As we previously reported, significant data privacy bills, titled the Consumer Data Protection Act, are working their way through the Virginia legislature. If enacted, Virginia would be the second state to enact major data privacy legislation of general applicability.
Continue Reading Virginia Moves Closer to Be the Second State to Enact Major Privacy Legislation
Consumer Protection
EDPS Publishes Opinion on Digital Services Act and Digital Markets Act
On February 10, 2021, the European Data Protection Supervisor published two opinions on the European Commission’s proposals for a Digital Services Act and a Digital Markets Act. The two proposals are part of a set of measures announced in the 2020 European Strategy for Data and have two main goals: (1) creating a safer digital space in which the fundamental rights of all users of digital services are protected, and (2) establishing a level playing field to foster innovation, growth and competitiveness in the European Single Market and globally.…
Continue Reading EDPS Publishes Opinion on Digital Services Act and Digital Markets Act
Will Virginia Be the Second State to Enact Major Privacy Legislation?
On February 5, 2021, the state Senate of Virginia voted unanimously to approve Senate Bill 1392, titled the Consumer Data Protection Act, after the House of Delegates approved an identical House bill by an 89-9 vote.…
Continue Reading Will Virginia Be the Second State to Enact Major Privacy Legislation?
EU Member States Agree on Council’s Text for the ePrivacy Regulation
On February 10, 2021, representatives of the EU Member States reached an agreement on the Council of the European Union’s negotiating mandate for the draft ePrivacy Regulation, which will replace the current ePrivacy Directive. The text approved by the EU Member States was prepared under Portugal’s Presidency and will form the basis of the Council’s negotiations with the European Parliament on the final terms of the ePrivacy Regulation.…
Continue Reading EU Member States Agree on Council’s Text for the ePrivacy Regulation
CIPL Submits Response to European Commission’s Proposal for a Regulation on European Data Governance
On February 5, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted a response to the European Commission’s public consultation on the Commission’s Proposal for a Regulation on European Data Governance. This proposal is the first set of initiatives announced under the broader European Data Strategy. …
Continue Reading CIPL Submits Response to European Commission’s Proposal for a Regulation on European Data Governance
Brazilian Data Protection Authority Publishes Regulatory Strategy for 2021 – 2023
On January 28, 2021, international Data Privacy Day, the newly formed Brazilian data protection authority published its regulatory strategy for 2021-2023 and work plan for 2021-2022 (in Portuguese). This post includes an overview of both strategies, as well as details about the newly formed authority.…
Continue Reading Brazilian Data Protection Authority Publishes Regulatory Strategy for 2021 – 2023
CNIL Calls Organizations to Audit their Sites and Apps for Cookie Compliance
On February 4, 2021, the French Data Protection Authority announced that it sent letters and emails to approximately 300 organizations, both private and public, to remind them of the new cookie law rules and the need to audit their sites and apps to comply with those rules by March 31, 2021. …
Continue Reading CNIL Calls Organizations to Audit their Sites and Apps for Cookie Compliance
CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
On January 27, 2021, the French Data Protection Authority announced that it imposed a fine of 150,000 Euros on a data controller, and a fine of 75,000 Euros on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website of the data controller. The CNIL decided not to make its decisions public, thereby not disclosing the name of the companies sanctioned.…
Continue Reading CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
UK Case Tests the Territorial Application of the GDPR to U.S. Run Website
The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.…
Continue Reading UK Case Tests the Territorial Application of the GDPR to U.S. Run Website
Biden Designates Acting FTC Chair
On January 21, 2021, President Biden designated Rebecca Kelly Slaughter as Acting Chair of the Federal Trade Commission. …
Continue Reading Biden Designates Acting FTC Chair