Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy, Cybersecurity & Data Breaches

Hogan Lovells publishes Demystifying the U.S. CLOUD Act

Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions.

Demystifying the U.S. CLOUD Act was written by Hogan Lovells partners Winston Maxwell and Mark Brennan, and senior associate Arpan Sura. Continue Reading

Posted in International/EU Privacy

Brazil Creates a Data Protection Authority

On 14 August 2018 Brazil approved its new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) – a comprehensive law that closely mirrors the European Union’s General Data Privacy Regulation (“GDPR”). Although the LGPD significantly expands Brazil’s data protection framework and places the country among one of the few jurisdictions to provide similar data privacy protections as those offered in the European Union, the new law did not create a data protection authority.

Continue Reading

Posted in Consumer Privacy

California Department of Justice to Hold Six Public Forums on the CCPA

The California Attorney General Xavier Becerra and the California Department of Justice will hold six public forums about the California Consumer Privacy Act (CCPA) that are open to all members of the public.

These public forums are being held pursuant to Section 1798.185 of the CCPA, which requires the Attorney General to “solicit broad public participation and adopt regulations to further the purposes” of the CCPA, including, but not limited to, the following areas: Continue Reading

Posted in International/EU Privacy

Are You Ready for Brazil’s New Data Protection Law?

The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection Regulation (“GDPR”) implemented in the European Union, the LGPD imposes strict regulations on the collection, use, processing, and storage of electronic and physical personal data. In conjunction with the passing of the LGPD, the National Data Protection Authority will be created in order to adequately implement the new legislation. Continue Reading

Posted in Employment Privacy

Data Privacy Considerations for Diversity and Inclusion Initiatives

Hogan Lovells partner Bret Cohen recently participated in the webinar “HR Data Privacy – Protecting Privacy in Global Diversity and Inclusion Initiatives,” hosted by BrightTALK. In this webinar, Bret and Jackie Wilkosz of Aleada Consulting discussed issues that arise at the intersection of global privacy laws and diversity and inclusion initiatives.

Many companies have initiatives or programs designed to enhance the diversity and inclusiveness of their workforce or applicant pools. To implement and evaluate the success of these programs, companies often must collect, use, and store personal information about their employees and applicants, such as race, gender, and ethnicity. In some jurisdictions, these types of personal information may be subject to special requirements and restrictions. For example, in countries across the EU, there are restrictions on the use of “sensitive” or “special categories” of personal information, which include race, disability, and sexual orientation.

The webinar explores the ethical and privacy implications of corporate diversity and inclusion programs, with a focus on GDPR restrictions and requirements. It also discusses best practice solutions that can help companies protect individual privacy interests while still advancing a global diversity and inclusion agenda.

To read a copy of the slide deck, click here.

To watch a recording of the webinar, click here.

Posted in Health Privacy/HIPAA

HHS Seeking Input on HIPAA Changes

The Department of Health and Human Services (HHS) announced a Request for Information (RFI) regarding how the HIPAA Privacy, Security, and Breach Notification Rules could be modified to reduce regulatory burdens and to improve care coordination, case management, and value-based health care.

In addition to opening the door for public comments on current challenges and potential modifications to the HIPAA Rules, the RFI specifically requests feedback on anticipated changes to several specific provisions of the Privacy Rule including: Continue Reading

Posted in International/EU Privacy

UK Government Aims for Data Protection Continuity Despite No Deal Brexit Prospect

Amid the constitutional and political uncertainties surrounding the Brexit process, the UK Government has provided welcome assurance on the data protection front. Guidance issued by the Department for Digital, Culture, Media & Sport (DCMS) confirms how UK data protection law will work in the event the UK leaves the EU without a deal. Whilst the Government still regards a No Deal Brexit as “unlikely”, given the extremely severe implications of that scenario for transfers of personal data into and out of the UK, the DCMS confirmation is hugely helpful in terms of the preparations needed for that eventuality. Continue Reading

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead – The CCPA’s Anti-Discrimination Clause

This is the tenth installment in Hogan Lovells’ series on the California Consumer Privacy Act.

One of the most controversial elements of the California Consumer Privacy Act (“CCPA”) is the establishment of an “anti-discrimination” right – businesses may not “discriminate” against consumers for exercising certain rights under the CCPA, and they will need to assess whether and how they can require consumers to accept certain data practices as a condition of service.  Compliance would be challenging even if the provision were articulated clearly, but as we have discussed in this blog series, the accelerated drafting process and passage of the CCPA earlier this year left little time for public comment and responsive amendments.  As a result, the law includes a series of ambiguities that complicate compliance, and nowhere is that more apparent than in the anti-discrimination provision.

This entry in Hogan Lovells’ ongoing series on the CCPA focuses on the law’s anti-discrimination clause, its ambiguities and potentially contradictory provisions, and impact on businesses. Continue Reading

Posted in Consumer Privacy

Digital Media Company Agrees to $4.95 Million COPPA Penalty in Settlement with NYAG

On December 4, 2018, the New York Attorney General (NYAG) announced that Oath Inc., which was known until June 2017 as AOL Inc. (AOL), has agreed to pay a $4.95 million civil penalty to settle allegations that AOL’s ad exchange practices violated the Children’s Online Privacy Protection Act (COPPA). The $4.95 million penalty is the largest ever assessed by any regulator in a COPPA enforcement matter. Continue Reading