Yesterday, California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. The ballot initiative significantly revises the existing California Consumer Privacy Act to create arguably the most comprehensive state privacy law in the United States. Alston & Bird has now issued a client alert explaining key impacts of this law. The […]
Legislation
EDPB publishes draft guidelines on the concepts of controller and processor
The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor for public consultation. While its predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns have been raised since the entry into force […]
California Passes Bill Extending Exemptions for Employment and Business-to-Business Information Under the CCPA
On Friday, August 28, the California state legislature passed Assembly Bill 1281 (“AB 1281”), potentially extending until January 1, 2022 the partial exemptions for employment and business-to-business data under the California Consumer Privacy Act (the “CCPA”). AB 1281 only takes effect if the California Privacy Rights Act of 2020 (the “CPRA”), an initiative to amend […]
Final CCPA Regulations Approved, Effective Immediately
On Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) Final CCPA Regulations (the “Regulations”) and filed them with California Secretary of State. The Regulations became effective immediately. The OAL-approved Regulations contain several modifications from prior versions. While many of the changes are purely […]
EDPB Guidance on the Schrems II Ruling: An Early Response to the Cry for Clarity
(This blog post summarizes Wim Nauwelaerts’ (Alston & Bird), Early EDPB Guidance in the Wake of Schrems II – Where E.U.-U.S. Data Transfers Are Headed, Cybersecurity Law Report, Aug. 5, 2020) On July 23, 2020, the European Data Protection Board (EDPB) adopted its first set of guidelines on the Schrems II judgment of the Court […]