Privacy

Washington Privacy Act Passes State Senate Laying Pathway for the Bill to Become the Second Comprehensive State Privacy Act

Written by

On March 6, the Washington state Senate voted 46-1 to approve the Washington Privacy Act (WPA or the Act), otherwise known as SB 5376.  If the bill passes the House, the bill would become the second comprehensive state privacy legislation behind the California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020.  The bill would provide consumer rights, impose obligations on businesses collecting and selling personal information, and create an office of privacy and data protection to interface with state agencies on data privacy and data protection policy matters.  The bill draws […] Read more

Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action

Written by

On February 25, California's Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA).  The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches.  The amendment, known as SB-561, would expand the private right of action to cover any violation of a consumer’s rights under the CCPA.  This would materially increase the risk to businesses of class action litigation from failures to comply with the privacy standards in the new law. The amendment [...] Read more

Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

Written by

As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data.  One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users.  The amount of the Google fine startled many companies, but with time the shock faded.  Google was seen as a special case, and a number of companies began to presume that, while scrutiny of targeted online marketing may pick up, “we’re not […] Read more

Illinois Supreme Court Empowers Claims Under Biometric Information Privacy Act

Written by

In an opinion issued Friday, the Illinois Supreme Court handed a potentially significant victory to plaintiffs advancing claims under Illinois’ Biometric Information Privacy Act and seeking statutory damages under that law. The Court held that plaintiffs do not need to assert injury or harm outside of a relevant violation of the statute itself in order to bring claims and seek statutory damages for relevant violations of the statute. Friday’s decision represents a potentially significant victory for members of the class action plaintiffs’ bar seeking to bring claims under the law. Illinois’s […] Read more

EU and Japan Publish a Joint Release on Their Mutual Adequacy Decisions

Written by

On January 23, 2019, the Personal Information Protection Commission of Japan (the “PPC”) and the European Commission (the “Commission”) jointly announced the adoption of the decisions recognizing each other’s personal data protection systems as equivalent. The Commission launched the process leading to the adoption of the adequacy decision in September 2018 and successfully completed the process by obtaining the green light from a committee composed of representatives of the European Union (“EU”) Member States.  In parallel, the PPC adopted a decision to designate the EU as equivalent […] Read more

Time for a General Federal Privacy Law? Peter Swire Opens the Discussion on Potential Preemptive Effects

Written by

The IAPP article, “US federal privacy preemption part 1: History of federal preemption of stricter state laws,” written by Alston & Bird Senior Counsel Peter Swire and published on January 9, 2019, discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy protections. This article, the first of two parts, primarily focuses on the history of federal privacy legislation. Swire looks at the arguments for and against a general federal privacy law in light of the historical trends of federal privacy legislation […] Read more

Rich Willis and Laura K. Song share insights on the challenges data localization poses for the payments industry via Bloomberg BNA

Written by

Rich Willis, partner in the Financial Services & Products Group, and Laura K. Song, associate in the Privacy & Data Security Team, co-authored the Bloomberg BNA article “Data Localization Poses Challenges for Payments Industry and Innovation.” In the article, Willis and Song discuss the different jurisdictional approaches to data localization and the impacts faced by those in the payments industry. With the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA), data privacy has been the focus of recent attention but the article addresses why [...] Read more

Alston & Bird Hosts John Frank of Microsoft to Kick Off IAPP Europe Data Protection Congress 2018

Written by

Alston & Bird’s annual event to kick off the IAPP Europe Data Protection Congress 2018 featured a fireside chat with John Frank, Vice-President, EU Government Affairs at Microsoft. Moderated by Peter Swire, Senior Counsel at Alston & Bird, the discussion provided practical insights into areas that are expected to shape privacy and data protection around the world. Mr. Frank also discussed Microsoft’s approach to global compliance amidst a wide array of privacy and data protection laws and regulations. John Frank John Frank leads Microsoft’s government affairs teams in Brussels […] Read more

FTC Publishes Report Regarding Privacy Workshop

Written by

In October 2018, the Federal Trade Commission (“FTC”) published a report that summarized discussions at a December 2017 workshop discussing the potential impact to consumers of privacy and security incidents. The purpose of the workshop was to explore whether government intervention in this arena is warranted under the enforcement authority granted to the FTC under the FTC Act, 15 U.S.C. § 41 et seq. The report reveals that the workshop participants identified several types of potential impacts that they believe consumers may face in the wake of a data security incident that could warrant [...] Read more

Alston & Bird Issues Advisory on Applying GDPR Experience to CCPA Implementation

Written by

Alston & Bird recently issued an advisory entitled, “Applying GDPR Process Lessons to the CCPA,” authored by Jim Harvey and Karen Sanzaro. The recently and hastily adopted California Consumer Privacy Act of 2018 (CCPA) has already been compared to the General Data Protection Act (GDPR), though the two greatly differ in scope and content.  However, there are valuable insights to glean from the GDPR adoption process that can give companies a heads start on implementing the CCPA. The advisory examines these five lessons from which companies can learn: Leadership and multidisciplinary [...] Read more