Author

Lothar Determann

Browsing

Companies around the world have to comply with the Virginia Consumer Data Protection Act (VCDPA) with respect to personal data of consumers in Virginia. With the VCDPA, Virginia follows the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (CCPA) but excludes employee and business representative data from its scope. Businesses that have implemented measures to comply with the CCPA can leverage some of their existing vendor contract terms, website…

In less than two months, on January 1, 2023, the California Consumer Privacy Act (CCPA) as revised by the California Privacy Rights Act (CPRA) will take effect fully in the job applicant and employment context. And with respect to job applicants and personnel, businesses subject to the CCPA will be required to (i) issue further revised privacy notices, (ii) be ready to respond to data subject requests, (iii) have determined if they sell or share…

Businesses that have implemented measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage some of their existing vendor contract terms, website disclosures and data subject rights response processes to satisfy requirements under the Colorado Privacy Act (“CPA”). However, the CPA, and the recently published proposed CPA Rules, (located here), contain certain unique and prescriptive requirements that may warrant taking a…

In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”).  Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers.   First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…

Businesses that have implemented compliance measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage existing compliance mechanisms designed to comply with the CCPA to satisfy requirements under the Utah Consumer Privacy Act (“UCPA”), which will become operative on December 31, 2023. Most companies will not need to expand the scope of their CCPA-focused privacy notices to cover Utah residents exactly…

Businesses that have implemented compliance measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage existing vendor contract terms, website disclosures and data subject right processes to satisfy requirements under Nevada’s Revised Statutes Chapter 603A (www.leg.state.nv.us/Division/Legal/LawLibrary/NRS/NRS-603A.html). Most companies will not need to expand the scope of CCPA-focused privacy notices, because the Nevada laws are much more narrowly framed. But, companies may…

In brief The California Privacy Rights Act of 2020 (CPRA) amended the California Consumer Privacy Act of 2018 (CCPA) with most changes taking effect on 1 January 2023 with a twelve-month look-back. Limited exceptions concerning the personal data of employees and business contacts will expire. The new California Privacy Protection Agency (CPPA) has published draft regulations that will, once finalized, expand on the rules in the statute and existing regulations from the California Attorney General. The CPPA is…

Lothar Determann, Baker McKenzie Partner and UC Berkeley School of Law Professor, recently joined Helen Dixon, Data Protection Commissioner for Ireland, to present at the Berkeley Center for Law and Technology (BCLT) during Berkeley Law’s IP & Tech Month. Throughout the month, BCLT hosted a number of curated sessions to provide practitioners with the most relevant, up-to-date information from top experts in the field. Lothar and Helen provided a year-in-review of international privacy for US…

On March 24, the Utah Consumer Privacy Act (UCPA) was signed into law. It will take effect on December 31, 2023. UCPA generally has a narrower scope of application than the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the General Data Protection Regulation (GDPR). It has multiple threshold requirements for applicability, excludes Utah residents acting in an employment or commercial context from protection (like…

2022 is looking to be an unprecedented year for California companies’ privacy law obligations. The California Privacy Rights Act (CPRA) takes effect on January 1, 2023, with a twelve-month look-back that also applies to the personal data of employees and business contacts. The new California Privacy Protection Agency is preparing regulations that will sit on top of existing rules from the California Attorney General. Meanwhile, the California Legislature is enacting privacy laws even though it has not…