Regulatory Enforcement

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

August 17, 2021 By Daniel Felz, Kate Hanniford and Wim Nauwelaerts

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]

California Mandates COVID Exposure and Outbreak Reporting to Employees, Government Agencies

September 23, 2020 By Daniel Felz and Privacy, Cyber & Data Strategy Team

On Thursday, September 17, 2020, California Governor Gavin Newsom signed Assembly Bill 685 (“AB685”) into law. AB685 amends a number of portions of California’s Labor Code to address the COVID-19 pandemic. In addition to provisions that regulate reopening activities at California worksites, AB685 introduces two new COVID-related notification obligations for California employers: (1) a requirement […]

EDPB Emphasizes Joint Controllership between Social Media Providers and ‘Targeters’ in Draft Guidance

September 10, 2020 By Paul Greaves

On September 7, 2020, the European Data Protection Board (‘EDPB’) published its draft guidelines on targeting of social media users (the ‘Guidelines’). The EDPB is accepting feedback from stakeholders on the Guidelines until October 19, 2020. The Guidelines not only provide guidance on the obligations of social media providers (‘Providers’) under the EU General Data […]

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

August 26, 2020 By Daniel Felz and Paul Greaves

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg (the “DPA”) published guidance (the “Guidance”) on international transfers of personal data following the Schrems II judgment (which we have previously covered here). This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the […]

EU DPAs Announce Post-Schrems Enforcement Plans

July 16, 2020 By Daniel Felz

Today, the European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard Contractual Clauses (SCCs) formally intact – although relying on SCCs may become more complicated than in the past. A number […]