Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]
Board Governance & Cyber Risk Management
SEC’s OCIE Issues Ransomware Risk Alert
On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just SEC registrants to monitor CISA […]
California Privacy Rights Act (CPRA) Will be on November Ballot
The California Secretary of State has announced that the California Privacy Rights Act (CPRA) will be on California’s November 3, 2020 ballot. If approved by California voters, the CPRA would significantly update and amend the California Consumer Privacy Act (CCPA) that went into effect at the beginning of this year. The organization that submitted the […]
California AG Publishes Final CCPA Regulations, Seeks Possible July 1 Effective Date
Since the California Consumer Privacy Act (CCPA) entered into force on January 1, 2020, many companies have been closely following the development of CCPA Regulations by the California Attorney General’s Office (AG’s Office). The AG’s Office released an initial draft of the CCPA Regulations in October 2019, prompting over 3,000 pages of public comment (read […]
European Data Protection Board Clarifies Guidelines on Consent to Address ‘Cookie Walls’ and ‘Scroll-to-Accept’ Practices
On May 4, 2020, the European Data Protection Board (‘EDPB’) adopted updated guidelines on the meaning of ‘consent’ under the EU’s General Data Protection Regulation (‘GDPR’). The two key changes clarify that: Websites and other services may not use ‘cookie walls’, as these do not permit valid consent to be collected. ‘Cookie walls’ require the […]