Tag Archives: data security

FTC Amends Safeguard Rule with Requirement for Non-Banking Financial Institutions to Report Data Security Breaches

On October 27, 2023, the Federal Trade Commission (FTC) announced it is amending the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) to include a requirement for non-bank financial institutions to report certain data breaches and other security events to the agency.… Continue Reading

California AG Targets Mobile Apps for Failing to Honor or Provide Mechanism for Opt-Out Requests

On January 27, 2023, the California Attorney General (California AG) Rob Bonta announced an “investigative sweep” of mobile apps in retail, travel, and food service industries for failing to provide a mechanism for—or honor—consumers’ opt-out requests to stop selling their data under the California Consumer Privacy Act (CCPA). According to the California AG’s tweet, the … Continue Reading

Fintech and Financial Privacy: Regulatory Developments on the Use of Financial Data

So you’re a fintech startup, buying a fintech company, or expanding the technical capabilities of your financial business. Or you’re a tech company that is getting into the payments space. Where do you start when it comes to figuring out what consumer protection laws apply to you? You should be aware that, for the past … Continue Reading

Lloyd v. Google: UK Supreme Court Rejects Data Protection Class Action in Landmark Ruling

On November 10, 2021, the UK Supreme Court ruled[1] that class representatives in data privacy class action suits need to prove damage or distress suffered to be successful. Compensation cannot be granted simply by virtue of proving that a company violated the law. The case was heard under the UK’s pre-2018 data protection law, but … Continue Reading

EDPB Publishes Guidelines on COVID-19 Related Data Usage

On April 21, 2020, the European Data Protection Board (EDPB) published two sets of guidelines addressing data processing in the context of the COVID-19 pandemic. These guidelines address the use of location data and contact tracing tools to combat the spread of COVID-19 and the use of health data for the purposes of scientific research into COVID-19 (together, the … Continue Reading

CCPA Update: California Attorney General Issues Modifications to Proposed CCPA Regulations

Updates to Compliance Likely Required On February 10, 2020, the California Attorney General issued the proposed text of modified regulations implementing the California Consumer Privacy Act (CCPA). This draft is a correction of a version that the California Attorney General issued on February 7, 2020. While the California Attorney General previously indicated that major changes to the … Continue Reading

CJEU Advocate General Confirms Validity of EU Data Transfer Tools

On December 19, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued his opinion in Schrems II[1] (the opinion). Wilson Sonsini previously covered the key points of the opinion in our Alert of December 20 and now provides a more detailed analysis in this … Continue Reading

Proposed CCPA Regulations: Clarity or Confusion?

On October 10, 2019, the California Attorney General’s office issued the proposed text of its California Consumer Privacy Act (CCPA) regulations (the Regulations). The Regulations propose detailed rules regarding required notices for consumers, business practices for handling consumer requests, verification of requests, special rules regarding minors, and non-discrimination. Accompanying the Regulations are the Attorney General’s … Continue Reading

Greece Publishes Draft Legislation for Implementing GDPR

On August 12, 2019, the Greek Ministry of Justice published the long-awaited, draft legislation for implementing the General Data Protection Regulation (GDPR). Greece and Slovenia are the only two European Union (EU) countries that have not yet implemented the GDPR. As an EU regulation, the GDPR has legally taken effect in every EU country, including … Continue Reading

Website Operator Jointly Liable for Data Collection and Transmission Through Facebook “Like” Button

On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through social media buttons and other embedded plugins. Although the ECJ found the operator and plugin provider to be jointly liable, the court placed the … Continue Reading

The CNIL Announces Its 2019-2020 Action Plan on Ad Targeting

On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan);1 among other things, the CNIL announced that it will issue new cookie guidance later this month and that, once the guidance is published, companies will have a 12-month grace period to come into compliance. Background … Continue Reading

The ICO Publishes Its Stance on Adtech and Real-Time Bidding

On June 20, 2019, the UK’s Data Protection Authority (ICO) published a report on adtech and real-time bidding. The report highlights the main problems faced by the industry when applying the General Data Protection Regulation’s (GDPR’s) stringent requirements, and calls for further engagement on these issues by the different adtech players in the space. Background … Continue Reading

Federal Court Allows Children’s Online Privacy Claims Against Disney, Viacom, and Online Ad Networks That Collected Data from Gaming Apps to Go Forward

On May 22, 2019, a federal district court largely denied a facial challenge by Disney, Viacom, and several online advertising networks to claims alleging these defendants violated the privacy rights of children by collecting data through online gaming apps. In McDonald v. Kiloo APS,[1] the defendants consisted of two groups: the developers who created the … Continue Reading

WSGR Event Recap: Online Advertising and Privacy—An Overview of Global Legal Developments

On May 22, 2019, WSGR and the Future of Privacy Forum (FPF) co-hosted an event focusing on advertising technology and how to overcome the challenges of complying with evolving global privacy requirements. Jules Polonetsky from FPF opened the program, focusing on the evolution of online advertising, from contextual to programmatic behavioral advertising. WSGR attorneys Lydia … Continue Reading

WSGR Event Recap: The State of Play in European Data Protection Law

On May 1, 2019, WSGR convened a panel of regulators and experts to discuss recent developments in European data protection law. The panel, moderated by Cédric Burton, featured Bruno Gencarelli, head of the International Data Flows and Protection Unit of the European Commission, Isabelle Vereecken, head of the Secretariat of the European Data Protection Board … Continue Reading

Belgian Data Protection Authority Is Up and Running

On April 25, 2019, the new chairman and the four directors of the new Belgian data protection authority were sworn in before the Belgian Parliament. This marks a new era for data protection law in Belgium. Background Following the effective date of the General Data Protection Regulation (GDPR) on May 25, 2018, the Belgian Privacy … Continue Reading

The French Data Protection Authority Announces Stricter Enforcement

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda. The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR … Continue Reading

New Colorado Law Takes Effect That Includes Strict 30-Day Data Breach Notification Requirement

On September 1, 2018, a new Colorado law took effect that, among other things, amends the state’s data breach law to: (1) expand the scope of the categories of “personal information” that trigger notification requirements; (2) require notification to residents and the state attorney general no more than 30 days after determining that a security … Continue Reading
LexBlog