A recent decision by Hungary’s Data Protection Authority (NAIH) offers a deceptively modest outcome, a €5,000 fine, but sends a much stronger signal on the evolving expectations around data minimization
Continue Reading Data Minimization Under Scrutiny: Hungarian DPA Decision Signals Risk for U.S. EmployersGDPR Processing Begins at the Data Request: What a Spanish Supreme Court Decision Signals for U.S. Privacy Compliance
Data processing begins even before the data is received. A recent ruling of the Supreme Court of Spain clarifies the scope of GDPR obligations and the implications extend to the
Continue Reading GDPR Processing Begins at the Data Request: What a Spanish Supreme Court Decision Signals for U.S. Privacy ComplianceEmployee Privacy Rights Under CCPA: CalPrivacy Calls for Comments
Among US states, California is the only one that treats employees as full “consumers,” providing them the right to an employee notice and an applicant notice and employee rights. While
Continue Reading Employee Privacy Rights Under CCPA: CalPrivacy Calls for CommentsCalifornia AG confirms cookie banners may be needed in mobile apps too.
Do you really need cookie consents to be incorporated into your mobile applications? New enforcement of the CCPA by California attorney general involving mobile game developer emphasizes the need to
Continue Reading California AG confirms cookie banners may be needed in mobile apps too.10 Million EUR Fine Demonstrates Scope of Effort Needed for DPIAs
Spanish data protection authority, AEPD, imposes 10 Million EUR fine on a company, AENA for deploying a facial recognition system without an adequate DPIA. What does this mean for companies
Continue Reading 10 Million EUR Fine Demonstrates Scope of Effort Needed for DPIAs“Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail context
A Bavarian court held that a store’s private security guard lawfully used a body-worn camera under Article 6(1)(f) GDPR to protect property, maintain order, and ensure staff safety, in a
Continue Reading “Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail contextCPPA Issues $1.35 Million Fine: What You Need to Know
The California Privacy Protection Agency (CPPA) recently issued a $1.35 million fine against a California business for privacy law violations. They also issued a detailed multi-year compliance plan.
These are
Continue Reading CPPA Issues $1.35 Million Fine: What You Need to KnowWhat the CPPA Has to Say About the Delete Act and the DROP
The California Privacy Protection Agency recently published materials in advance of its upcoming discussion of the Delete Act Regulations, which regulate the centralized data broker Delete Request and Opt-out Platform
Continue Reading What the CPPA Has to Say About the Delete Act and the DROPWhat California Employers Need to Know About the Use of High-Risk Automated Decision Systems
California may soon regulate the use of high-risk automated decision systems (ADS) by California employers. The state’s legislature recently sent SB-7 to Governor Gavin Newsom.
What do you need to
Continue Reading What California Employers Need to Know About the Use of High-Risk Automated Decision SystemsTo Do: Annually Review Privacy Notices or Risk CPPA Enforcement
The annual review and update (if necessary) of privacy notices just got an upgrade to a “must do.”
This provision, found in California Consumer Privacy Act from the beginning, requires
Continue Reading To Do: Annually Review Privacy Notices or Risk CPPA Enforcement