Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

Now Available: California Consumer Privacy Act: What you need to know now webinar recording and slides

Thank you to everyone who participated in last week’s webinar “California Consumer Privacy Act: What you need to know now.”

In this complimentary webinar, Hogan Lovells partners Mark Brennan, Bret Cohen, Harriet Pearson, and Tim Tobin, discussed:

    • • What triggered the new law?
    • • What data is covered?
    • • What does CCPA require, and how do you start operationalizing the requirements?
    • • Disclosure requirements
    • • Opt-out and opt-in requirements
    • • Data access, portability, and “right to delete” requirements
  • • What’s the impact on your GDPR compliance program-what additional steps do you need to take now?
  • • How will the CCPA be enforced?

To access a copy of the slide deck, click here.

To access the recorded webinar, click here.

Stay tuned to the blog for future updates on this groundbreaking new law that some are calling the U.S. equivalent of the EU GDPR.

Posted in News & Events

Webinar Invitation — California Consumer Privacy Act: What You Need to Know Now

On June 28, 2018, California’s governor signed Assembly Bill 375, a ground-breaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR).  Particularly in light of California’s status as the world’s 5th largest economy, many are wondering how the new California Consumer Privacy Act (CCPA) will affect them.

Please join members of the Hogan Lovells global privacy team to arm yourself first-hand with insights about:

  • What triggered the new law?
  • What data is covered?
  • What does the CCPA require, and how do you start operationalizing the requirements?
    • Disclosure requirements
    • Opt-out and opt-in requirements
    • Data access, portability, and “right to delete” requirements
  • What’s the impact on your GDPR compliance program – what additional steps do you need to take now?
  • How will the CCPA be enforced?

Continue Reading

Posted in International/EU Privacy

The Future of International Data Transfers

With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake. Legitimising data globalisation remains a top business priority in our uber-digitised world. The coming of age of cloud-based services, the continuous advance of mobile communications and the push by developed and developing countries to reach a global market have made international data transfers more essential than ever. At the same time, the level of regulation affecting those transfers is becoming more impenetrable and politically charged.

Against this background, what are the issues that need to be taken into account to develop a solid global data flows legal strategy? Eduardo Ustaran examines the future of international data transfers in this article for Privacy & Data Protection Journal.

Posted in International/EU Privacy

Cookie Consent Is the New Panic

Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating a website without cookies, the dilemma around what solution to deploy has become a serious business decision. Different business stakeholders are often at odds with each other and matters are getting escalated to decision makers who had never been involved in the technically complex and largely misunderstood world of cookies. The tension is rising and yet, no approach has emerged as the preferred one among all involved. So everyone is getting anxious to find a way to do what they have always done and comply with the law. Is this panic justified?

Continue Reading

Posted in News & Events

Privacy and Cybersecurity July 2018 Events

Please join us for our July 2018 Privacy and Cybersecurity Events.

July 9
Student Privacy Bootcamp
Bret Cohen will discuss the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA) at the Future of Privacy Forum (FPF) and the School Superintendents Association (AASA) Student Privacy Boot Camp.

This training program will feature detailed legal and policy presentations to help superintendents understand regulatory requirements as well as the best practices to properly handle student educational data.

Location: Washington, D.C.

 

July 12
Ransomware: Should You Pay?
 Nathan Salminen will be a panelist at the Hogan Lovells event, “Ransomware: Should You Pay?” where he will explore the major debate on whether victims should pay the ransom for a cyber attack or not.
Location: Washington, D.C.

 

Posted in Consumer Privacy

California Enacts Sweeping New Comprehensive Privacy Legislation

California continues to be a first mover in privacy in the United States, enacting the US’s toughest and most comprehensive privacy legislation on Thursday, June 28, 2018. Unlike existing state and federal privacy legislation that has generally focused on specific sectors or privacy issues, the California Consumer Privacy Act of 2018 (AB 375), applies broadly to businesses that collect personal information about California consumers and aims to create significant new consumer privacy rights. In doing so, it creates significant new obligations for businesses.

Continue Reading

Posted in International/EU Privacy

Asia Pacific Data Protection and Cybersecurity Regulation: 2017 in Review and Looking Ahead to 2018

2017 was a momentous year for data protection and cyber security regulation globally, and it is noteworthy how significant the developments in the Asia-Pacific (APAC) region were over the course of the year.

Much of the focus internationally was on preparations for the May, 2018 implementation of the European Union’s General Data Protection Regulation (GDPR). However, the APAC region was noteworthy in particular for China’s introduction of its Cyber Security Law, for a noticeable region-wide trend towards tighter, more strictly enforced regulation and for concrete efforts towards greater inter-operability of national data protection regimes.

Continue Reading

Posted in International/EU Privacy

Hogan Lovells Updates Practical GDPR Guide

With the coming into effect of the GDPR on 25 May 2018, the modernisation of European privacy laws has reached a critical milestone. Businesses operating in Europe or targeting European customers now need to comply with the new regime. At stake are not only the consequences of non-compliance, but also the ability to take advantage of new technologies, data analytics and the immense value of personal information. From determining when European law applies to devising a workable cooperation strategy with national regulators, there are many intricate novelties to understand and address.

We have updated our guide “Future-proofing privacy,” which aims to be a useful starting point for organisations seeking to understand the GDPR and comply with it. Twenty-four authors from 10 European Hogan Lovells offices have contributed their knowledge, efforts, and advice to compile a unique resource of practical guidance. We have identified the key issues and explained why they matter. Crucially, we have approached the new framework with a practical mindset, providing concrete suggestions for actions to take now.

For Hogan Lovells’ Future-Proofing Privacy: A guide to complying with the EU Data Protection Regulation, click here.

Posted in Consumer Privacy, Privacy & Security Litigation

U.S. Supreme Court Holds that Historical Cell Site Location Data Is Subject to a Reasonable Expectation of Privacy

In a landmark 5-4 decision, the United States Supreme Court held that the government conducts a search under the Fourth Amendment and therefore, absent exigent circumstances, needs a warrant supported by probable cause when obtaining cell-site location information (CSLI) (i.e., records of the cell towers to which mobile devices connect). The majority reached that conclusion based on the determination that such location records are subject to a reasonable expectation of privacy that continues to apply even though the location records are disclosed to the cell phone user’s wireless carrier, a third party.

Continue Reading

Posted in Consumer Privacy

California Consumer Privacy Bill Fast-Tracked to Replace November Ballot Initiative

On June 22, California lawmakers announced Assembly Bill 375, a broad-based consumer privacy bill that is intended to serve as an alternative to the California Consumer Privacy Act (CCPA), a far-reaching consumer privacy initiative that is on track to be on the California ballot this November. The chief sponsor of the CCPA, Alastair Mactaggart, has stated that he will withdraw the initiative from the ballot if AB 375 is passed this week.

Continue Reading