privacy laws

Subscribe to privacy laws

As you consider the end of the year and beginning of a new year, we in Taft’s Privacy and Data Security Practice thought to provide you with a simple list of data protection resolutions you might consider, both professionally and personally.

1.  Get strong!  Now is a good time to make a change in passwords for your accounts, and specifically make them strong passwords (i.e. ten characters or more, including an upper and lower case letter, number, and

Continue Reading 2023 Privacy and Data Security Resolutions

U.S. privacy law is based on the principles of notice and consent – for instance, under FTC and state consumer protection laws, consumers given fair notice and the opportunity to consent generally cannot complain about the use of their data.

But as we have noted in prior posts, the E.U.’s General Data Protection Regulation (“GDPR”), which will become effective May 25 of this year, is more comprehensive than any U.S. privacy law in most respects. It treats personal data (defined broadly) as belonging to the person identified by the data, or “data subject.” The company collecting the data has a limited license to use that data in legitimate ways – as described in one article, a company can only use the data in ways that “wouldn’t surprise them or make them uncomfortable.”

It is unsurprising, then, that under the GDPR, the specific concepts of fair notice and consent are also more robust than in the U.S. This post will give an overview of the notice requirements under the GDPR, and a future post will explore the consent requirements.

Continue Reading What’s in a notice? Privacy notices under the GDPR