Category

Online Privacy

03 December 2019

European Data Protection Board Adopts Data Protection by Design and by Default Guidelines

On 13 November 2019, the European Data Protection Board (“EDPB”) adopted guidelines on the GDPR’s data protection by design and by default principle (“Guidelines”).  The Guidelines provide further guidance into the technical and organizational measures and safeguards that data controllers must take into account when designing their processing activities.  The EDPB encourages early consideration of data protection by design and by default principles (“DPbDD”) and considers DPbDD to be at the forefront of GDPR compliance.  Data controllers, processors and technology providers should consider re-assessing their processing operations and products against the standards put forward in the Guidelines.

(more…)

EmailShare
21 November 2019

The Sixth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Available

The sixth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)

EmailShare
12 November 2019

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

As submitted for the comment period on Initiatives – Active Measures for Initiative 19-0021 on November 8, 2019.

Dear Mr. Mactaggart,

As privacy practitioners, we share your passion and dedication to the development of information privacy and data protection law in the United States. We acknowledge your achievement in pushing for the enactment of the California Consumer Privacy Act (CCPA) and contributing to the ongoing national conversation to advance privacy rights. Your commitment to these issues is clear, and we commend the seriousness of your work in addressing privacy rights in accordance with your vision.

We write in the spirit of constructive development of privacy regulation, and offer the following comments in the hope of contributing to the goal we share with you: improving the quality and effectiveness of U.S. privacy and data protection law while ensuring the continued innovation and flexibility that so benefit our society. Although we often advise the regulated community on privacy and data protection matters, the views expressed here are our own.

At the outset, we note that there are important improvements in your proposed initiative relative to the enacted CCPA. Many of your new initiative’s provisions could serve to move privacy and data security law in a positive direction. In this vein, we note the following: (more…)

EmailShare
08 November 2019

Federal and State Authorities Increase Scrutiny and Enforcement of Children’s Privacy; Google, YouTube Agree to Pay a Record $170 Million Fine

This fall, scrutiny has increased on children’s privacy with the FTC and New York Attorney General’s announcement of the largest fine ever for violations of the Children’s Online Privacy Protection Act (“COPPA”), followed by FTC public workshops on updating the COPPA Rule.  Combined with increased requirements for the sale of teen personal information under the California Consumer Privacy Act (“CCPA”), and calls for triple fines for children’s privacy violations under a potential CCPA 2.0 referendum for 2020, children’s privacy has come to the forefront of privacy risks.

(more…)

EmailShare
04 November 2019

Website Cookie Consent: Is the Cookie Starting to Crumble?

Two important decisions have recently occurred relating to website operators’ use of cookies.  First, the Court of Justice of the European Union (the “CJEU” or the “Court”) has issued its judgment in Planet49, a case which looked at the standards of consent and transparency for the use of cookies and similar technologies in the context of the e-Privacy Directive and the GDPR and determined that opt-out consent, by way of a pre-ticked checkbox, was insufficient to obtain GDPR-standard consent for non-essential cookies.  Second, the Spanish data protection authority, AEPD, fined Vueling, a Spanish airline, €30,000 for forcing visitors to its website to accept the use of non-essential cookies on their device in order to continue viewing the website.

We set out below our summaries and key takeaways from both decisions which help to highlight the latest approach of both the courts and European data protection regulators in relation to cookie consent.

(more…)

EmailShare
31 October 2019

The Final Countdown: What You Need to Know About the CCPA and its Draft Regulations Before January 1

Companies doing business in California or with Californians must be ready to comply with the California Consumer Privacy Act (CCPA) by January 1, 2020 – less than three months away. However, as businesses were putting the finishing touches on their compliance efforts, the California legislature amended the law and the Attorney General proposed a round of very significant regulatory requirements. Now businesses find themselves making last-minute adjustments as the deadline approaches.

Please join us for a discussion that highlights the key takeaways from the recent CCPA amendments and proposed regulations, identifies the steps companies should be taking to meet these new obligations, and provides benchmarks for how companies are addressing key issues surrounding the CCPA.

(more…)

EmailShare
24 October 2019

CCPA In-Depth Series: Draft Attorney General Regulations on Verification, Children’s Privacy and Non-Discrimination

This post is the third in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations: Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination. Today we look at verification, children’s privacy and the non-discrimination provisions. Visit the CCPA Monitor for a collection of all our CCPA insights.

INTRO AND BACKGROUND. In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time. Facing a procedural deadline for a ballot initiative, the Legislature acted with dispatch, as it did not want to add to the State Constitution, with its super-majority amendment requirements, many of the provisions that ultimately found their way into the CCPA. This abbreviated legislative process produced a bill with numerous gaps and anomalies, however. Businesses, consumer advocates, and privacy watchers have thus been eagerly waiting for over a year for the Attorney General to propose the regulations the CCPA requires him to promulgate.

On October 10, 2019, this wait finally ended. As laid out below, the nature and breadth of the Attorney General’s proposed regulations explain why they took so long to produce. Put simply, the proposed regulations are significant and will have substantial implications on businesses’ ongoing efforts to comply with the CCPA with less than three months left to go before the effective date. Indeed, even if they do not resolve all of the Law’s many ambiguities, they do provide helpful implementation guidance – along with surprising new requirements, some of which may questionably extend beyond the CCPA itself.

(more…)

EmailShare
23 October 2019

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Requests

This post is the second in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations:  Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination.  Today we look at consumer requests.  Check back daily for the next installment, or visit the CCPA Monitor for a collection of all our CCPA insights.

Intro and Background.  In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time.  Facing a procedural deadline for a ballot initiative, the Legislature acted with dispatch, as it did not want to add to the State Constitution, with its super-majority amendment requirements, many of the provisions that ultimately found their way into the CCPA.  This abbreviated legislative process produced a bill with numerous gaps and anomalies, however.  Businesses, consumer advocates, and privacy watchers have thus been eagerly waiting for over a year for the Attorney General to propose the regulations the CCPA requires him to promulgate.

On October 10, 2019, this wait finally ended.  As laid out below, the nature and breadth of the Attorney General’s proposed regulations explain why they took so long to produce.  Put simply, the proposed regulations are significant and will have substantial implications on businesses’ ongoing efforts to comply with the CCPA with less than three months left to go before the effective date.  Indeed, even if they do not resolve all of the Law’s many ambiguities, they do provide helpful implementation guidance – along with surprising new requirements, some of which may questionably extend beyond the CCPA itself.

(more…)

EmailShare
22 October 2019

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

This post is the first in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations:  Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination.  Today we look at consumer notice.  Check back daily for the next installment, or visit the CCPA Monitor for a collection of all our CCPA insights.

Intro and Background.  In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time.  Facing a procedural deadline for a ballot initiative, the Legislature acted with dispatch, as it did not want to add to the State Constitution, with its super-majority amendment requirements, many of the provisions that ultimately found their way into the CCPA.  This abbreviated legislative process produced a bill with numerous gaps and anomalies, however.  Businesses, consumer advocates, and privacy watchers thus have been eagerly waiting for over a year for the Attorney General to propose the regulations the CCPA requires him to promulgate.

On October 10, 2019, this wait finally ended.  As laid out below, the nature and breadth of the Attorney General’s proposed regulations explain why they took so long to produce.  Put simply, the proposed regulations are significant and will have substantial implications on businesses’ ongoing efforts to comply with the CCPA with less than three months left to go before the effective date.  Indeed, even if they do not resolve all of the Law’s many ambiguities, they do provide helpful implementation guidance – along with surprising new requirements, some of which may questionably extend beyond the CCPA itself.

(more…)

EmailShare
15 October 2019

China Implements Regulation Increasing Protections for Children’s Personal Data

On 22 August 2019, the Cyberspace Administration of China (CAC) announced the implementation of the Online Protection of Children’s Personal Data Regulation (儿童个人信息网络保护规定), (“the Regulation”) which came into force on 1 October 2019. The Regulation comprises a list of rules which seek to ensure the safety of children’s personal data and promote a healthy upbringing for children.

This constitutes the latest step in China’s drive to sophisticate its data protection regime and adds to legislation under the framework of the Cybersecurity Law, implemented in 2017. It contains similarities to the Children’s Online Privacy Protection Act (COPPA) in the U.S. and the GDPR in the EU.

As there is no official English translation of the Regulation, this article summarises its key points.

(more…)

EmailShare
1 2 3 11
XSLT Plugin by BMI Calculator