Five U.S. states will enact new privacy laws in 2023 which may have a significant impact on companies which operate in each respective state. California will be amending an existing law, while Colorado, Connecticut, Utah and Virginia will be introducing new laws. As these laws will also effect companies located outside of the respective states,
Data Security & Privacy
Latest from Data Security & Privacy
Austrian Data Protection Authority Finds Website Use of Google Analytics Violates GDPR
On December 22, 2021, the Austrian Data Protection Authority (DSB) found that medical news company, NetDoktor, violated Europe’s General Data Protection Regulation (GDPR) by using Google LLC’s popular data analytics platform, Google Analytics (GA), on its website, which resulted in the transfer of personal information from Europe to Google’s servers located in the United States…
Data Privacy and Security Concerns With Rise of Online Betting, Gaming
As of January 8, 2022, New York State joined the ranks of more than a dozen states that have legalized online and mobile sports betting since the U.S. Supreme Court’s 2018 decision in Murphy v. National Collegiate Athletic Association, which struck down the Professional and Amateur Sports Protection Act also known as the Bradley Act. …
Canada Proposes New Privacy Bill
On November 17, 2020, Canada’s Minister of Innovation, Science and Industry introduced the proposed Digital Charter Implementation Act (DCIA or “Act”), new legislation from the Liberal Party of Canada that could dramatically alter how the country regulates consumer data.[1] The Act, which will likely extend to businesses outside of Canada, aims to “significantly increase…
Swiss-U.S. Privacy Shield Invalidated by Swiss Commissioner
The Schrems II decision, issued on July 16, 2020, continues to impact the ability of organizations to transfer personal data from the European Economic Area to the United States. The effects of the decision are now felt in Switzerland as the Federal Data Protection and Information Commissioner (FDPIC) addressed the issue on September 8, 2020.…
European Parliament Committee Discusses the Future of EEA-U.S. Data Flows
On September 3, 2020, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) held a meeting to discuss the Schrems II decision and the future of personal data transfers between the European Economic Area (EEA) and the U.S.[1]
Justice Didier Reynders, the EU Commissioner for Justice, stated that conversations with…
EDPB Establishes and Appoints Task Forces to Prepare Recommendations and Review Complaints Following the Schrems II Decision
On September 4, 2020, the European Data Protection Board (EDPB) announced that it had created two task forces following the Schrems II decision.[1] The first task force will prepare recommendations to support controllers and processors regarding their duties in “identifying and implementing” appropriate measures to meet the required standard when transferring data to third…
EDPB Issues Draft of GDPR Controller-Processor Guidelines
On September 7, 2020, the European Data Protection Board (EDPB) issued draft guidelines clarifying the concepts of “controller,” “joint controller,” “processor” and “third party” under the General Data Protection Regulation (GDPR). These concepts are important under the GDPR, as they determine which party is responsible for compliance with particular GDPR provisions and how data subjects…
The Department of Commerce Continues Efforts to Address Cross-Border Data Transfers Under the GDPR After the Invalidation of the Privacy Shield
U.S. Department of Commerce and European Commission Release Joint Press Statement
On August 10, 2020, the U.S. Secretary of Commerce, Wilbur Ross, and the European Commissioner for Justice, Didier Reynders, released a Joint Press Statement (“Press Statement”) regarding the status of Privacy Shield discussions in light of the Schrems II decision. The Schrems II decision…
European High Court Invalidates Privacy Shield, but Upholds Standard Contractual Clauses for International Data Transfers Under the GDPR
The General Data Protection Regulation (GDPR), Europe’s restrictive data protection law, permits the transfer of personal data from the European Economic Area1 (EEA) to other countries only under limited circumstances. On July 16, 2020, the Court of Justice of the European Union (CJEU or Court) issued a highly anticipated decision in a case brought…