The California legislative session ended with a bang on 13 September, when legislators passed several noteworthy amendments to the California Consumer Privacy Act (CCPA). The California governor has until 13 October to act on these amendments. We have outlined below the amendments that materially alter the original scope or requirements…
A vexing issue under the California Consumer Privacy Act is how to interpret the definition of “sale” and how to know if exceptions – like that for a “service provider” – apply. When asked, most companies state honestly they do not “sell” customer data, but the CCPA defines the term…
Baker McKenzie and BearingPoint have joined forces to launch a GDPR Survey, which aims to understand the compliance journeys that organizations have gone through since the GDPR came into force in May 2018. Despite the fact that most of our clients have set up their GDPR priorities and already experienced…
Click to Read In recent years, we have seen an unprecedented expansion in data privacy and security regulations globally as regulators seek to catch up to technology. Some jurisdictions focus on notions of privacy as a fundamental right, while others are geared toward fairness or consumer protection. As a result,…
In 2018, California enacted the California Consumer Privacy Act (“CCPA”), the first state-level “omnibus” privacy law, which imposes broad obligations on businesses to provide state residents with transparency and control of their personal data. This year, Maine and Nevada have followed suit and passed legislation focused on consumer privacy, and…
On January 25, 2017, the U.S. President signed an Executive Order on “Enhancing Public Safety in the Interior of the United States” containing rules for government privacy policies pertaining to foreigners. This caused concerns in Europe, but should not affect the EU-U.S. Privacy Shield.
On January 11, 2017, the US and Swiss authorities announced their agreement on a new cross-border data transfer framework, the Swiss-US Privacy Shield Framework, to allow US companies to meet the requirements for transfers of personal data from Switzerland to the US.
As of August 1, 2016, U.S. companies can now self-certify compliance to the EU-U.S. Privacy Shield to the U.S. Department of Commerce
The Working Party of European Union Data Protection Authorities identified concerns with the Privacy Shield, and recommended clarifications and improvements to the text.
On February 29, 2016, the European Commission published a draft adequacy decision and related documents that are intended to implement the EU-U.S. Privacy Shield.