On June 19, 2020, the Federal Trade Commission (FTC) submitted to Congress two reports that Congress requested in connection with the spending bill that funds the FTC. One of these reports (the “Resources Report”) describes the resources used and needed by the FTC to protect consumer privacy and security, and the second (the “Authorities Report”) describes the FTC’s use of its existing authorities to protect consumer privacy and security.
Continue Reading FTC Outlines Potential Changes to Enhance Privacy and Security Enforcement Efforts If Given More Resources

On June 2, 2020, the California Attorney General announced that it had submitted the final proposed regulations package for the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The OAL now has 30 working days, plus an additional 60 calendar days under COVID-19-related Executive Order N-40-20, to review the package for compliance with California’s Administrative Procedure Act (APA). If approved by the OAL, the final regulations will then be filed with the California Secretary of State and become enforceable.
Continue Reading CCPA Update: California Attorney General Submits Final Proposed Regulations to OAL

On May 4, 2020, the European Data Protection Board (EDPB) adopted new guidelines (the guidelines) regarding the use of consent as a legal basis for processing personal data under the General Data Protection Regulation (GDPR).[1] The guidelines update and replace the Article 29 Working Party’s April 2018 guidance on the same topic.

The guidelines remain largely unchanged from the earlier version but do provide helpful clarifications on two points: a) the validity of consent when interacting with so-called “cookie walls”; and b) “scrolling” as a means of indicating consent.
Continue Reading EDPB Adopts Updated Consent Guidance

On April 21, 2020, the European Data Protection Board (EDPB) published two sets of guidelines addressing data processing in the context of the COVID-19 pandemic. These guidelines address the use of location data and contact tracing tools to combat the spread of COVID-19 and the use of health data for the purposes of scientific research into COVID-19 (together, the guidelines).

Since March 2020, the EDPB and the European Commission (EC) have been active in addressing the use of data to combat the COVID-19 pandemic. The EC released its recommendation regarding contact tracing apps and the use of mobility data on April 8, while the EDPB issued a letter on April 14 addressing the same issue. The EC then published specific guidance regarding the use of COVID-19 mobile apps. In these most recent guidelines, the EDBP further elaborates on the signposts provided in its earlier letter and provides specific guidance on the deployment of contact tracing apps as well as the re-use of information for scientific research purposes.
Continue Reading EDPB Publishes Guidelines on COVID-19 Related Data Usage

On April 16, 2020, the European Commission (EC) published guidance (guidance) regarding mobile applications developed to combat the spread of the COVID-19 pandemic (COVID-19 mobile apps). As previously mentioned in our blog posts, the guidance follows the EC recommendation last week on the same topic, and takes into account a prior consultation with the European Data Protection Board (EDPB).

The guidance expands on the legal bases for data processing identified in the EC’s consultation with the EDPB and highlights key data protection requirements for certain COVID-19 mobile apps.
Continue Reading The European Commission Publishes Guidance on COVID-19 Mobile Apps

On April 14, 2020, the European Data Protection Board (the EDPB) published a letter in response to the European Commission’s call for consultation (the letter) regarding its recommendation on the use of mobile applications and location data to fight the COVID-19 outbreak.

As previously reported in our blog post, the European Commission’s recommendation sets out a “toolbox” of measures to be implemented across EU member states to address the use of technology in combating the spread of the COVID-19 pandemic. In its letter, the EDPB sets forth data privacy and information security measures that app developers should consider when developing mobile applications to inform individuals or monitor infected persons (COVID-19 mobile apps).
Continue Reading The EDPB Responds to the European Commission’s Recommendation on COVID-19 Mobile Apps