Compliance

The California Consumer Privacy Act (“CCPA”) became effective on January 1, 2020; the first true comprehensive data privacy law in the United States. Though enforcement started in July, many companies are still struggling to implement a CCPA-compliant framework. As part of that process, public companies subject to the law should consider whether…

The Irish High Court has granted leave for a “Judicial Review” against the Irish Data Protection Commission (DPC) today. The legal action by noyb aims to swiftly implement the European Court of Justice Decision prohibiting Facebook’s EU-US data transfers. 7 Years and 5 Judgments, but no DPC decision. In 2013 Mr Schrems…

The issue of individual redress has bedeviled negotiations between the European Union and the United States for more than two decades. Three adequacy deals—the Passenger Name Record (PNR) Agreement, Schrems I and Schrems II—have now unraveled because the European Court of Justice (CJEU) insists on an effective judicial remedy and…

A flagship framework for gathering Internet users’ consent for targeting with behavioral ads — which is designed by ad industry body, the IAB Europe — fails to meet the required legal standards of data protection, according to findings by its EU data supervisor. The Belgian DPA’s investigation follows complaints against…

You may have heard about the Notesolution Inc’ s undertaking with the CRTC to come into compliance with CASL announced Sept 21, 2020. We were curious why CRTC attached a monetary penalty of $100,000 – admittedly a stiff fine during a period that sees few fines under this law. This…

Last week, California’s Attorney General Xavier Becerra testified before the U.S. Senate Committee on Commerce, Science, and Transportation in a hearing entitled, “Revisiting the Need for Data Privacy Legislation”. Becerra’s testimony included a request that the Senate not preempt the California Consumer Privacy Act (“CCPA”) by passing a federal data privacy law. A new…

More than half of enterprises have no intention of ceasing or reducing their reliance on US-based or non-European Economic Area (EEA) data processors despite the Schrems II ruling, a survey conducted by legal experts at Fieldfisher has found. Of the 138 anonymous responses received from enterprises, about 75% indicated that half or…

Following a year of uncertainty regarding the date of implementation, Brazil’s General Data Protection Law has officially come into effect. Although Brazil is no stranger to sectoral privacy laws and already had more than 40 laws and norms at the federal level, the LGPD is the country’s first law to provide a…

The unexpected Schrems II decision was a major blow to digital trade across the Atlantic, invalidating the EU-US Privacy Shield agreement and forcing companies to very quickly revamp their data handling processes. There was some question as to whether this ruling would extend to the similar Switzerland-US Privacy Shield agreement,…

Facebook has significant concerns about its ability to deliver its services to its 400 million European users over the Data Protection Commissioner’s decision regarding the transfer of data to the social media giant’s US parent, the High Court has heard. Late last month the Data Protection Commissioner (DPC) informed Facebook…