Legislation

Governor Jerry Brown Signs Amendment to the California Consumer Privacy Act

Written by

On September 23, 2018, Governor Jerry Brown signed SB 1121, the amendment to the California Consumer Privacy Act (CCPA).  SB 1121 attempts to clean up some drafting errors and ambiguities in the original legislation (AB 375), but it also effectively reduces the procedural obstacles to the CCPA’s private right of action by removing the requirement that a plaintiff first notify the Attorney General before filing a lawsuit pursuant to the CCPA, which would have provided the Attorney General the opportunity to order a plaintiff not to proceed.  For a more in-depth analysis of the private right of […] Read more

India’s Draft Data Protection Bill: Another GDPR Around The Corner?

Written by

India recently introduced the Personal Data Protection Bill 2018 (“Bill”). The transfer of personal data in India is currently governed by the SPD Rules (Sensitive Personal Data and Information, 2011), which is however considered outdated and not fully protective of personal data. The Bill comes as a result of the country’s Supreme Court recent judgment that declared privacy a fundamental right of an individual. The Srikrishma Committee (“Committee”) was responsible for drafting the Bill and coined a legal framework that is aimed to shape the country’s digital agenda. The Committee […] Read more

An Update on the California Consumer Privacy Act and Its Private Right of Action

Written by

While it remains to be seen what the final text of the California Consumer Privacy Act (CCPA) looks like when it is ultimately implemented on January 1, 2020, at present it seems likely that businesses and employers can expect an influx of lawsuits from individual consumers proceeding under the CCPA’s private right of action.  Under the current version of the CCPA, the Act provides a private right of action for consumers whose personal information “is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and […] Read more

California Legislature Amends CCPA

Written by

Last Friday, the California Senate and Assembly passed SB-1121, amending the California Consumer Privacy Act (“CCPA”) as enacted in June. We previously issued an advisory following the June enactment, and will host a webinar discussing the law (as now amended) on September 12. This blog post highlights some of the key amendments to the CCPA. SB-1121 amends the CCPA as follows: Exemptions for Health Providers. The bill clarifies that the CCPA does not apply to protected health information (“PHI”) or medical information governed by the Health Insurance Portability and Accountability […] Read more

Alston & Bird Hosts Sept. 12 Webinar on California Consumer Privacy Act

Written by

Save the date! On Sept. 12, 1 – 2 PM ET, Alston & Bird will host a webinar to analyze the new California Consumer Privacy Act. (You can read our prior advisory.) The California Consumer Privacy Act has been compared to the European Union’s General Data Protection Regulation due to its creation of important new privacy rights likely to require significant compliance activity by many companies. Partners Jim Harvey, David Keating, and Senior Counsel Peter Swire will lead discussion of this comprehensive new legislation currently slated to enter into force in less than 18 months.   Registration [...] Read more

Landmark New Privacy Law in California to Challenge Businesses Nationwide

Written by

Following our June 4 and July 2, 2018 blog posts tracking California's November 2018 ballot measure turned hastily enacted new California privacy law titled The California Consumer Privacy Act of 2018 (CCPA), Alston & Bird's Privacy & Data Security Group released a more detailed "first look" review of California’s sweeping new law.  The advisory provides an overview of the new law, which establishes an array of privacy rights for state residents and worries for businesses nationwide, and concludes with key initial takeaways for business. Read the advisory here. [...] Read more

California Approves the California Consumer Privacy Act in Response to Consumer Privacy Ballot Initiative

Written by

As discussed in this blog’s June 4, 2018 blog post, a group called Californians for Consumer Privacy gathered enough signatures for a new measure called the Consumer Right to Privacy Act to qualify for the November 2018 ballot.  With momentum building for passage of that ballot measure, various stakeholders met with California legislators to devise a bill that could be passed in place of the measure (and to the satisfaction of the measure’s backers).  The legislature and governor had until last Thursday, June 28 – the deadline for the measure’s backers to remove it from the November’s [...] Read more

GDPR Fragmentation May Appear More Significant than Intended

Written by

With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only 30% of Member States have effectively passed legislation, which still leaves the legal landscape to be precarious. The GDPR allows for deviations and specifications in several areas, for instance to introduce specific conditions or limitations for the processing of biometric, genetic, or health data; to create specific protection regimes for employee data; or to restrict the rights the GDPR grants to individuals. [...] Read more

Vermont Passes New Data Broker Law

Written by

Under a Vermont law, data brokers that process information regarding Vermont residents are now subject to registration and security requirements beginning January 1, 2019. Included in the new law are three notable components: (1) a broad statutory definition of a “data broker,” (2) an annual registration requirement for data brokers, and (3) reporting on data broker security breaches. Definition of a “Data Broker” The law takes a technology-neutral approach to its definition of a “data broker,” instead defining the term based on the normal functions of the business. The statute [...] Read more

The CLOUD Act and its Impact on Cross-Border Access to the Contents of Communications

Written by and

On Friday morning, March 23, President Trump signed the $1.3 trillion omnibus spending bill into law, including the Clarifying Lawful Overseas Use of Data (CLOUD) Act, and in doing so established a sea change in the rules for cross-border government access to the contents of electronic communications. The CLOUD Act consists of three core components: (1) resolving the main issue in the Microsoft Ireland case pending before the U.S. Supreme Court, (2) providing a process for entities to request a comity analysis for potential conflicts with non-U.S. legal obligations, and (3) removing legal barriers [...] Read more