*This article first appeared in Law360 on January 14, 2020.
After two years in the Brazilian Congress, the General Law of Data Protection was signed on Aug. 18, 2018, by then Brazilian President, Michel Temer, who also signed an executive order (Medida Provisória n. 869, from Dec. 27, 2018).
On January 3, 2020, the Division of Swap Dealer and Intermediary Oversight (DSIO) of the U.S. Commodity Futures Trading Commission (CFTC) issued two cyber threat alerts regarding the hacking of approximately one dozen cloud service providers, as described in a Wall Street Journal article published December 30, 2019, entitled “Ghosts in the Clouds: Inside China’s Major Corporate Hack.”
One DSIO cyber threat alert was directed to swap dealers (SDs) and futures commission merchants (FCMs). Another was directed to commodity pool operators (CPOs), commodity trading advisors (CTAs), introducing brokers (IBs) and retail foreign exchange dealers (RFEDs). The National Futures Association (NFA) then sent a blast email to all NFA members in these registration categories (on behalf of the CFTC), with the DSIO alerts attached, further emphasizing to NFA members the information requested by DSIO and the deadlines for providing such information.
On December 4, 2019, the Senate Commerce Committee addressed data privacy in a hearing titled, “Examining Legislative Proposals to Protect Consumer Data Privacy.” The hearing focused on the two leading privacy proposals that were put forward in the week leading up to the hearing, the Consumer Online Privacy Rights Act (COPRA), introduced by Sen. Maria Cantwell, D-Wash., ranking member on the Committee, and a Staff Discussion Draft of the United States Consumer Data Privacy Act of 2019 (CDPA), introduced by Sen. Roger Wicker, R-Miss., Chairman of the Committee. The competing proposals share many similarities, including their scope of covered data and entities, as well as their approaches to consumer transparency and access. However, as witness testimony during the hearing revealed, the proposals diverge on a few critical issues.
In the evening of December 17, 2019, Californians for Consumer Privacy, the consumer privacy rights organization led by Alastair Mactaggart that propelled California towards the U.S.’s first comprehensive privacy legislation, tweeted the Attorney General’s release of the title and summary for Initiative 19-0021. This Initiative would substantively amend and essentially replace the California Consumer Privacy Act (“CCPA”) with the proposed Consumer Privacy Rights Act of 2020—also known colloquially as CCPA 2.0. (more…)
On 13 November 2019, the European Data Protection Board (“EDPB”) adopted guidelines on the GDPR’s data protection by design and by default principle (“Guidelines”). The Guidelines provide further guidance into the technical and organizational measures and safeguards that data controllers must take into account when designing their processing activities. The EDPB encourages early consideration of data protection by design and by default principles (“DPbDD”) and considers DPbDD to be at the forefront of GDPR compliance. Data controllers, processors and technology providers should consider re-assessing their processing operations and products against the standards put forward in the Guidelines.
The sixth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)
As submitted for the comment period on Initiatives – Active Measures for Initiative 19-0021 on November 8, 2019.
Dear Mr. Mactaggart,
As privacy practitioners, we share your passion and dedication to the development of information privacy and data protection law in the United States. We acknowledge your achievement in pushing for the enactment of the California Consumer Privacy Act (CCPA) and contributing to the ongoing national conversation to advance privacy rights. Your commitment to these issues is clear, and we commend the seriousness of your work in addressing privacy rights in accordance with your vision.
We write in the spirit of constructive development of privacy regulation, and offer the following comments in the hope of contributing to the goal we share with you: improving the quality and effectiveness of U.S. privacy and data protection law while ensuring the continued innovation and flexibility that so benefit our society. Although we often advise the regulated community on privacy and data protection matters, the views expressed here are our own.
At the outset, we note that there are important improvements in your proposed initiative relative to the enacted CCPA. Many of your new initiative’s provisions could serve to move privacy and data security law in a positive direction. In this vein, we note the following: (more…)
This fall, scrutiny has increased on children’s privacy with the FTC and New York Attorney General’s announcement of the largest fine ever for violations of the Children’s Online Privacy Protection Act (“COPPA”), followed by FTC public workshops on updating the COPPA Rule. Combined with increased requirements for the sale of teen personal information under the California Consumer Privacy Act (“CCPA”), and calls for triple fines for children’s privacy violations under a potential CCPA 2.0 referendum for 2020, children’s privacy has come to the forefront of privacy risks.
We set out below our summaries and key takeaways from both decisions which help to highlight the latest approach of both the courts and European data protection regulators in relation to cookie consent.
Companies doing business in California or with Californians must be ready to comply with the California Consumer Privacy Act (CCPA) by January 1, 2020 – less than three months away. However, as businesses were putting the finishing touches on their compliance efforts, the California legislature amended the law and the Attorney General proposed a round of very significant regulatory requirements. Now businesses find themselves making last-minute adjustments as the deadline approaches.
Please join us for a discussion that highlights the key takeaways from the recent CCPA amendments and proposed regulations, identifies the steps companies should be taking to meet these new obligations, and provides benchmarks for how companies are addressing key issues surrounding the CCPA.