On May 10, 2023, the Texas Senate passed H.B. 4, also known as the Texas Data Privacy and Security Act.
Continue Reading Texas Senate Passes Texas Data Privacy and Security Act
Data Controller
Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills
On April 21, 2023, the Montana and Tennessee legislatures voted to enact comprehensive consumer privacy bills in their respective states. If signed by their governors, Montana’s Consumer Data Privacy Act (S.B. 384) and Tennessee’s Information Protection Act (H.B. 1181) could make these states the eighth and ninth U.S. states to enact comprehensive privacy legislation. …
Continue Reading Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills
Washington Likely to Become First State to Enact a Comprehensive Health Privacy Law
On April 17, 2023, the Washington State House concurred to the Washington State Senate’s amendments to Washington State House Bill 1155, the My Health My Data Act, clearing the bill’s way to Governor Jay Inslee for a final signature. …
Continue Reading Washington Likely to Become First State to Enact a Comprehensive Health Privacy Law
Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law
On April 13, 2023, the Indiana Senate concurred to the Indiana House’s amendments of Senate Bill 5 a day after the House returned the bill to the Senate with amendments, and a couple days after the Indiana House unanimously voted to approve SB 5. …
Continue Reading Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law
CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR). …
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
India Releases Fourth Draft of Data Protection Bill
Kochhar & Co. reports that, on November 18, 2022, the Government of India released the long-awaited fourth draft of India’s proposed privacy law, now renamed the Digital Personal Data Protection Bill. …
Continue Reading India Releases Fourth Draft of Data Protection Bill
Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection
SHIFT Counsellors at Law reports from Indonesia that The People’s Representative Council of the Republic of Indonesia has ratified Indonesia’s draft law on personal data protection. …
Continue Reading Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection
Danish DPA Declares Use of Google Analytics Unlawful Without Supplementary Measures
On September 21, 2022, Denmark’s data protection authority Datatilsynet announced its guidance that Google Analytics, Google’s audience measurement tool, is not compliant with the EU General Data Protection Regulation. …
Continue Reading Danish DPA Declares Use of Google Analytics Unlawful Without Supplementary Measures
Italian Garante Bans Google Analytics
On June 23, 2022, Italy’s data protection authority determined that a website’s use of the audience measurement tool Google Analytics is not compliant with the EU General Data Protection Regulation, as the tool transfers personal data to the United States, which does not offer an adequate level of data protection. …
Continue Reading Italian Garante Bans Google Analytics
EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR
The European Data Protection Board recently adopted Guidelines 04/2022 on the calculation of administrative fines under the GDPR. This blog entry provides a summary of the Guidelines. …
Continue Reading EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR