On March 21, 2017, New York Attorney General (NYAG) Eric T. Schneiderman announced that his office had received a record breaking 1,282 data breach notices to his office affecting 1.6 million New York residents during 2016. Compared to 2015, these figures represent a 60 percent increase in the number of notices and a 300 percent […]
Uncategorized
What Will Trump’s Executive Order Do to U.S. Privacy Law and EU-U.S. Data Transfers?
On the third day of his presidency, President Trump signed an immigration-related executive order raising significant questions about the future of U.S. privacy law and EU-U.S. data transfers. The order, titled “Enhancing Public Safety in the Interior of the United States” (“Executive Order”), directs agencies to “ensure that their privacy policies exclude persons who are […]
Spanish DPA Issues GDPR Guidelines
On January 26, 2017, the Spanish data protection authority (“AEPD”) published three guidance papers on the implementation of the general data protection regulation (“GDPR”). Although the guidance is primarily directed at small and medium-sized companies, it gives a snapshot on how the AEPD reads the GDPR and is thus relevant for all companies having operations […]
AG Empowers EU Privacy Suits with Redress Act Designations
Earlier this week, the U.S. Attorney General designated 26 countries and the European Union as “covered countr[ies]” under the Judicial Redress Act. The Attorney General has simultaneously designated 13 “Federal agenc[ies] or component[s]” under the Act. These designations enable citizens of the “covered countr[ies]” to sue and seek remedies in U.S. court if one of […]
WP29 Issues Guidance on the Right to Data Portability under the GDPR
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (“GDPR”). This is part two of a three-part Alston & Bird series evaluating WP29’s positions, and relates to the Right of Data Portability for data subjects and its obligations for data controllers. Part 1 deals […]