Two bills dealing with processing COVID-19 data in California were referred to the Senate Appropriations Committee.

Assembly Bill 660 prohibits data collected, received or prepared for purposes of contact tracing from being used or disclosed for any purpose other than facilitating contact tracing efforts. It also requires the data collected to be deleted within 60

Italian Data protection Authority, Garante privacy, ordered a company that did not acquire granular consent for marketing from members of its loyalty programs to:

(i)  stop processing personal data for marketing purposes if granular consent for the marketing/mailing was not acquired;

(ii) not start processing personal data for marketing purposes in future without obtaining such

“Whenever we make a call, go to work, search the web, pay with our credit card, we generate data. While de-identification might have worked in the past, it doesn’t really scale to the type of large-scale datasets being collected today.”

It turns out that ” four random points (i.e. time and location where a person

Utah legislators voted unanimously to pass landmark legislation in support of a new privacy law that will protect private electronic data stored with third parties like Google or Facebook from free-range government access.

The bill stipulates that law enforcement will be required to obtain a warrant before accessing “certain electronic information or data.” There are

Show me the money and I’ll show you my data.

“How much would you charge a marketer to use your personally identifiable information for general advertising purposes?”

About 60 percent of 2,000 U.S. adults polled in November 2018 were willing to share personal data for a price. A majority (57 percent) said it was worth

Data rights > data ownership?

That’s the position taken by Privacy International in its response to the recent editorial by artist wil.i.am in The Economist which called for tech giants to pay individuals for their data:

  • Data rights offer a system of control and protection that is much more comprehensive than ownership, and these rights

The Illinois Supreme Court’s Ruling

On January 25, 2019, the Illinois Supreme Court issued its long awaited opinion in Rosenbach v. Six Flags Entertainment Corp, ruling that the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) does not require an actual injury for a plaintiff to be considered “aggrieved” under the Act. The

The European General Data Protection Regulation (GDPR) comes into force on May 25, 2018.  This gives companies only two months to prepare for and comply with the GDPR. Companies should be conducting data mapping to identify all cross-border transfers of personal data so that they can determine the best way to comply with the GDPR

On July 20, 2015, in Remijas v. Neiman Marcus Group, LLC, No. 14-3122 (7th Cir. 2015), the Seventh Circuit held that the United States District Court for the Northern District of Illinois wrongfully dismissed a class action suit brought against Neiman Marcus after hackers stole their customers’ data and debit card information.  The District

In response to a data breach in 2014, employees of University of Pittsburgh Medical Center filed a two-count class action complaint against UPMC for (1) negligence and (2) breach of an implied contract for failing to protect their personal data. The employee plaintiffs alleged that their Social Security numbers, names, addresses, birthdates, W2 information and