On October 6, 2020, the Court of Justice of the European Union handed down Grand Chamber judgments determining that the ePrivacy Directive does not allow for EU Member States to adopt legislation intended to restrict the scope of its confidentiality obligations unless they comply with the general principles of EU law.
Continue Reading CJEU Restricts Indiscriminate Access to Electronic Communications for National Security Purposes

On October 1, 2020, the UK Information Commissioner’s Office launched a public consultation on its draft Statutory Guidance, which provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.
Continue Reading ICO Launches Consultation on Its Draft Statutory Guidance

On September 25, 2020, the District Court of New Mexico granted Google’s motion to dismiss a suit filed by New Mexico Attorney General Hector Balderas alleging, among other claims, that the company violated the federal Children’s Online Privacy Protection Act by using G Suite for Education to “spy on New Mexico students’ online activities for its own commercial purposes, without notice to parents and without attempting to obtain parental consent.”
Continue Reading New Mexico AG Suit Against Google Regarding Alleged Violations of COPPA Dismissed

On September 8, 2020, AB-1138, the Parent’s Accountability and Child Protection Act, was enrolled and presented to the California Governor for signature. If signed into law by the Governor, the bill would require a business that operates a social media website or application, beginning July 1, 2021, to obtain verifiable parental consent for California-based children the business “actually knows” is under 13 years of age.
Continue Reading California Legislature Passes Bill Requiring Social Media Companies to Obtain Parental Consent for California-based Children Under 13

The Centre for Information Policy Leadership at Hunton and the Data Security Council of India have published a report on “Enabling Accountable Data Transfers from India to the United States under India’s Proposed Personal Data Protection Bill,” which highlights the importance of continued flows of data between India and the U.S. following the expected passage of new comprehensive data protection legislation in India.
Continue Reading CIPL and DSCI Publish Report on Enabling U.S.-India Data Transfers

On September 1, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth and the Centro de Direito, Internet e Sociedade of Instituto Brasiliense de Direito Público released a new paper on the “Top Priorities for Public and Private Organizations to Effectively Implement the New Brazilian General Data Protection Law.” This blog entry highlights the 12 priorities that organizations subject to the LGPD should consider to effectively implement the law.
Continue Reading CIPL Releases Paper on Top Priorities for Implementation of the Brazil LGPD