Don’t Forget to Use the New SCCs to Transfer EU Personal Data as of September 27, 2021

Photo of Laura De BoelPhoto of Rossana FolPhoto of Cédric BurtonBy Laura De Boel, Rossana Fol and Cédric Burton on Posted in Cybersecurity, Privacy, Regulatory

As of September 27, 2021, companies relying on Standard Contractual Clauses (SCCs) to transfer personal data outside the European Union (EU) must use the new Standard Contractual Clauses (New SCCs) when signing data processing agreements. As a result, it is time to update template data processing agreements to ensure that your company can meet this deadline. Continue Reading

CJEU Confirms Exceptions to One-Stop-Shop Mechanism Under the GDPR

Photo of Jan DhontPhoto of Nikolaos TheodorakisBy Jan Dhont, Nikolaos Theodorakis and Joanna Juzak on Posted in European Union, Privacy

On June 15, 2021, the Court of Justice of the European Union (CJEU) confirmed[1] that non-leading supervisory authorities (SAs) can initiate national judicial proceedings concerning cross-border data processing in two circumstances:[2] i) where there is an “urgent need” to act, or ii) if the case has a local impact. Continue Reading

California Attorney General Mandates CCPA-Covered Businesses Honor the Global Privacy Control and Announces Update on CCPA Enforcement Activity

Photo of Edward HolmanPhoto of Tracy ShapiroBy Edward Holman and Tracy Shapiro on Posted in Privacy

Recently, the Office of the Attorney General of California announced three major updates that 1) added to the California Consumer Privacy Act’s (CCPA) opt-out rules related to the sale of personal information, 2) made it easier for consumers to participate in enforcing the CCPA, and 3) unveiled other focus areas of CCPA enforcement activities. Continue Reading

No Harm, No Foul: Supreme Court Narrows Article III Standing to Require That All Class Members Suffer a Concrete Injury in Fact

Photo of Allison BenderPhoto of Edward HolmanBy Allison Bender and Edward Holman on Posted in Privacy

Overview

On June 25, 2021, the U.S. Supreme Court decided TransUnion v. Ramirez, which held that even when a statute has been violated, and that statute provided a private right of action, plaintiffs still need a concrete injury in fact to have standing to bring a lawsuit in federal court. In this case, the statutory framework at issue is the Fair Credit Reporting Act (FCRA). Though this case arises in the context of the FCRA, its outcome is likely to have a sweeping impact on many areas of class action litigation where the concreteness of injury is at issue, such as data breach litigation. Continue Reading

Colorado Becomes Third State to Pass New General Privacy Law

Photo of Edward HolmanPhoto of Amanda IrwinBy Edward Holman and Amanda Irwin on Posted in Uncategorized

Colorado may soon enter the national stage for its new privacy legislation. On June 8, 2021, Colorado’s legislature passed the Colorado Privacy Act (SB21-190) (ColoPA). The bill was recently sent to the Colorado governor’s desk, where he will have until July 8 to sign or veto the bill, otherwise it will become law without his signature. If Governor Jared Polis signs the bill or does not act on it (and assuming the act is not put to a referendum), Colorado will become the third U.S. state to enact comprehensive privacy legislation, after California and Virginia. Continue Reading

Belgian DPA Approves Code of Conduct for the Cloud Industry

Photo of Jan DhontPhoto of Carol EvrardBy Jan Dhont, Carol Evrard and Joanna Juzak on Posted in Privacy, Regulatory

On May 20, 2021, the Belgian Supervisory Authority (Belgian SA) approved the EU Cloud Code of Conduct (EU Cloud CoC).[1] This is the first time that a Supervisory Authority has approved a transnational, industry-wide code of conduct under the General Data Protection Regulation (GDPR).[2] Cloud service providers (CSPs) will be able to rely on their adherence to the code to demonstrate compliance with the GDPR as a data processor. Although the EU Cloud CoC does not yet qualify as an appropriate safeguard for international data transfers, a separate module is currently under discussion and should, when adopted, accommodate such transfers. Continue Reading

LexBlog

We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree