Big Data

California Mandates COVID Exposure and Outbreak Reporting to Employees, Government Agencies

September 23, 2020 By Aaron Wasser and Daniel Felz

On Thursday, September 17, 2020, California Governor Gavin Newsom signed Assembly Bill 685 (“AB685”) into law. AB685 amends a number of portions of California’s Labor Code to address the COVID-19 pandemic. In addition to provisions that regulate reopening activities at California worksites, AB685 introduces two new COVID-related notification obligations for California employers: (1) a requirement […]

UK ICO publishes the final version of its Age Appropriate Design Code

February 6, 2020 By Paul Greaves and Wim Nauwelaerts

On January 21, 2020, the UK ICO published the final version of its Age Appropriate Design Code (the “Design Code”), which sets out 15 standards that online services should meet to protect children’s privacy. The Design Code is not only applicable to online services squarely aimed at children, but also covers online services likely to […]

The Coming Regulation of Artificial Intelligence? EU Publishes AI Guidelines

April 16, 2019 By Scott Kitchens

The European Commission High-Level Expert Group on Artificial Intelligence released on April 8, 2019 the final version of its Ethics Guidelines for Trustworthy AI (the “Guidelines”). This is the first significant guidance issued in Europe regarding Artificial Intelligence and follows an extensive public comment process. While the Guidelines are not binding law, the creation of the […]

Vermont Passes New Data Broker Law

June 14, 2018 By Privacy & Data Security Team

Under a Vermont law, data brokers that process information regarding Vermont residents are now subject to registration and security requirements beginning January 1, 2019. Included in the new law are three notable components: (1) a broad statutory definition of a “data broker,” (2) an annual registration requirement for data brokers, and (3) reporting on data […]

German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected

May 30, 2018 By Daniel Felz

The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]