Topic: Privacy law

CPRA Rulemaking Delayed – California Privacy Protection Agency Meets and Previews CPRA Rulemaking Timeline

On February 17, 2022 the California Privacy Protection Agency’s Board (“Board”) met to discuss their progress launching the new agency. They also shared their projected timeline for rulemaking. The California Privacy Protection Agency (CPPA) is the new agency charged with enforcing the California Privacy Rights Act (CPRA). The big news is that the Board … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

By Steve Roosa (US), Christoph Ritzer (DE), Nadège Martin (FR), Jurriaan Jansen, Daniel Rosenzweig (US), Naomi Schuitema, Natalia Filkina (DE) and Barbara Ghebali (FR) on February 14, 2022 Posted in Cybersecurity, NT Analyzer Blog Series, Privacy law

European rulings on the use of Google Analytics and how it may affect your business

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

Illinois Supreme Court Rules that Compensation Act is not a bar to BIPA Damages

By David Kessler (US), Anna Rudawski (US) and Alexis Wilpon (US) on February 10, 2022 Posted in Compliance and risk management, Dispute resolution and litigation, Privacy law

Illinois’ Biometric Information Privacy Act (“BIPA”) is considered the most comprehensive law governing the processing of biometric data. Passed in 2008, BIPA sets out requirements for private entities, including employers, that collect, use, store, and share biometric information. It’s also one of the most popular class action suits today – hundreds, if not thousands of … Continue reading

Privacy in a Parallel Digital Universe: The Metaverse

By Imran Ahmad (CA) and Tiana Corovic (CA) on January 25, 2022 Posted in General, Metaverse, PIPEDA, Privacy law

Data Protection Report - Norton Rose Fulbright

For many years, the immersive three-dimensional digital world has been left to the cinematic experience. However, the emergence of the metaverse presents an opportunity to translate everyday activities – working, attending a concert, travelling, shopping, socializing – into a parallel digital universe. The metaverse is an abstract concept that uses a digital environment to permeate … Continue reading

Privacy legislation reform: Bill 64 has now been passed

By Imran Ahmad (CA), Veronique Barry (CA) and Jeremie Wyatt (CA) on November 17, 2021 Posted in Compliance and risk management, Cybersecurity, Privacy law

Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

Notice of employer electronic monitoring

By David Kessler (US), Susan Ross (US) and Laura Hunt (US) on November 17, 2021 Posted in Privacy law

On November 8, 2021, New York became the third state to require private employers to provide employees with notice of employer monitoring of phone, email, and internet access/usage. New York’s new law (SB 2628) goes into effect on May 7, 2022. New York joins Connecticut and Delaware, whose laws are already in effect. Unfortunately for … Continue reading

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

By Wilson Ang, Anna Gamvros, Jeremy Lua (SG) and Edward Yau (HK) on November 2, 2021 Posted in Dispute resolution and litigation, General, PDPA, Privacy law

The Singapore High Court and the Hong Kong District Court have both considered the right to compensation for injury to feelings in two recent cases involving misuse of personal data but arrived at different conclusions. Singapore: In Bellingham, Alex v. Reed, Michael, Mr. Bellingham obtained the email addresses of his former employers’ customers without their … Continue reading

Hong Kong: Bill to combat doxxing acts passed

By Edward Yau (HK) and Anna Gamvros on October 7, 2021 Posted in Cybercrime, Cybersecurity, Privacy law

The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) aimed at combatting doxxing in Hong Kong was passed on 29 September 2021. As discussed in our earlier post, the Bill amends the Personal Data (Privacy) Ordinance (PDPO) by: introducing offences to criminalize doxxing acts; empowering the Privacy Commissioner for Personal Data (the Commissioner) to conduct … Continue reading

The UK Government unveils its post-Brexit plans to shake up data protection laws

By Lara White (UK), Marcus Evans (UK) and Isabella Martinez-Sistac Orozco on August 27, 2021 Posted in General, Privacy law, Regulatory response

On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading

Ontario moves towards introducing new privacy law

By Imran Ahmad (CA) and Liana Di Giorgio (CA) on August 24, 2021 Posted in General, PHIPA, PIPEDA, Privacy law

Given global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy … Continue reading