Today, Virginia’s Governor, Ralph Northam, signed the Consumer Data Protection Act into law without any further amendments. In addition to California, Virginia is now the second state to enact major privacy legislation of general applicability in the U.S.
Continue Reading Virginia Becomes the Second U.S. State to Enact Major Privacy Legislation
GDPR
Regulatory Sandboxes are Gaining Traction with European Data Protection Authorities
The concept of regulatory sandboxes has gained traction in the data protection community. Since the UK Information Commissioner’s Office completed its pilot program of regulatory sandboxes in September 2020, two European Data Protection Authorities have created their own sandbox initiatives following the ICO’s framework.…
Continue Reading Regulatory Sandboxes are Gaining Traction with European Data Protection Authorities
CIPL Hosts Webinar on China’s Data Protection Landscape
On February 23, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth hosted a webinar on China’s Data Privacy Landscape and Upcoming Legislation. …
Continue Reading CIPL Hosts Webinar on China’s Data Protection Landscape
Hunton Partner Dora Luo Publishes “China: The Draft PIPL and the GDPR – A Comparative Perspective”
In the February 2021 issue of the “Data Protection Leader,” Hunton partner Dora Luo discusses China’s draft Personal Information Protection Law in the context of other comprehensive data protection frameworks, such as the EU General Data Protection Regulation. This post includes a link to download the full article.…
Continue Reading Hunton Partner Dora Luo Publishes “China: The Draft PIPL and the GDPR – A Comparative Perspective”
Virginia Moves Closer to Be the Second State to Enact Major Privacy Legislation
As we previously reported, significant data privacy bills, titled the Consumer Data Protection Act, are working their way through the Virginia legislature. If enacted, Virginia would be the second state to enact major data privacy legislation of general applicability. …
Continue Reading Virginia Moves Closer to Be the Second State to Enact Major Privacy Legislation
European Commission Publishes Draft UK Data Transfer Adequacy Determination
On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the EU Standard Contractual Clauses, to ensure an adequate level of protection.…
Continue Reading European Commission Publishes Draft UK Data Transfer Adequacy Determination
EDPS Publishes Opinion on Digital Services Act and Digital Markets Act
On February 10, 2021, the European Data Protection Supervisor published two opinions on the European Commission’s proposals for a Digital Services Act and a Digital Markets Act. The two proposals are part of a set of measures announced in the 2020 European Strategy for Data and have two main goals: (1) creating a safer digital space in which the fundamental rights of all users of digital services are protected, and (2) establishing a level playing field to foster innovation, growth and competitiveness in the European Single Market and globally.…
Continue Reading EDPS Publishes Opinion on Digital Services Act and Digital Markets Act
Will Virginia Be the Second State to Enact Major Privacy Legislation?
On February 5, 2021, the state Senate of Virginia voted unanimously to approve Senate Bill 1392, titled the Consumer Data Protection Act, after the House of Delegates approved an identical House bill by an 89-9 vote.…
Continue Reading Will Virginia Be the Second State to Enact Major Privacy Legislation?
CIPL Submits Response to European Commission’s Proposal for a Regulation on European Data Governance
On February 5, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted a response to the European Commission’s public consultation on the Commission’s Proposal for a Regulation on European Data Governance. This proposal is the first set of initiatives announced under the broader European Data Strategy. …
Continue Reading CIPL Submits Response to European Commission’s Proposal for a Regulation on European Data Governance
CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
On January 27, 2021, the French Data Protection Authority announced that it imposed a fine of 150,000 Euros on a data controller, and a fine of 75,000 Euros on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website of the data controller. The CNIL decided not to make its decisions public, thereby not disclosing the name of the companies sanctioned.…
Continue Reading CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing