Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or assistance from across the organization. On this blog, we have outlined the items we have seen as particularly time- or […]
Privacy & Cyber Regulatory Enforcement
Supreme Court Recognizes Reasonable Expectation of Privacy in Historical Cell-Site Location Information
The Supreme Court recently held in Carpenter v. United States that an individual has a reasonable expectation of privacy in historical cell-site location information (CSLI) that provides a comprehensive view of the individual’s movement. A 5-4 decision, Carpenter marks a significant development for both the third-party doctrine and in the privacy space more generally. Carpenter […]
GDPR Fragmentation May Appear More Significant than Intended
With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only 30% of Member States have effectively passed legislation, which still leaves the legal landscape to be precarious. The GDPR allows for deviations and specifications in […]
Privacy Activist Challenges Data Collection for Internet Businesses
Austrian privacy activist Max Schrems’ organization, NOYB – Center for Digital Rights, filed complaints against Google (Android), Instagram, WhatsApp and Facebook on May 25th, the same day on which the EU General Data Protection Regulation (GDPR) became effective. NOYB filed the complaints based on the GDPR with supervisory authorities in France, Belgium, Germany and Austria. […]
Chicago City Council Considers Data Collection and Protection Legislation
Unique and detailed data protection legislation is currently under consideration by the Chicago City Council. If passed in its current form, the Data Collection and Protection Ordinance (the “Ordinance”) would impose consent, notification, and registration obligations on regulated companies, as well as require a prescribed notice to users of location services on mobile devices and […]