The German Datenschutzkonferenz (DSK), the joint body of the German data protection authorities, has just published the model which it intends to use to calculate fines pursuant to Article 83 of the GDPR.
October 2019
California Governor signs all 5 CCPA amendments
On Friday, October 11, 2019, the California Governor signed all five of the California Consumer Privacy Act amendments that were awaiting his signature (AB 25, 874, 1146, 1355, and 1564) as well as an amendment to California’s data breach law (AB 1130). We had previously written about the impact on CCPA if all five amendments went into effect here.
Mic Drop: California AG releases long-awaited CCPA Rulemaking
On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA).
The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with groundbreaking new rights on the use of their personal information” and added, “It’s time we had control over the use of our personal data.”
First Data Access Agreement under the CLOUD Act signed by UK and US
On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement) under the US Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) and the UK Crime (Overseas Production Orders) Act 2019.
No surprises in the recent Planet49 European Court of Justice judgment
On 1 October 2019, the European Court of Justice (ECJ) delivered its judgement on Case C – 673/17 (the “Planet49” case), which relates to the consent and transparency requirements for the use of cookies and similar technologies. The ECJ largely followed the March 2019 Opinion of Advocate General Szpunar and the judgment is generally consistent with the recent regulatory guidance issued by the UK and French data protection authorities in this area.
The right to be forgotten: the CJEU sides with Google in two landmark cases
On 24 September 2019 the Court of Justice of the European Union (CJEU) gave two judgments (Cases C-507/17 and C-136/17) ruling that: (i) de-referencing by Google should be limited to EU Member States’ versions of its…
Bank of England cyber resilience exercise
BoE publish high level findings of the financial sector (“sector”) cyber simulation exercise.
New York’s Breach Law Amendments and New Security Requirements
Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y.…
Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers
On September 23, the Office of the Privacy Commissioner of Canada (OPC) announced, following consultation with stakeholders, that it will maintain the position set out in its 2009 guidelines that an organization’s transfer of personal information to…