Compliance

Max Schrems, through his organisation, ‘My Privacy is None of your Business’ (“noyb.eu”) has issued an open letter to U.S. and EU officials about the announcement of an ‘agreement in principle’ for a new Trans-Atlantic Data Privacy Framework (“letter”). The letter coincides with a visit to Washington, D.C. by a delegation of several members of the…

Today Commission President Ursula von der Leyen and President Biden have announced an “agreement in principle” on a new EU-US data sharing system. Factsheet by the European Commission Factsheet by the White House Some facts upfront: There is only a political announcement, not a text that can be analyzed. As…

U.S. President Joe Biden and European Commission President Ursula von der Leyen just secured a political agreement to keep data flowing between the European Union and the United States. But with EU and U.S. negotiators still hammering out details on the new transatlantic data pact — and legal challenges expected once the…

The Georgia Senate recently introduced an omnibus privacy bill modeled after (but significantly broader than) California’s Consumer Privacy Act (“CCPA”), titled the Georgia Computer Data Privacy Act (“GCDPA”).  The introduction of the GCDPA is surprising in a number of ways, including its sponsorship by Republican leadership.  It is also notable…

Google Analytics provides statistics on website traffic. After receiving complaints from the NOYB association, the CNIL, in cooperation with its European counterparts, analysed the conditions under which the data collected through this service is transferred to the United States. The CNIL considers that these transfers are illegal and orders a…

The European Data Protection Board has issued draft guidelines on subject access requests. Most of the guidance is sensible but there are some unpleasant surprises, including the assertion there is no proportionality limit on the effort needed to respond to a request. Subject access requests Subject access requests (DSARs) are…

Privacy Impact Assessments (PIAs) have not changed dramatically over the past 20 years or so, or at least the approach to them hasn’t. Whether the starting point is in a Word or Excel template or [one hopes] by using actual technology to support the process, a PIA involves a group…

Since the inception of GDPR, millions of companies around the globe are racing to implement data privacy programs to demonstrate compliance to regulators, and keep up with the on-going demand of privacy requirements from their customers. Consumers and laws are demanding companies understand how personal data is handled, and where…

98% of the participants in an Anonos Schrems II webinar held on 13 January, involving 2000+ executives representing 1700+ companies from 50+ countries, expressed concern about the risks associated with cloud-based processing of cleartext EU data and remote access to EU data for business purposes. In follow-up meetings and discussions with representatives…

Many organizations have spent substantial resources to ensure internal compliance with GDPR and will spend even more to comply with the CCPA in the coming year. According to an economic impact study commissioned by the California Department of Finance, the initial costs to American businesses could exceed $55 billion, with some…