Data Privacy & Security Archives

In California Privacy Law

United States: California strengthens privacy protections for specific data types concerning citizenship and reproductive healthcare

October 17, 2023 by Lothar Determann, Helena Engfeldt, Justine Phillips and Garrett Stallins 7 Mins Read

In brief On October 8, 2023, California Governor Gavin Newsom signed two bills into law amending the California Consumer Privacy Act (CCPA). AB 947 classifies citizenship and immigration status as “sensitive personal information” subject to special protections under the CCPA, while AB 1194 strengthens reproductive privacy rights. Both bills carried the unanimous endorsement of the California Privacy Protection Agency. Details for each bill are described below followed by actionable guidance businesses can take to prepare…

In California Privacy Law

The Data Market in California faces another blow as data brokers will be subject to additional obligations under the streamlined deletion mechanism for California consumers

October 16, 2023 by Cynthia Cole, Lothar Determann, Helena Engfeldt, Mariana Oliver, Manisha Reddy, Michelle Shin and Jonathan Tam 3 Mins Read

If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act On October 10, 2023, California Governor, Gavin Newsom, signed Senate Bill 362, referred to as the Delete Act, into law. The Delete Act amends existing data broker laws to subject all data brokers to new registration and disclosure requirements…

In Data Privacy

China Proposes Ease of Cross-Border Transfer Rules as November 30 Deadline Looms

October 9, 2023 by Rachel Ehlers, Brian Hengesbaugh and Zhenyu "Jay" Ruan 5 Mins Read

In Brief On September 29, 2023, China’s primary data protection regulator, the Cyberspace Administration of China (“CAC”), proposed new rules for cross-border data transfers from China (the “Draft Rules”). If implemented as written, the Draft Rules, which are currently subject to public comment through mid-October, will significantly roll back requirements for many US and multinational organizations. There is no specific deadline for adoption, but it is expected prior to November 30, 2023, which is the…

In Data Privacy

To Certify or Not to Certify: The EU-US Data Privacy Framework

September 29, 2023 by Elisabeth Dehareng, Brian Hengesbaugh and Cristina Messerschmidt 4 Mins Read

*Article originally posted on Law.com authored by Cassandre Coyer at LegalTech News.* This summer marked a key development in the history of data transfers between the U.S. and European Union when the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework after two prior invalidated agreements. But whether that milestone is translating to a wave of companies registering to get certified under the new framework is less apparent. Given the looming possibility of a Schrems…

In California Privacy Law

Key Takeaways from CPPA’s Public Meeting Discussing Risk Assessments and Cybersecurity Audits

September 26, 2023 by Garrett Stallins and Justine Phillips 3 Mins Read

As we previously covered in a post earlier this month, the California Privacy Protection Agency (“CPPA”) has published draft regulations on risk assessments and cybersecurity audits required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). On September 8, the CPPA held a public board meeting that included discussion of select portions of the regulations. Prior to the meeting, the board circulated copies of the draft regulations for…

In Data Privacy

Swedish Data Protection Authority Establishes Art. 41 GDPR Accreditation Requirements

September 22, 2023 by Helena Engfeldt, William Höglund, Margarita Kozlov and Peder Oxhammar 2 Mins Read

According to Article 40.1 of the GDPR, the national supervisory authorities in the European Economic Area shall “encourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, establishes the requirements that…

In Data Privacy

By the Dozen: Delaware Becomes the Twelfth US State to Enact Consumer Privacy Legislation

September 14, 2023 by Cynthia Cole and Helena Engfeldt 6 Mins Read

In Brief On September 11, 2023, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act (HB 154) into law, making Delaware the twelfth US state to pass a consumer privacy law (and the seventh in 2023 alone). Like Connecticut, Colorado and Indiana, Delaware’s new law occupies a middle ground between detailed privacy regimes like the California Consumer Privacy Act (CCPA, as modified by the California Privacy Rights Act) and more business-friendly mandates like…

In Data Privacy

Four Takeaways from the Washington State Attorney General’s Guidance on the My Health My Data Act

September 13, 2023 by Helena Engfeldt 3 Mins Read

Beyond the statutory text of the new Washington state My Health My Data Act, the Washington Attorney General has published Frequently Asked Questions (FAQs) and will update such FAQs periodically. Some of the FAQs provide insight into possible interpretations of the law’s provisions that are summarized below. For a broader overview of the My Health My Data Act, see here. 1. Businesses located outside of the state of Washington that only store data in Washington…

In Artificial Intelligence

First Look at California Privacy Protection Agency’s Proposed Regulations on Risk Assessments

September 1, 2023 by Cynthia Cole, Justine Phillips, Brittney Justice and Manisha Reddy 3 Mins Read

On August 29, 2023, the California Privacy Protection Agency (“CPPA”) published draft regulations on risk assessments and cybersecurity audits required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). The CPPA will discuss the draft regulations at the upcoming public meeting on September 8, 2023. The draft regulations make clear that the CPPA has not yet begun formal rulemaking, and that the draft regulations are “intended to facilitate…

In California Privacy Law

Senate Bill 362 to Amend California Data Broker Law

August 30, 2023 by Lothar Determann, Helena Engfeldt, Michelle Shin and Jonathan Tam 3 Mins Read

If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law may be significantly changed under a proposed bill. Under Senate Bill 362, the California Privacy Protection Agency (CPPA) would be required to set up, by January 1, 2026, an accessible deletion mechanism where consumers could request deletion via the CPPA that all data brokers then have to honor.…