In June of 2018, California passed the California Consumer Privacy Act (CCPA), which seeks to give consumers additional safeguards regarding their personal information. The CCPA will become effective January of 2020 and may impact companies in the education sector, including the larger education technology companies.
While the CCPA does not apply to nonprofit educational institutions, it may apply to certain … Continue Reading
With the deadline for a no-deal Brexit looming—the UK’s exit date from the European Union is now slated for April 12—companies certified to the EU-U.S. Privacy Shield should update their Privacy Shield privacy policies if they have not done so already to ensure that they are able to lawfully receive personal data from the UK post-Brexit.
The UK Information Commissioner’s … Continue Reading
The California Department of Justice has announced a March 8, 2019 deadline for submitting written pre-rulemaking comments on the California Consumer Privacy Act (CCPA). The March 8 deadline is an extension from the previously set end-of-February deadline.
Pursuant to section 1798.185(a) of the CCPA, the California Attorney General (AG) is obligated to solicit broad public participation and adopt regulations to … Continue Reading
This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). At first glance, it is clear that the drafters of the … Continue Reading
Thank you to everyone who participated in last week’s webinar “California Consumer Privacy Act: What you need to know now.”
In this complimentary webinar, Hogan Lovells partners Mark Brennan, Bret Cohen, Harriet Pearson, and Tim Tobin, discussed:
• What triggered the new law?
• What data is covered?
• What does CCPA require, and how do you start operationalizing the … Continue Reading
On June 28, 2018, California’s governor signed Assembly Bill 375, a ground-breaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR). Particularly in light of California’s status as the world’s 5th largest economy, many are wondering how the new California Consumer Privacy Act (CCPA) will affect them.
Please … Continue Reading
Two weeks ago, certain territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2018 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including with Russia’s data localization requirement. The inspection plans contain a number of prominent multi-national and Russian companies.
Within such inspections, Roskomnadzor assesses the compliance of the entity with Russian … Continue Reading
Last Monday, the Supreme Court granted certiorari in the Microsoft search warrant case, a case in which Microsoft challenged the U.S. government’s right to use the warrant process to obtain certain emails stored overseas. Some view the upcoming decision as signaling the level of access the U.S. government will have to the growing troves of data U.S.-based technology companies … Continue Reading
On 7 February 2017, the Russian President signed into law a bill (link in Russian) introducing amendments to the Russian Code on Administrative Offences that increases the amount of the fines imposed for violating Russian data protection laws and differentiates the relevant offences’ types. The greatest increase raises maximum fines for certain violations from RUB 10,000 to 75,000 (approx. USD … Continue Reading
Last Wednesday, President Trump signed an immigration-related Executive Order (EO) titled “Enhancing Public Safety in the Interior of the United States” that, among other things, removed the ability of federal agencies to extend protections under the Privacy Act to anyone other than U.S. citizens or legal permanent residents. Some initial observers have suggested that this means that the … Continue Reading
At the end of 2016, territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2017 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including data localization. The inspection plans contain a number of prominent multi-national and Russian companies.
For instance, the inspection plan of Roskomnadzor’s territorial division for the Russian Central Region includes … Continue Reading
Ever since the first draft of the EU-US Privacy Shield framework was published in early 2016, groups opposed to the idea have indicated their intent to challenge the legality of the framework under EU law. Recently, the privacy advocacy group Digital Rights Ireland (DRI) made good on that promise. Following the filing of a formal complaint on 15 September asking … Continue Reading
In a case with major significance for foreign online businesses that do business in Russia, on Thursday, 10 November the Moscow City Court sustained a lower court ruling that granted the request of the Russian Data Protection Authority (Roskomnadzor) to block access to social network LinkedIn within Russian territory.
As we described in an earlier post, Roskomnadzor brought the … Continue Reading
On 12 July 2016, the European Commission issued its much awaited “adequacy decision” concerning the Privacy Shield framework for the transfer of personal data from the EU to the U.S. This adequacy decision is based on the latest version of the Privacy Shield, which was further negotiated and revised following the Article 29 Working Party’s April 2016 concerns with … Continue Reading
We last reported on Russia’s data localization law earlier this year when the Russian data protection authority, Roskomnadzor, released its inspection plan for 2016. Since then, Roskomnadzor has been conducting compliance inspections both according to the plan and in individual cases when it has reason to do so. The results of those inspections and recent comments by the Head … Continue Reading
EDITOR’S NOTE: We are excited to present this entry in our new TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace. It also provides an opportunity to highlight contributions by TMT associates across our global offices and practice areas.
The February 29, 2016 announcement of the new … Continue Reading
On February 29, 2016, and after more than two years of negotiations with the U.S. Department of Commerce, the European Commission released its draft Decision on the adequacy of the new EU–U.S. Privacy Shield program, accompanied by new information on how the Program will work. The Privacy Shield documentation is significantly more detailed than that associated with its predecessor, the … Continue Reading
In mid-January, the territorial divisions of Russia’s Data Protection Authority, Roskomnadzor, uploaded their 2016 plans for conducting inspections of local companies’ compliance with Russia’s data localization requirements, and there are a number of prominent multi-national companies on the list.
For instance, the inspection plan of Roskomnadzor’s territorial division for the Russian Central Region (in Russian) contains a number of organizations … Continue Reading
We are now almost two months into the era of Russia’s Data Localization Law, which came into force on 1 September. While some expected immediate enforcement, the Russian Data protection Authority, Roskomnadzor, has not yet taken any action for a violation of data localization requirements. Last month, Roskomnadzor did take formal enforcement action to block a website and add … Continue Reading
The EU’s Article 29 Working Party issued a statement on Friday on the recent Schrems decision invalidating the adequacy of the EU-U.S. Safe Harbor framework, emphasizing that affected businesses should start to put in place legal and technical solutions in a timely manner to meet EU data protection standards. The statement gave a January 2016 deadline for companies to come … Continue Reading
On 6 October 2015, the Court of Justice of the European Union (CJEU) declared the EU-US Safe Harbor framework invalid as a mechanism to legitimize transfers of personal data from the EU to the US. This decision effectively leaves any organisation that relied on Safe Harbor exposed to claims that such data transfers are unlawful.
Safe Harbor was jointly devised … Continue Reading
Today, on 1 September, the Russian Data Localization Law came into force. So far there have been no unexpected developments or reports of any unplanned inspections by Roskomnadzor, the Russian Data Protection Authority. Existing planning documents, however, provide some predictability for organizations subject to the law about the schedule under which Roskomnadzor plans on conducting compliance inspections.
Roskomnadzor’s plan for … Continue Reading