Category

Data Privacy & Security

Category

Companies around the world have to comply with the Virginia Consumer Data Protection Act (VCDPA) with respect to personal data of consumers in Virginia. With the VCDPA, Virginia follows the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (CCPA) but excludes employee and business representative data from its scope. Businesses that have implemented measures to comply with the CCPA can leverage some of their existing vendor contract terms, website…

Since October 11, 2022, employers who electronically monitor their employees with more than 25 employees in Ontario have been required to have a written electronic monitoring policy in place pursuant to Ontario’s Employment Standards act, 2000 (“ESA”), as amended by Ontario’s Bill 88, Working for Workers Act, 2022 (“Bill 88”). However, employers have largely been left to decide how best to introduce and structure these policies given the recency of the law. Some common questions…

This week, the California Privacy Protection Agency (“CPPA”) released modified proposed regulations (“Modified Regulations”) for compliance with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), and an explanation of the proposed changes, ahead of its upcoming Board Meetings. It is expected that the CPPA will discuss, and possibly adopt or modify further, the Modified Regulations during the CPPA Board Meetings which are scheduled for October 21-22 and October 28-29, 2022.…

Most important changes and translation Background and translation At its meeting on 31 August 2022, the Swiss Federal Council adopted the revised Data Protection Ordinance (nDPO), which contains the implementing provisions of the revised Data Protection Act (nDPA). A translated version of the nDPO in English can be found here. The federal council confirmed that the nDPA and the nDPO will enter into force as expected on 1 September 2023. Overall, the revised Swiss data…

On Tuesday, October 11, 2022, members of Baker McKenzie’s Global Data Privacy and Security Team, including Brian Hengesbaugh, Harry Valetk and Elizabeth Denham, presented at the Global Data Protection Program 2022 hosted by the Practising Law Institute. The program boasted an impressive line-up of data privacy experts from both government and industry to share practical insights. The half-day program was comprised of the following four segments: Introduction and Legislative Developments in Data Protection LawsNuts and Bolts of…

In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”).  Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers.   First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…

In brief The draft of the Indonesian Personal Data Protection Law (“PDP Law”) was approved to become law by the Indonesian Parliament (Dewan Perwakilan Rakyat Republik Indonesia) on 20 September 2022. With this approval, we are nearing the end of the process of an ambitious piece of legislation, which took several years to get approval. For several years, Indonesia has only relied on various diverse regulations that contain privacy provisions without one comprehensive umbrella law on…

Overview On September 23, 2022, the California Privacy Protection Agency (CPPA), in an open meeting, invited the public to listen in and provide comments on the agency’s current agenda. This five-hour meeting was facilitated by Chairperson Jennifer Urban. Based on the comments aired in the meeting, the public and other stakeholders (such as the business community) seemed interested in updates about the delayed California Privacy Rights Act (CPRA) regulations (originally expected in July 2022) and…

Este septiembre la autoridad de protección de datos de Berlín (Berliner Beauftragte für Datenschutz und Informationsfreiheit, BInBDI) ha anunciado una importante sanción a un grupo empresarial del sector e-commerce retail de 525.000€. Sin entrar en los detalles técnicos del caso sí que hay que remarcar que la principal recriminación jurídica que hace la autoridad a la empresa sancionada es que la persona designada como delegada de protección de datos (DPO) es simultáneamente director general de…