Earlier this year, The Retail Equation and Sephora were hit with a class action lawsuit in which the plaintiff claimed Sephora improperly shared consumer data with The Retail Equation without consumers’ knowledge or consent. On August 3, 2020, the plaintiff, now joined by others, amended her complaint to cast an even wider net.
Continue Reading Multiple Retailers Sued Under CCPA for Sharing Data Used to Identify Fraudulent Returns

On August 6, 2020, President Trump signed executive orders imposing new economic sanctions under the International Emergency Economic Powers Act and the National Emergencies Act against TikTok and WeChat. The orders potentially affect tens of millions of U.S. users of these applications and billions of users worldwide.
Continue Reading U.S. Government Takes Aim at TikTok and WeChat Citing Privacy and Security Concerns

On August 5, 2020, the French Data Protection Authority announced that it has levied a fine of €250,000 on a French online shoe retailer for various infringements of the GDPR. This is the first penalty under the GDPR enforced by the CNIL as the lead supervisory authority in cooperation with other EU supervisory authorities.
Continue Reading CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

On August 10, 2020, European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Wilbur Ross released a joint press statement following the ruling of the Court of Justice of the European Union in the Schrems II case.
Continue Reading European Commission and U.S. Department of Commerce to Discuss Enhanced EU-U.S. Privacy Shield Framework

On July 23, 2020, the UK Information Commissioner’s Office published the first two reports from its Data Protection Regulatory Sandbox Beta phase, which launched in September 2019 as a pilot and involves the assessment of ten products and services that use personal data in innovative ways.
Continue Reading UK ICO Publishes First Two Reports from its Data Protection Sandbox Pilot

On July 16, 2020, the Court of Justice of the European Union issued its landmark judgment in the Schrems II case, concluding that the Standard Contractual Clauses issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.
Continue Reading BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid