Continue Reading Philippines Data Protection Authority: Biometric Data Is Not for Sale: Lessons for U.S. Privacy Law“Biometric data is
“Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail context
A Bavarian court held that a store’s private security guard lawfully used a body-worn camera under Article 6(1)(f) GDPR to protect property, maintain order, and ensure staff safety, in a
Continue Reading “Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail contextHawaii Issues Guidance to State Agencies on AI
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and
Continue Reading Hawaii Issues Guidance to State Agencies on AIEmployees Are People Too — And Not Just in California
I recently had the pleasure of speaking with the Atlantic County Bar Association. Here are some of the key takeaways from my presentation:
Employees are “consumers” under the California Consumer
Continue Reading Employees Are People Too — And Not Just in CaliforniaThe State of the Union: Privacy
- Platforms and other interactive digital
Revised California Privacy Rights Act Regulations Are Out: What You Need to Know.
The California Privacy Protection Agency has revised (again) the CPRA regulations.
There are several edits, including some clarifications and removals simplicity of implementation “at this time.” The regulations also double
Continue Reading Revised California Privacy Rights Act Regulations Are Out: What You Need to Know.Data Minimization: FTC Cites Company for Failing to Delete Information it no Longer Needed
Data minimization is coming to the United States.
The Federal Trade Commission cited failure to delete information which is no longer needed as a failure to implement reasonable protection.
Danish Data Protection Authority Dings Cab Company for Data Minimization Violations
GDPR Data minimization in action. Danish Data Protection Authority (Datatilsynet) finds cab company Taxa 4×35’s records retention practices in violation of the GDPR data minimization principle.
The cab company removed
Continue Reading Danish Data Protection Authority Dings Cab Company for Data Minimization Violations