As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. While this preparation is
Compliance and risk management
Maybe This Time : Federal Government Proposes the American Data Privacy and Protection Act
On Friday, June 3, 2022, the Senate and House released a draft of the American Data Privacy and Protection Act, (ADPPA), a watershed privacy bill that would introduce a federal standard. Currently, a hodgepodge of industry-specific and state…
Another fine for over-retention of data


A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data for longer than it was needed. The first regulator was the French data protection authority, the CNIL, in 2021, which we wrote about here. The second regulator was the New York Attorney General in January of 2022, which we described here. And the third is the U.S. Federal Trade Commission, which issued a proposed consent with the current and former owners of CafePress on March 15.
CPRA Rulemaking Delayed – California Privacy Protection Agency Meets and Previews CPRA Rulemaking Timeline


On February 17, 2022 the California Privacy Protection Agency’s Board (“Board”) met to discuss their progress launching the new agency. They also shared their projected timeline for rulemaking. The California Privacy Protection Agency (CPPA) is the new agency charged with …
Rejecting cookies should be as easy as accepting cookies: new sanctions by the French authority (CNIL)

The French Data Protection Authority (the “CNIL”) continues its campaign against companies that do not respect the rules relating to cookies and other trackers, which the CNIL has previously reminded the market about in multiple communications and decisions.…
Belgian DPA fines IAB Europe over its consent framework’s GDPR violations


On 2 February 2022, the Belgian Data Protection Authority (the BDPA) fined IAB Europe for various infringements in relation to the IAB Transparency and Consent Framework. This decision could have a huge impact on the majority of players in…
Illinois Supreme Court Rules that Compensation Act is not a bar to BIPA Damages
Illinois’ Biometric Information Privacy Act (“BIPA”) is considered the most comprehensive law governing the processing of biometric data. Passed in 2008, BIPA sets out requirements for private entities, including employers, that collect, use, store, and share biometric information. It’s also one of the most popular class action suits today – hundreds, if not thousands of cases have been filed in recent years – and there is no sign that the litigation is slowing down.
Privacy legislation reform: Bill 64 has now been passed
Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes:
- increased obligations for enterprises that collect or otherwise process personal information,
- the
…
Apple iOS 15’s new privacy features that industries should know
Apple recently released the latest version of its iPhone operating system, iOS 15. While iOS 15 currently has only a 15% adoption rate, the new operating system brings a slew of new features that are privacy-specific and can…
UK Government sets out proposals to shake up UK data protection laws


On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The deadline for responding to the consultation is 19 November 2021.
In August, the Government announced that it intended…