CII operators or not.
Then, what are “important data”? (more…)
