The California Privacy Rights Act (CPRA) will go into effect on January 1, 2023, even though the draft regulations remain unsettled, leaving companies questioning their ability to comply. In this talk with Jennifer Barrera of CalChamber, we’ll discuss some of the outstanding issues that will have impacts in the state, across the country, and, indeed,
Privacy / Data Protection
President Biden Signs Executive Order on U.S. Intelligence Activities to Implement EU-U.S. Data Privacy Framework
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic…
Webinar: Cyber Perspectives: Software Security With Sam Kaplan of Palo Alto Networks, Aaron Cooper of BSA and Maria Garzaro of Aveva
Software security is a critical issue for multinational businesses. Highlighted as a top priority by the Biden administration and other governments worldwide, software security is a central pillar of effective cybersecurity—and managing associated legal risk. But developing and maintaining secure software is challenging, including to the extent that companies manage complex software development lifecycles, face…
US FTC Moves Forward on Privacy Rulemaking with Public Forum
On September 8, 2022, the Federal Trade Commission (FTC) held a virtual public forum on the agency’s release last month of an Advance Notice of Proposed Rulemaking (ANPR) to regulate the protection of consumers’ privacy and data security, which we covered in a prior Legal Update. In addition to allowing the public the opportunity…
CA Attorney General Says ‘The Kid Gloves Are Coming Off’; Announces $1.2M Settlement with Retail Co. for CCPA Sales Violation
Online businesses that sell to California residents should take note of a recent enforcement action by the state’s attorney general (AG) signaling that adequate notice of sale must be provided in a business’s privacy policy, California residents’ opt-out requests must be honored, and, from the AG’s perspective, the use of third-party cookies for targeted advertising…
US FTC Launches Rulemaking on Commercial Surveillance and Data Security Practices
On August 11, 2022, the Federal Trade Commission (FTC) voted 3-2 on partisan lines to file an Advance Notice of Proposed Rulemaking (ANPR) that would regulate the protection of consumers’ privacy and data security in a rulemaking titled “Trade Regulation Rule on Commercial Surveillance and Data Security.”
The release of this ANPR—in the midst of…
Africa’s Innovation – July Developments Signal Attention Must Be Paid to Data Privacy Developments in Africa
Recent developments in Africa reflect that global companies should be focusing attention on data protection developments in the region. Tech companies, consumer packaged goods manufacturers, and retailers have focused on Africa as a growth market for their products and services as user adoption in the United States and European Union has flattened.1 As a…
New Draft Rules for Human Genetic Resources Management Issued by China
New ‘Draft Rules for the Regulations on the Management of Human Genetic Resources’ (Draft Rules) were issued by the Ministry of Science and Technology of the PRC (MOST) on 14 March 2022.
Issued pursuant to the Biosecurity Law and the Data Security Law, the Draft Rules are a response from the government to the growing…
Specification for Certification of Cross-border Transfers of Personal Information Released by China – Key Provisions and Takeaways
On 24 June 2022, the Secretariat of the National Information Security Standardisation Technical Committee (TC260) issued the Technical Specification for Certification of Cross-Border Transfers of Personal Information (the Certification Specification), eight weeks after it first issued the draft of the same name (the Draft). The relatively speedy finalisation of the Certification Specification is a reflection…
(Not So) Standard Contracts? Draft Standard Contracts Finally Released in China
More than nine months after the Personal Information Protection Law (PIPL) came into force in the PRC, the Cyberspace Administration of China (CAC) issued the long-awaited Draft Provisions on Standard Contracts for the Export of Personal Information (Draft Provisions) on 30 June 2022.
The Draft Provisions supplement Article 38(3) of the PIPL, which provides that…