While much has been written about the California Consumer Privacy Act (“CCPA”), the focus has primarily been on the new rights it affords California consumers to have access to and control use of their data and opt out of many transfers to third parties. While this is a sea change in data privacy legislation in […]
Peter Swire’s Op-ed: Schrems II Ruling Could Rupture Trans-Atlantic Data Flows
Prof. Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and Senior Counsel at Alston & Bird, recently published an opinion piece, first in French in Le Monde, and then in English in the European Law Blog, with the title “the US, China, and Case 311/18 on Standard Contractual […]
EU Ethics Guidelines For AI Are Just The Beginning
As previously discussed on the Alston & Bird Privacy Blog, the European Commission High-Level Expert Group on Artificial Intelligence released on April 8, 2019 the final version of its Ethics Guidelines for Trustworthy AI. The Guidelines, although not legally binding, are important because they represent the first significant government-initiated effort to influence the use of […]
New York, Model Cybersecurity Law Influence Other States
In March 2017, New York’s path breaking cybersecurity law for financial services companies went into effect. Influenced by the New York law (“New York Part 500”), the National Association of Insurance Commissioners adopted an “insurance data security” model law 668 late in 2017. Today, in 2019, it is clear that model law 668 is indeed […]
Oregon Extends Data Breach Notification Obligations to Third Parties
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684 (SB 684). SB 684 amends the Oregon Consumer Identity Theft Protection Act (“OCITPA”) by extending data breach notification obligations to vendors and by broadening the definition of “personal information” to include information used to access an online account. SB684 extends breach […]