Data Privacy

Subscribe to Data Privacy

On July 10, the European Commission (EC) published its data adequacy decision for the new EU-U.S. Data Privacy Framework (EU-U.S. DPF).  This means that companies can transfer personal data from EU countries and from Iceland, Liechtenstein and Norway to U.S. organizations participating in the EU-U.S. DPF consistent with EU law. It is also expected that

This week, the California Superior Court ruled that the California Privacy Protection Agency (CPPA) cannot begin enforcement of the California Privacy Rights Act (CPRA) until March 2024. The ruling stems from a lawsuit filed by the California Chamber of Commerce which argued that state businesses would not have enough time to prepare for the upcoming

The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies in the event of a data breach.

The Act requires state agencies and municipalities to notify the State Police of an incident

Tennessee, Montana, Iowa, and Indiana have each recently passed a consumer privacy statute in recent weeks. These laws follow the same trend started by California’s Consumer Privacy Act by granting consumers the right to know whether a company is processing their data; the right to access that data, obtain a copy, and to have it

The New York City Department of Consumer and Worker Protection will delay enforcement of Local Law 144, until April 15, 2023. The law requires companies operating in the City to audit automated employment decision tools for bias prior to use, and to post these audit reports publicly. The bill would also require that companies notify

Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than

A recent study found that some data brokers are selling highly sensitive data relating to consumers’ mental health conditions on the open market with minimal vetting of their customers and few controls on how these purchasers use the data. The study, conducted by a researcher at Duke University’s Technology Policy Lab, found that 11 out

The California Privacy Protection Agency (CPPA) Board will hold its third public hearing on February 3, 2023, at 10 am PST.

The meeting will open with the Chairperson’s Update, during which CPPA Chairperson Jennifer Urban will likely address the status of the delayed California Privacy Rights Act (CPRA) regulations. Chairperson Urban is also a

Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional consumer rights and business obligations. The CPRA also established a new government agency, the California Privacy Protection Agency (CPPA), responsible

On Tuesday, January 17, 2023, the University of Texas at Austin announced that it has blocked TikTok access across the university’s networks. According to the announcement to its users, “You are no longer able to access TikTok on any device if you are connected to the university via its wired or WIFI networks.” The measure