As the Jan. 1, 2020 operational date for the California Consumer Privacy Act (“CCPA”) approaches, the balance between consumer rights and company responsibility continues to be vigorously debated. As this blog predicted when we discussed the first set of amendments to the CCPA, negotiations and amendments to the CCPA continue. We review the most recent Feb. 22, 2019 consumer friendly amendment now—Senate Bill 561 (“SB 561”).… Read More
The Background of the Law
Of late, the U.S. private sector has been abuzz with the European Union’s new General Data Protection Regulations and the implementation of the same. However, savvy companies cannot forget that state legislatures have been for some time enacting statutes aimed at protecting its residents in how businesses use and disseminate their personal information. In 2008, Illinois became one of the first states to be mindful of the uniqueness of biometrics with the passage of the … Read More
Rebekah Mackey, Taft summer associate, contributed to this article.
Just months after the European Union’s General Data Protection Regulation, or “GDPR” changed the landscape of data privacy around the globe, California reaffirmed its position as the United States pioneer of consumer-friendly data privacy protections with the state legislature’s passage of Assembly Bill No. 375.
As we assist clients with preparing for GDPR compliance before and after this Friday’s effective date, I thought to share some quick thoughts on the law and what we are seeing here at Taft.
- “GDPR Compliant.” Be wary of companies making such claims and don’t make such claims, yourselves. As with HIPAA, there is no such thing as a stamp of “compliance” approval. And, like bragging about your information security, warranting that you are “compliant” is just asking for that
U.S. privacy law is based on the principles of notice and consent – for instance, under FTC and state consumer protection laws, consumers given fair notice and the opportunity to consent generally cannot complain about the use of their data.
But as we have noted in prior posts, the E.U.’s General Data Protection Regulation (“GDPR”), which will become effective May 25 of this year, is more comprehensive than any U.S. privacy law in most respects. It treats personal data (defined … Read More
As you put together your resolutions and plans for the new business year, it is important to remember that the European Union’s (“E.U.”) General Data Protection Regulation (“GDPR”) will go into effect on May 25, 2018. The impact that it could have on U.S. companies will depend on whether a company processes the personal data of E.U. citizens (note: the definition of “personal data” under the GDPR is quite broad). If you think this doesn’t apply to your company, think … Read More
This is part two of a multi-part look into the European Union’s General Data Protection Regulation (GDPR) and why U.S. companies need to be aware of the law and how it may impact their business. We will conclude the series with a webinar in 2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series. In this second part of our series, we think it is … Read More
This is part one of a multi-part look into the EU’s General Data Protection Regulation (GDPR) and why U.S. companies need to concern themselves with an EU law, the difference from U.S. regulations and the different mechanisms available to comply. We will conclude this series with a webinar in 2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series.
The GDPR is a new privacy … Read More