On April 12, 2019, Senator Edward J. Markey (MA) introduced the Privacy Bill of Rights Act, comprehensive privacy legislation intended to protect individuals’ “personal information,” defined as “information that directly or indirectly identifies, relates to, describes, is capable of being associated with, or could reasonably be linked to, a particular individual.”
Continue Reading
Personal Data
CNIL Launches Public Consultation on Draft Standards on HR Data Processing and Whistleblowing Hotlines
Posted on
On April 11, 2019, the French Data Protection Authority launched an online public consultation regarding two new CNIL draft standards concerning the processing of personal data for (1) core HR management purposes and (2) the operation of a whistleblowing hotline.…
Continue Reading
Nigeria Issues New Data Protection Regulation
Posted on
Nigeria’s National Information Technology Development Agency recently issued the Nigeria Data Protection Regulation 2019. This blog entry provides key elements of the Regulation.…
Continue Reading
Utah Governor Signs Electronic Data Privacy Bill Requiring Warrants to Access Certain Types of Data
Posted on
Posted in Online Privacy, U.S. State Law
On March 27, 2019, Utah Governor Gary Herbert signed HB57, the first U.S. law to protect electronic information that individuals have shared with certain third parties.…
Continue Reading
Thailand’s National Legislative Assembly Passes Data Protection Law
Posted on
Posted in Information Security, International
On February 28, 2019, Thailand’s National Legislative Assembly finally approved and endorsed the draft Personal Data Protection Act, which will now be submitted for royal endorsement and subsequent publication in the Government Gazette. Publication is anticipated to occur within the next few weeks.…
Continue Reading
Advocate General Finds Search Engine Operators May Limit the Scope of Right to Be Forgotten to the EU
Posted on
Posted in European Union, International
On January 10, 2018, Advocate General Szpunar of the Court of Justice of the European Union issued an Opinion in the case of Google v. CNIL, which is currently pending before the CJEU. In its Opinion, the Advocate General provided his views concerning the territorial scope of the right to be forgotten under the EU Data Protection Directive.…
Continue Reading
CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers
Posted on
On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers. The guidance focused, in particular, on such a scenario in the context of the EU General Data Protection Regulation (“GDPR”). The CNIL guidance sets forth the 5 following conditions:…
Continue Reading
CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach
Posted on
On December 20, 2018, the CNIL announced that it imposed a fine of €400,000 on Uber France SAS for failure to implement some basic security measures which resulted in the 2016 Uber data breach.…
Continue Reading
Argentina DPA Issues Guidelines on Binding Corporate Rules
Posted on
Posted in Information Security, International
The Agency of Access to Public Information (Agencia de Acceso a la Información Pública) has approved a set of guidelines for Binding Corporate Rules as a mechanism that multinational companies may use to enable the international transfer of personal data to their affiliates located in countries whose protection of personal data has not been deemed adequate by the AAIP.…
Continue Reading
Serbia Enacts New Data Protection Law
Posted on
On November 9, 2018, Serbia’s National Assembly enacted a new data protection law. The Personal Data Protection Law, which becomes effective on August 21, 2019, is modeled after the EU General Data Protection Regulation. …
Continue Reading