Thank you to everyone who participated in last week’s webinar “California Consumer Privacy Act: What you need to know now.”
In this complimentary webinar, Hogan Lovells partners Mark Brennan, Bret Cohen, Harriet Pearson, and Tim Tobin, discussed:
- • What triggered the new law?
- • What data is covered?
- • What does CCPA require, and how do you start operationalizing the requirements?
- • Disclosure requirements
- • Opt-out and opt-in requirements
- • Data access, portability, and “right to delete” requirements
- • What’s the impact on your GDPR compliance program-what additional steps do you need to take now?
- • How will the CCPA be enforced?
To access a copy of the slide deck, click here.
To access the recorded webinar, click here.
Stay tuned to the blog for future updates on this groundbreaking new law that some are calling the U.S. equivalent of the EU GDPR.
On June 28, 2018, California’s governor signed Assembly Bill 375, a ground-breaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR). Particularly in light of California’s status as the world’s 5th largest economy, many are wondering how the new California Consumer Privacy Act (CCPA) will affect them.
Please join members of the Hogan Lovells global privacy team to arm yourself first-hand with insights about:
- What triggered the new law?
- What data is covered?
- What does the CCPA require, and how do you start operationalizing the requirements?
- Disclosure requirements
- Opt-out and opt-in requirements
- Data access, portability, and “right to delete” requirements
- What’s the impact on your GDPR compliance program – what additional steps do you need to take now?
- How will the CCPA be enforced?
With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake. Legitimising data globalisation remains a top business priority in our uber-digitised world. The coming of age of cloud-based services, the continuous advance of mobile communications and the push by developed and developing countries to reach a global market have made international data transfers more essential than ever. At the same time, the level of regulation affecting those transfers is becoming more impenetrable and politically charged.
Against this background, what are the issues that need to be taken into account to develop a solid global data flows legal strategy? Eduardo Ustaran examines the future of international data transfers in this article for Privacy & Data Protection Journal.
Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating a website without cookies, the dilemma around what solution to deploy has become a serious business decision. Different business stakeholders are often at odds with each other and matters are getting escalated to decision makers who had never been involved in the technically complex and largely misunderstood world of cookies. The tension is rising and yet, no approach has emerged as the preferred one among all involved. So everyone is getting anxious to find a way to do what they have always done and comply with the law. Is this panic justified?
Please join us for our July 2018 Privacy and Cybersecurity Events.
|Student Privacy Bootcamp
|Bret Cohen will discuss the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA) at the Future of Privacy Forum (FPF) and the School Superintendents Association (AASA) Student Privacy Boot Camp.
This training program will feature detailed legal and policy presentations to help superintendents understand regulatory requirements as well as the best practices to properly handle student educational data.
|Location: Washington, D.C.
|Ransomware: Should You Pay?
| Nathan Salminen will be a panelist at the Hogan Lovells event, “Ransomware: Should You Pay?” where he will explore the major debate on whether victims should pay the ransom for a cyber attack or not.
|Location: Washington, D.C.
California continues to be a first mover in privacy in the United States, enacting the US’s toughest and most comprehensive privacy legislation on Thursday, June 28, 2018. Unlike existing state and federal privacy legislation that has generally focused on specific sectors or privacy issues, the California Consumer Privacy Act of 2018 (AB 375), applies broadly to businesses that collect personal information about California consumers and aims to create significant new consumer privacy rights. In doing so, it creates significant new obligations for businesses.
2017 was a momentous year for data protection and cyber security regulation globally, and it is noteworthy how significant the developments in the Asia-Pacific (APAC) region were over the course of the year.
Much of the focus internationally was on preparations for the May, 2018 implementation of the European Union’s General Data Protection Regulation (GDPR). However, the APAC region was noteworthy in particular for China’s introduction of its Cyber Security Law, for a noticeable region-wide trend towards tighter, more strictly enforced regulation and for concrete efforts towards greater inter-operability of national data protection regimes.
With the coming into effect of the GDPR on 25 May 2018, the modernisation of European privacy laws has reached a critical milestone. Businesses operating in Europe or targeting European customers now need to comply with the new regime. At stake are not only the consequences of non-compliance, but also the ability to take advantage of new technologies, data analytics and the immense value of personal information. From determining when European law applies to devising a workable cooperation strategy with national regulators, there are many intricate novelties to understand and address.
We have updated our guide “Future-proofing privacy,” which aims to be a useful starting point for organisations seeking to understand the GDPR and comply with it. Twenty-four authors from 10 European Hogan Lovells offices have contributed their knowledge, efforts, and advice to compile a unique resource of practical guidance. We have identified the key issues and explained why they matter. Crucially, we have approached the new framework with a practical mindset, providing concrete suggestions for actions to take now.
For Hogan Lovells’ Future-Proofing Privacy: A guide to complying with the EU Data Protection Regulation, click here.
In a landmark 5-4 decision, the United States Supreme Court held that the government conducts a search under the Fourth Amendment and therefore, absent exigent circumstances, needs a warrant supported by probable cause when obtaining cell-site location information (CSLI) (i.e., records of the cell towers to which mobile devices connect). The majority reached that conclusion based on the determination that such location records are subject to a reasonable expectation of privacy that continues to apply even though the location records are disclosed to the cell phone user’s wireless carrier, a third party.
On June 22, California lawmakers announced Assembly Bill 375, a broad-based consumer privacy bill that is intended to serve as an alternative to the California Consumer Privacy Act (CCPA), a far-reaching consumer privacy initiative that is on track to be on the California ballot this November. The chief sponsor of the CCPA, Alastair Mactaggart, has stated that he will withdraw the initiative from the ballot if AB 375 is passed this week.