Regulatory Enforcement

Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses

July 16, 2020 By Paul Greaves and Wim Nauwelaerts

Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]

California AG Publishes Final CCPA Regulations, Seeks Possible July 1 Effective Date

June 4, 2020 By Daniel Felz

Since the California Consumer Privacy Act (CCPA) entered into force on January 1, 2020, many companies have been closely following the development of CCPA Regulations by the California Attorney General’s Office (AG’s Office). The AG’s Office released an initial draft of the CCPA Regulations in October 2019, prompting over 3,000 pages of public comment (read […]

COVID-19 Is Not A Free Pass For Privacy And Security Compliance

April 21, 2020 By Privacy, Cyber & Data Strategy Team

In the wake of stay-at-home orders stemming from the COVID-19 pandemic, companies have rushed to provide work-from-home options for many, if not all, of their employees. As exigency fades into the new normal, however, the California Attorney General and New York’s Department of Financial Services (NYDFS) – two key privacy and security regulators – have […]

Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

February 6, 2019 By Daniel Felz

As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users. The amount […]

FTC Publishes Report Regarding Privacy Workshop

November 9, 2018 By Gavin Reinke

In October 2018, the Federal Trade Commission (“FTC”) published a report that summarized discussions at a December 2017 workshop discussing the potential impact to consumers of privacy and security incidents. The purpose of the workshop was to explore whether government intervention in this arena is warranted under the enforcement authority granted to the FTC under […]