data

New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

By Maneesha Mithal, Christopher Olsen, Demian Ahn & Rebecca Weitzel Garcia on January 7, 2025

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

New Federal Data Broker Restrictions Signed into Law

By Maneesha Mithal, Joshua Gruenspecht & Libby Weingarten on April 25, 2024

Posted in Cybersecurity, Privacy

The recent omnibus foreign relations package signed by President Biden on April 24, 2024, includes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (the Act), a set of sweeping privacy provisions prohibiting data brokers from sharing sensitive personal information with a broad range of entities that may have ties to Russia, China, Iran, and North Korea. The Federal Trade Commission (FTC) will enforce these prohibitions and have the ability to seek civil penalties for violations. The provision takes effect 60 days after the date of enactment of the Act.Continue Reading New Federal Data Broker Restrictions Signed into Law

EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations

By Yann Padova, Jindrich Kloub, Deirdre Carroll, Laurine Daïnesi Signoret & Michael Kern on July 6, 2023

Posted in Privacy

In a landmark judgment issued on July 4, 2023, the European top court, the Court of Justice (ECJ), ruled that competition authorities in the EU can consider a company’s compliance with the EU’s data protection rules when assessing whether it abused its dominant position. In addition, the ECJ ruled on important General Data Protection Regulation (GDPR) clarifications on the legal bases for personalized advertising.

The judgment sets out how competition agencies should cooperate with data protection agencies when conducting competition investigations involving the consideration of whether a company’s data collection and processing practices comply with EU data protection rules.Continue Reading EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations

UK and U.S. Commit to Establish a “Data Bridge” to Facilitate the Free Flow of Personal Data

By Laura De Boel, Maneesha Mithal, Tom Evans & Matthew Nuding on June 22, 2023

Posted in Cybersecurity, Privacy

On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of personal data between the two countries (the “Data Bridge”).Continue Reading UK and U.S. Commit to Establish a “Data Bridge” to Facilitate the Free Flow of Personal Data

EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations

By Petros Vinis, Deirdre Carroll, Nikolaos Theodorakis, Laura Brodahl, Laurine Daïnesi Signoret & Mia Gal on November 10, 2022

Posted in European Union, Privacy

On September 20, 2022, an adviser to the EU’s top court opined that competition authorities may consider a company’s compliance with the EU’s data protection rules as part of an abuse of dominance investigation.

In…

Data Brokers Must Register with California Attorney General by January 31

By Lydia Parnes, Edward Holman & Megan Kayo on January 7, 2020

Posted in Cybersecurity, Privacy, Regulatory

Given Broad Definitions, the Law Could Apply to Businesses That Do Not Consider Themselves Data Brokers

While amending the California Consumer Privacy Act of 2018 (CCPA) last term, the California legislature also passed a CCPA-related privacy bill that applies to “data brokers.” Assembly Bill 1202 (AB 1202) requires businesses that qualify as data brokers to register, pay a fee, and provide certain information to the California attorney general. Because AB 1202 relies on the CCPA’s broad definitions of “sell” and “personal information,” many businesses that might not otherwise consider themselves to be data brokers may fall within the data broker definition.
Continue Reading Data Brokers Must Register with California Attorney General by January 31

Greece Publishes Draft Legislation for Implementing GDPR

By Nikolaos Theodorakis on August 20, 2019

Posted in European Union, Privacy, Regulatory

On August 12, 2019, the Greek Ministry of Justice published the long-awaited, draft legislation for implementing the General Data Protection Regulation (GDPR). Greece and Slovenia are the only two European Union (EU) countries that have not yet implemented the GDPR.

As an EU regulation, the GDPR has legally taken effect in every EU country, including Greece. In fact, the Greek Supervisory Authority recently imposed a 150,000EUR fine on a company for GDPR violations. However, the GDPR allows EU countries to adopt certain derogations, specifications, and exceptions through their implementing legislation. The draft, inter alia, does this through the following provisions:

Age of Consent

The draft requires that a minor over 15 years old (and up to 18 years old) must consent to the processing of his/her personal data for the processing to be lawful. When a minor is under 15 years old, the minor’s legal guardian must consent.Continue Reading Greece Publishes Draft Legislation for Implementing GDPR

The Data Advisor