Author

Brian Hengesbaugh

Browsing

Colorado has joined the growing list of US states passing new comprehensive privacy laws by enacting the Colorado Privacy Act (the “CPA”). Governor Jared Polis signed the CPA into law on July 7, 2021, making it the third comprehensive state privacy law enacted in the US. With other states also considering proposals on comprehensive privacy legislation, CPA is another signal that companies must be prepared for more (not less) privacy regulatory risks. Like the California…

In this Connect on Tech episode, Brian Hengesbaugh is joined by Ben Slinn to discuss the increased focus on and heightened protection around children’s data in the UK. Ben, a leading privacy attorney in our London office, reviews the new UK Age Appropriate Designs Code, intended to address key areas affecting data of children under the age of 18 with respect to online services. The Code, which companies are required to comply with from September 2, 2021, includes 15…

Brian Hengesbaugh and Julia Wilson, a leading employment and privacy partner in our London office, join for this episode of Connect on Tech to discuss privacy in the work place and key issues employers are facing.  In this podcast, Brian and Julia take a deep dive into four key areas employers must carefully navigate in the data and privacy realm – i) the processing of testing and vaccination data, ii) employee monitoring in various guises from clever…

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the Official Journal. The new SCCs are a mechanism companies can use to address the restriction under Article 44 in the EU General Data Protection Regulation on the cross-border transfer of personal data to third countries. Given the timing requirements in the commission’s decision, the U.S. and other service providers located in…

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

Brian Hengesbaugh is joined by Michaela Nebel to discuss the enforcement of Schrems II, the decision of the Court of Justice of the European Union from last July 2020 where they invalidated the EU-US Privacy Shield with a focus on US government surveillance activities. This podcast looks squarely into enforcement activities in the aftermath of Schrems IIin Germany, and provides insight into the “coordinated audits of international data transfers” announced by various German data protection…

The Securities and Exchange Commission fined a real estate services company for inadequate disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed hundreds of thousands of sensitive customer records. Background In 2019, a cybersecurity journalist discovered and notified the real estate services company about a vulnerability with its document and images sharing app that exposed over 800 million images dating back to 2003, including documents that contained sensitive personal information such as…