GDPR

Today at a panel before the International Association of Privacy Professionals (“IAPP”) – Europe Data Protection Congress in Brussels, leading European Union (“EU”) data protection authority commissioners cast doubt on the notion that there could ever be a lawful basis for targeted advertising based on behavioral profiling, referred to often as interest-based advertising (“IBA”).Continue Reading Privacy Challenges for Digital Advertising, Particularly in Europe

We are pleased to announce that Alan Friel and Julia Jacobson will be speaking in an upcoming Strafford live video webinar, Consumer Data Transfers Under New Privacy Laws: Contracting Requirements; Due Diligence; Vendor Management, Best Practices for Drafting and Modifying Documents to Ensure Continued Compliance With Ever-Evolving Privacy Laws on Tuesday, October 10, 2023 from

Until late August 2023, California’s data protection law, the California Consumer Privacy Act, or “CCPA,” only provided for future rulemaking on automated decision-making, including profiling, on risk assessments, and on cybersecurity audits. However, during a board meeting it held this past Friday, September 8th, the California Privacy Protection Agency (“CPPA” or “Agency”), which shares enforcement authority of the CCPA with the California Attorney General, discussed a new set of draft regulations (“Regs”) it released for Agency discussion purposes in late August 2023. While not yet part of the official rulemaking, the draft and the discussions around it provides direction on its upcoming rulemaking on these topics. We will refer to the draft and related commentary as the “Roadmap.” Most notably, the Roadmap proposes that condensed versions of assessments and audits completed by businesses pursuant to their CCPA obligations be filed with the CPPA and sets forth detailed obligations surrounding such assessments and audits. The implication of this is that it may become obvious to the Agency which companies are or are not conducting assessments or audits and thus complying with their CCPA obligations. It may also provide the Agency an easily accessible way to review the evaluate businesses’ practices, especially with regard to higher risk processing activities. Furthermore, the Agency’s Roadmap suggests assessment requirements that not only incorporate, but exceed, what is required in the Colorado regulations, including risk / harm assessments of any monitoring of personnel or students, or monitoring of consumers in public places. We will be co-hosting a webinar with Ankura to take a deeper dive into what companies should be doing regarding assessments and audits. Register here to join us on October 18 to learn more.Continue Reading California’s Potential Approach to Regulations on Risk Assessments and Cybersecurity Audits Could Be a Game Changer

The French National Commission on Informatics and Liberty (CNIL) – the French data-protection authority – finally updated its standard of best practice on whistleblowing in July 2023, to accompany the significant changes introduced to the whistleblower protection regulation in the second half of 2022.Continue Reading The French CNIL’s New Guidance on Whistleblowing

The UK’s Data Protection and Digital information (No 2) Bill (the Bill) would remove the need for many organisations to appoint a Data Protection Officer. Instead, there would be an obligation on (i) public sector bodies, and (ii) organisations whose processing of personal data is likely to result in a “high risk” to the rights and freedoms of individuals to appoint a “Senior Responsible Individual” (SRI). Although presented as a measure to reduce administrative burdens and compliance costs, the requirement could have the opposite effect, also creating a role that carries significant personal risk for anyone willing to take it on.
Continue Reading UK Data Protection Reform: who would want to be a “Senior Responsible Individual”?

The French government has decided to act in the fight against the resurgence of cyberattacks, together with ransom demands, which have a significant impact on the economy. By anticipating the development of the cyber risk insurance market in France, the French government has decided to make the payment of insurance compensation conditional on the filing

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

BREAKING: Illinois Supreme Court Determines BIPA Claims Accrue Individually With Each Violation | Privacy World

New 2023 Legislative Proposals Could

The start of a new year always brings New Year’s resolutions. If privacy by design is one of yours (just months after the Irish watchdog announced a €265 million fine for a breach of this concept, it seems reasonable to have it on your radar), 2023 is off to a good start with a new

In a decision on October 27, 2022, the European Court of Justice has clarified the operators’ obligations regarding consent and the right to object in relation to public directories and information services.

Legal Context

The ePrivacy Directive contains several provisions relating to public directories and information services of telecommunications operators.

In particular, EU Member States

More than 10 Squire Patton Boggs European Data Privacy, Cybersecurity and Digital lawyers attended last week’s Brussels Data Protection Congress.

At the congress, Counsel Diletta De Cicco participated in a panel with journalists Luca Bertuzzi from Euractiv and Vincent Manancourt from POLITICO. They explored the topic: Is the Press the (Best) GDPR Enforcer? The discussion