Archives: Privacy & Data Protection

Subscribe to Privacy & Data Protection RSS Feed

The European Data Protection Board releases recommendations on supplementary measures following the Schrems II decision

On 11 November 2020, the European Data Protection Board (EDPB) released recommendations on supplementary measures for international transfers (here) and recommendations on the European Essential Guarantees for surveillance measures (here), following the Schrems II decision (see our previous blog here). As a result of the Schrems II decision, data exporters who use certain transfer mechanisms as an appropriate … Continue Reading

CPRA: The next frontier in (California) privacy

Before the dust has even settled on many California Consumer Privacy Act (CCPA) compliance projects, California voters have welcomed the future of privacy by overwhelmingly approving Proposition 24: The California Privacy Rights Act (CPRA).  Building off of the CCPA framework, the CPRA expands the rights of California consumers, adds new responsibilities for both business and … Continue Reading

Comparing legal privilege when dealing with privacy issues in England and Wales and the United States

The protection afforded by attorney-client privilege brings about a candid conversation between lawyers and clients. Privilege can attach to communications covering a variety of topics, from responding to a data subject access request (DSAR) to handling a security incident or managing complex and time consuming investigations on a multinational scale. Different privilege rules may apply … Continue Reading

ICO releases updated guidance on data subjects’ right of access

On 21 October 2020, almost a year after the UK’s Information Commissioner Office (ICO) provided draft guidance on the right of access, the ICO published its updated guidance on data subject access requests (DSARs), available here (Guidance). In a previous post available here, we covered what DSARs are and the principles areas of focus of … Continue Reading

EDPB finalises guidelines on Data Protection by Design and by Default

On 20 October 2020, the European Data Protection Board (EDPB) met for its 40th plenary session. During the session, the EDPB adopted final guidelines on Data Protection by Design and by Default (DPbDD) (available here) (the guidelines). See our blog post on the draft DPbDD guidelines, available here. As a quick reminder, the obligation to … Continue Reading

Nevada Attorney General Aaron Ford talks to Reed Smith about Nevada’s new data privacy law, consumer protection, and data breaches

In a recent Q&A with Nevada Attorney General (AG) Aaron Ford, the first term AG discusses Nevada’s new data privacy law (Senate Bill 220), which provides consumers with a right to opt out of the sale of their data. AG Ford also outlines his perspective on federal privacy law and his office’s data breach enforcement … Continue Reading

European Commission implements interoperable gateway for COVID-19 contact tracing and warning apps

Following a previous European Commission recommendation to support the gradual lifting of coronavirus (COVID-19) restrictions through mobile data and apps, on 19 October 2020, the European Commission has set up an EU-wide system for the interoperability of track and trace apps. Background National contact tracing and warning apps can play a key role in all … Continue Reading

EDPB releases guidelines on relevant and reasoned objection

On 8 October 2020, the European Data Protection Board (EDPB) published new guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR). The guidelines cover the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which supervisory authorities have a duty to exchange all relevant information with each … Continue Reading

Is the third time the charm for the Washington Privacy Act?

On September 9, Senator Reuven Carlyle (D-WA) presented an updated draft of the Washington Privacy Act (WPA), suggesting that the WPA will be up for consideration in Washington State’s 2021 legislative session. The next legislative session is scheduled to convene on January 11, 2021, at which point the fate of the WPA will again be in the … Continue Reading

EDPB releases draft guidelines on the targeting of social media users

In September 2020, the European Data Protection Board (EDPB) released new guidelines on the targeting of social media users (Guidelines) for consultation. Background The Guidelines address the privacy risks and legal issues that arise when social media services are used to direct specific messages to users based on particular criteria, such as the users’ perceived … Continue Reading

Singapore’s amended Personal Data Protection Act to come into force before year end

The Personal Data Protection (Amendment) Bill (Bill) was introduced and read for the first time in Parliament on October 5, 2020 The Bill proposes significant changes to Singapore’s Personal Data Protection Act 2012 (PDPA). The amendments seek to keep Singapore’s data protection laws up to date with evolving technology developments, as well as global regulatory … Continue Reading

Federal judge dismisses data-related antitrust claims in hiQ Labs, Inc. v. LinkedIn Corp.

On September 9, a federal judge in California dismissed claims brought by hiQ Labs, Inc. (hiQ) against LinkedIn Corp. (LinkedIn) that alleged that LinkedIn’s attempts to prevent hiQ from accessing public information on its website violated various antitrust laws. In an opinion that will continue to fuel debate over the relationship between antitrust and privacy, … Continue Reading

Illinois Attorney General Kwame Raoul talks to Reed Smith about consumer privacy, biometrics, and data breaches

In a recent Q&A with Illinois Attorney General Kwame Raoul, the first term AG discusses potential changes to data breach laws in Illinois and whether his state could implement a privacy statue similar to the California Consumer Privacy Act (CCPA), the effectiveness of federal data breach legislation, and reasonable steps that businesses could take to … Continue Reading

New DIFC Data Protection Law on the way…Are you ready?

The Dubai International Financial Centre (DIFC) enacted the DIFC Data Protection Law No. 5 of 2020 (the DP Law) July 1, 2020. The DP Law has been designed primarily to bring DIFC’s data protection legal regime in line with international best practices in data privacy laws, in particular the General Data Protection Regulation (GDPR), which … Continue Reading

The UK’s Supervisory Authority releases its Accountability Framework

The UK’s Information Commissioner’s Office (“ICO”) published earlier this month its Accountability Framework, available here. The Accountability Framework is designed to assist companies demonstrate compliance with their accountability obligation under the General Data Protection Regulation (“GDPR”) and assess whether their current measures meet the ICO’s expectations. The Accountability Framework consists of ten categories where the … Continue Reading

Recent developments concerning Brazil’s General Data Protection Law

In August 2018, Brazil passed its General Data Protection Law (LGPD), which could become effective as soon as September 16, 2020. Now is the time for organizations that collect personal data of individuals in Brazil or process personal data in Brazil to assess their processing activities and consider how to comply with the new law, … Continue Reading

Highest German Court invalidates Section 113 of the German Telecommunications Act and abandons service providers’ obligation to grant authorities access to subscriber data

On May 27, 2020, the German Federal Constitutional Court invalidated section 113 of the German Telecommunications Act (TKG) and several accompanying federal law provisions for non-compliance with the German Constitution (case nos. 1 BvR 1873/13 and 1 BvR 2618/13). On July 17, 2020, the Federal Constitutional Court published the fully reasoned judgment as well as a press release outlining the … Continue Reading

Schrems II: It is not all bad news for international data transfers

The Court of Justice of the European Union (CJEU) handed down its judgment on a case brought by privacy rights activist, Max Schrems (C-311/18, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems) (Schrems II) yesterday, July 16, 2020. The case concerned the transfer of personal data to recipients in the United States via the EU … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2020 Edition)

The Summer 2020 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Access rights vs. data backup Cookie update: Planet49 and cookie walls Double opt-in required under GDPR Update on influencer advertisement German Supreme Court: … Continue Reading

CCPA enforcement letters sent; Supervising Deputy Attorney General offers insight

Although the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, the California Attorney General (AG) was not authorized to begin enforcement until July 1, 2020.  With the pandemic and the delay in finalizing the regulations, it was unclear how or when AG enforcement would begin.  Any such confusion can be dispelled, … Continue Reading

Changes coming to Singapore’s data protection law

It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA). On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA. The proposed changes are significant. Key … Continue Reading

Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong. In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 … Continue Reading

Notice and consent requirements for security footage and biometric data collection

It is natural for businesses to be concerned about the security of their premises and to explore new technologies that can help mitigate health and safety risks related to that security. As retailers get back to business in the United States, the laws implicating biometrics and the increase in use cases for biometric technologies have … Continue Reading

ICO issues guidance for organisations amid coronavirus recovery

On 12 June 2020, the UK’s Information Commissioner’s Office (ICO) issued new guidance for organisations on the coronavirus (COVID-19) recovery phase (Guidance). The Guidance (available here) forms part of the ICO’s wider data protection and coronavirus information hub (available here) which aims to help organisations navigate data protection during this unprecedented time. The new Guidance … Continue Reading
LexBlog