Topic: Privacy law

Subscribe to Privacy law RSS feed

FTC Signals Additional Scrutiny for Data Breaches

Photo of Anna Rudawski (US)Photo of Chris Cwalina (US)By Anna Rudawski (US) and Chris Cwalina (US) on Posted in Cybersecurity, Data breach, Privacy law, Ransomware, Regulatory response
On May 20, 2022, the Federal Trade Commission (FTC) stated that failure to disclose a data breach may be a violation of Section 5 of the FTC Act.  Historically, the FTC has not been explicit about its notification expectations, but in blog post published by the FTC’s CTO and Division of Privacy and Identity Protection, … Continue reading

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

Photo of Tiana Corovic (CA)Photo of Imran Ahmad (CA)Photo of John Cassell (CA)Photo of Katarina DukeBy Tiana Corovic (CA), Imran Ahmad (CA), John Cassell (CA), Katarina Duke and Admin on Posted in PIPEDA, Privacy law
Data Protection Report - Norton Rose FulbrightOn May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is  meant to act as a consolidated guide based on jurisprudence, regulatory findings, … Continue reading

Essential guidance for employers on COVID-19 measures at the workplace from 26 April 2022

Photo of Wilson AngPhoto of Jeremy Lua (SG)By Wilson Ang, Jeremy Lua (SG) and Wang Chen Yan on Posted in PDPA, Privacy law
As Singapore takes its next step towards living with COVID-19, the Ministry of Manpower (“MOM”), the Singapore National Employers Federation (SNEF) and the National Trades Union Congress (NTUC) (collectively, the “Tripartite Partners”) have issued a revised set of guidelines for employers on the COVID-19 measures to be implemented at the workplace applicable from 26 April … Continue reading

“Dark patterns?” EDPB draft guidance sets out its expectations on subliminal privacy eroding practices

By Polina Maloshchinskaia on Posted in Privacy law
Norton Rose Fulbright - Data Protection Report blogThe EDPB has published draft guidance on “dark patterns” in social media (the Guidelines) for consultation. The Guidelines consider in detail common social media interfaces that present the content of privacy policies and collect consent in ways which substantively violate the GDPR requirements, while still pretending to formally comply with them (these methods now termed … Continue reading

Nascent EU/ US Trans-Atlantic Data Privacy Framework: some points to note

Photo of Marcus Evans (UK)Photo of Shiv Daddar (UK)By Marcus Evans (UK) and Shiv Daddar (UK) on Posted in Privacy law
On 25 March the EU Commission (Commission) and United States (US) announced that they had agreed in principle on a new “Trans-Atlantic Data Privacy Framework” (TADPF) to foster trans-Atlantic data flows and address the concerns raised by Schrems II.  We briefly discuss the implications below. The announcement was very high level and short on detail. … Continue reading

CPRA Rulemaking Delayed – California Privacy Protection Agency Meets and Previews CPRA Rulemaking Timeline

Photo of Anna Rudawski (US)Photo of David Kessler (US)By Anna Rudawski (US) and David Kessler (US) on Posted in CCPA, Compliance and risk management, Privacy law
On February 17, 2022 the California Privacy Protection Agency’s Board (“Board”) met to discuss their progress launching the new agency.  They also shared their projected timeline for rulemaking.  The California Privacy Protection Agency (CPPA) is the new agency charged with enforcing the California Privacy Rights Act (CPRA).   The big news is that the Board … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

Photo of Steve Roosa (US)Photo of Christoph Ritzer (DE)Photo of Nadège Martin (FR)Photo of Jurriaan JansenPhoto of Daniel Rosenzweig (US)Photo of Naomi SchuitemaPhoto of Natalia Filkina (DE)Photo of Barbara Ghebali (FR)By Steve Roosa (US), Christoph Ritzer (DE), Nadège Martin (FR), Jurriaan Jansen, Daniel Rosenzweig (US), Naomi Schuitema, Natalia Filkina (DE) and Barbara Ghebali (FR) on Posted in Cybersecurity, NT Analyzer Blog Series, Privacy law
European rulings on the use of Google Analytics and how it may affect your businessRecent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

Illinois Supreme Court Rules that Compensation Act is not a bar to BIPA Damages

Photo of David Kessler (US)Photo of Anna Rudawski (US)Photo of Alexis Wilpon (US)By David Kessler (US), Anna Rudawski (US) and Alexis Wilpon (US) on Posted in Compliance and risk management, Dispute resolution and litigation, Privacy law
Cyber authorities sound the alarmIllinois’ Biometric Information Privacy Act (“BIPA”) is considered the most comprehensive law governing the processing of biometric data. Passed in 2008, BIPA sets out requirements for private entities, including employers, that collect, use, store, and share biometric information.  It’s also one of the most popular class action suits today – hundreds, if not thousands of … Continue reading

Privacy in a Parallel Digital Universe: The Metaverse

Photo of Imran Ahmad (CA)Photo of Tiana Corovic (CA)By Imran Ahmad (CA) and Tiana Corovic (CA) on Posted in General, Metaverse, PIPEDA, Privacy law
Data Protection Report - Norton Rose FulbrightFor many years, the immersive three-dimensional digital world has been left to the cinematic experience. However, the emergence of the metaverse presents an opportunity to translate everyday activities – working, attending a concert, travelling, shopping, socializing – into a parallel digital universe. The metaverse is an abstract concept that uses a digital environment to permeate … Continue reading

Privacy legislation reform: Bill 64 has now been passed

Photo of Imran Ahmad (CA)Photo of Veronique Barry (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), Veronique Barry (CA) and Jeremie Wyatt (CA) on Posted in Compliance and risk management, Cybersecurity, Privacy law
Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

Notice of employer electronic monitoring

Photo of David Kessler (US)Photo of Susan Ross (US)Photo of Laura Hunt (US)By David Kessler (US), Susan Ross (US) and Laura Hunt (US) on Posted in Privacy law
On November 8, 2021, New York became the third state to require private employers to provide employees with notice of employer monitoring of phone, email, and internet access/usage.  New York’s new law (SB 2628) goes into effect on May 7, 2022.  New York joins Connecticut and Delaware, whose laws are already in effect.  Unfortunately for … Continue reading

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

Photo of Wilson AngPhoto of Anna GamvrosPhoto of Jeremy Lua (SG)Photo of Edward Yau (HK)By Wilson Ang, Anna Gamvros, Jeremy Lua (SG) and Edward Yau (HK) on Posted in Dispute resolution and litigation, General, PDPA, Privacy law
The Singapore High Court and the Hong Kong District Court have both considered the right to compensation for injury to feelings in two recent cases involving misuse of personal data but arrived at different conclusions. Singapore: In Bellingham, Alex v. Reed, Michael, Mr. Bellingham obtained the email addresses of his former employers’ customers without their … Continue reading

Hong Kong: Bill to combat doxxing acts passed

Photo of Edward Yau (HK)Photo of Anna GamvrosBy Edward Yau (HK) and Anna Gamvros on Posted in Cybercrime, Cybersecurity, Privacy law
Data Protection Report - Norton Rose FulbrightThe Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) aimed at combatting doxxing in Hong Kong was passed on 29 September 2021. As discussed in our earlier post, the Bill amends the Personal Data (Privacy) Ordinance (PDPO) by: introducing offences to criminalize doxxing acts; empowering the Privacy Commissioner for Personal Data (the Commissioner) to conduct … Continue reading

The UK Government unveils its post-Brexit plans to shake up data protection laws

Photo of Lara White (UK)Photo of Marcus Evans (UK)By Lara White (UK), Marcus Evans (UK) and Isabella Martinez-Sistac Orozco on Posted in General, Privacy law, Regulatory response
On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading

Ontario moves towards introducing new privacy law

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) and Admin on Posted in General, PHIPA, PIPEDA, Privacy law
Data Protection Report - Norton Rose FulbrightGiven global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy … Continue reading
LexBlog