On April 12, 2019, Senator Edward J. Markey (MA) introduced the Privacy Bill of Rights Act, comprehensive privacy legislation intended to protect individuals’ “personal information,” defined as “information that directly or indirectly identifies, relates to, describes, is capable of being associated with, or could reasonably be linked to, a particular individual.”
Continue Reading

On January 10, 2019, Advocate General Szpunar of the Court of Justice of the European Union issued an Opinion in the case of Google v. CNIL, which is currently pending before the CJEU. In its Opinion, the Advocate General provided his views concerning the territorial scope of the right to be forgotten under the EU Data Protection Directive.
Continue Reading

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers. The guidance focused, in particular, on such a scenario in the context of the EU General Data Protection Regulation (“GDPR”). The CNIL guidance sets forth the 5 following conditions:
Continue Reading

The Agency of Access to Public Information (Agencia de Acceso a la Información Pública) has approved a set of guidelines for Binding Corporate Rules as a mechanism that multinational companies may use to enable the international transfer of personal data to their affiliates located in countries whose protection of personal data has not been deemed adequate by the AAIP.
Continue Reading