Finalized regulations under the amended California Consumer Privacy Act (“CCPA”) are one step closer to becoming a reality.
28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2023, Baker McKenzie’s Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…
Many digital advertising arrangements that companies commonly use may qualify as “selling” or “sharing for cross context behavioral advertising” personal information under the California Consumer Privacy Act (CCPA) in California and laws in a few other US states (Nevada, Virginia, Colorado, Connecticut, Utah). Businesses state in their online privacy disclosures whether they sold or shared personal information in the last 12 months and whether they will sell or share personal information. Businesses that “sell” or…
On December 13, the European Commission (“EC”) announced a draft decision on the adequacy of the U.S data protection regime to protect the personal data of European Union (“EU”) residents, the EU-U.S. Data Privacy Framework (“DPF”). The DPF, which was initially announced in March 2022 as a political agreement between the EU and the U.S., and then bolstered by President Biden’s Executive Order (“EO”) in October 2022, opens the door for an EU-U.S. data transfer…
Companies around the world have to comply with the Virginia Consumer Data Protection Act (VCDPA) with respect to personal data of consumers in Virginia. With the VCDPA, Virginia follows the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (CCPA) but excludes employee and business representative data from its scope. Businesses that have implemented measures to comply with the CCPA can leverage some of their existing vendor contract terms, website…
In less than two months, on January 1, 2023, the California Consumer Privacy Act (CCPA) as revised by the California Privacy Rights Act (CPRA) will take effect fully in the job applicant and employment context. And with respect to job applicants and personnel, businesses subject to the CCPA will be required to (i) issue further revised privacy notices, (ii) be ready to respond to data subject requests, (iii) have determined if they sell or share…
Businesses that have implemented measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage some of their existing vendor contract terms, website disclosures and data subject rights response processes to satisfy requirements under the Colorado Privacy Act (“CPA”). However, the CPA, and the recently published proposed CPA Rules, (located here), contain certain unique and prescriptive requirements that may warrant taking a…
In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”). Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers. First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…
Businesses that have implemented compliance measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage existing compliance mechanisms designed to comply with the CCPA to satisfy requirements under the Utah Consumer Privacy Act (“UCPA”), which will become operative on December 31, 2023. Most companies will not need to expand the scope of their CCPA-focused privacy notices to cover Utah residents exactly…
Businesses that have implemented compliance measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage existing vendor contract terms, website disclosures and data subject right processes to satisfy requirements under Nevada’s Revised Statutes Chapter 603A (www.leg.state.nv.us/Division/Legal/LawLibrary/NRS/NRS-603A.html). Most companies will not need to expand the scope of CCPA-focused privacy notices, because the Nevada laws are much more narrowly framed. But, companies may…