GDPR

Subscribe to GDPR

2023 has seen a flurry of general state privacy laws, with twelve (12) such laws now on the books.  The next one to “go live,” on December 31, 2023, is the Utah Consumer Privacy Act (UCPA).  With no general federal privacy law in sight, the state privacy landscape continues to get more crowded and challenging

As consumer demand for new artificial intelligence (“AI”) tools continues to grow, businesses must be prepared to build tools with “privacy by design” principles in mind, and to remain educated about privacy best practices and risk mitigation strategies when working with AI. The following areas provide the greatest opportunities to manage data privacy risks and

If you manage a company that collects and otherwise processes personal data (which is just about every company, these days), you may need to protect your own pocketbook.  As governments across the globe continue to enact and enforce data privacy, data protection, and cybersecurity laws, data becomes more readily available, and the volume of incidents

It’s a great time to be a privacy attorney.  On October 17, 2022, the California Privacy Protection Agency (CPPA) released the next draft of the regulations under the California Privacy Rights Act of 2020 (CPRA) as well as a document explaining the proposed modifications.  Two days of public hearings were recently held on October 21-22

The Internet Society’s Online Trust Alliance (OTA) released a report this week that measured 1200 U.S.-based organizations’ readiness for three major global privacy regulations: the General Data Protection Regulation (GDPR) in the European Union,  the California Consumer Privacy Act (CCPA) in the United States that goes into effect January 1, 2020, and the Personal Information

According to a recent Genpact study:

  • Nearly two-thirds of consumers (63%) are worried that Artificial Intelligence is going to make decisions that will impact their lives without their knowledge
  • Less than one-third (30%) are at least “fairly comfortable” with the idea of companies using AI to access their personal data
  • Almost three-quarters (71%) say

The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017:

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

CNIL created a PIA Infography to outline the main principles. Keep

The Article 29 Working Party published two Guidelines related to GDPR:

Guidelines on Personal data breach notification under Regulation 2016/679, wp250

Guidelines on automated individual decision-making and profiling for the purposes of Regulation 2016/679, wp251

The Guidelines are open for comments until November, 28, 2017. Comments should be sent to JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr.

About the Global Privacy & Security Blog

Learn More

Contracts, laws and regulations require privacy compliance, and good business practices demand it. This blog is designed to inform our clients and readers about developing privacy issues and regulatory updates, and provide alerts on cyber security stories and data breaches that impact various data privacy and security requirements.