Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions.
The report specifically focuses on language in the CLOUD Act that allows U.S. law enforcement agencies, under certain circumstances, to lawfully demand data stored in foreign countries from entities subject to U.S. jurisdiction. The report addresses concerns that this language in the CLOUD Act gives the U.S. government new powers to surveil and monitor the data of non-U.S. citizens or businesses using a cloud services provider with operations in the United States. The report concludes that such fears are overstated.
On 14 August 2018 Brazil approved its new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) – a comprehensive law that closely mirrors the European Union’s General Data Privacy Regulation (“GDPR”). Although the LGPD significantly expands Brazil’s data protection framework and places the country among one of the few jurisdictions to provide similar data privacy protections as those offered in the European Union, the new law did not create a data protection authority.
The California Attorney General Xavier Becerra and the California Department of Justice will hold six public forums about the California Consumer Privacy Act (CCPA) that are open to all members of the public.
These public forums are being held pursuant to Section 1798.185 of the CCPA, which requires the Attorney General to “solicit broad public participation and adopt regulations to further the purposes” of the CCPA, including, but not limited to, the following areas: Continue Reading
We are pleased to announce the election of our new 2019 Hogan Lovells data protection partners and this expansion of our market-leading global Privacy and Cybersecurity practice. Congratulations to these talented lawyers helping to build and grow this emerging area of law: Continue Reading
The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection Regulation (“GDPR”) implemented in the European Union, the LGPD imposes strict regulations on the collection, use, processing, and storage of electronic and physical personal data. In conjunction with the passing of the LGPD, the National Data Protection Authority will be created in order to adequately implement the new legislation. Continue Reading
Hogan Lovells partner Bret Cohen recently participated in the webinar “HR Data Privacy – Protecting Privacy in Global Diversity and Inclusion Initiatives,” hosted by BrightTALK. In this webinar, Bret and Jackie Wilkosz of Aleada Consulting discussed issues that arise at the intersection of global privacy laws and diversity and inclusion initiatives.
Many companies have initiatives or programs designed to enhance the diversity and inclusiveness of their workforce or applicant pools. To implement and evaluate the success of these programs, companies often must collect, use, and store personal information about their employees and applicants, such as race, gender, and ethnicity. In some jurisdictions, these types of personal information may be subject to special requirements and restrictions. For example, in countries across the EU, there are restrictions on the use of “sensitive” or “special categories” of personal information, which include race, disability, and sexual orientation.
The webinar explores the ethical and privacy implications of corporate diversity and inclusion programs, with a focus on GDPR restrictions and requirements. It also discusses best practice solutions that can help companies protect individual privacy interests while still advancing a global diversity and inclusion agenda.
To read a copy of the slide deck, click here.
To watch a recording of the webinar, click here.
The Department of Health and Human Services (HHS) announced a Request for Information (RFI) regarding how the HIPAA Privacy, Security, and Breach Notification Rules could be modified to reduce regulatory burdens and to improve care coordination, case management, and value-based health care.
In addition to opening the door for public comments on current challenges and potential modifications to the HIPAA Rules, the RFI specifically requests feedback on anticipated changes to several specific provisions of the Privacy Rule including: Continue Reading
Amid the constitutional and political uncertainties surrounding the Brexit process, the UK Government has provided welcome assurance on the data protection front. Guidance issued by the Department for Digital, Culture, Media & Sport (DCMS) confirms how UK data protection law will work in the event the UK leaves the EU without a deal. Whilst the Government still regards a No Deal Brexit as “unlikely”, given the extremely severe implications of that scenario for transfers of personal data into and out of the UK, the DCMS confirmation is hugely helpful in terms of the preparations needed for that eventuality. Continue Reading
This is the tenth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
One of the most controversial elements of the California Consumer Privacy Act (“CCPA”) is the establishment of an “anti-discrimination” right – businesses may not “discriminate” against consumers for exercising certain rights under the CCPA, and they will need to assess whether and how they can require consumers to accept certain data practices as a condition of service. Compliance would be challenging even if the provision were articulated clearly, but as we have discussed in this blog series, the accelerated drafting process and passage of the CCPA earlier this year left little time for public comment and responsive amendments. As a result, the law includes a series of ambiguities that complicate compliance, and nowhere is that more apparent than in the anti-discrimination provision.
This entry in Hogan Lovells’ ongoing series on the CCPA focuses on the law’s anti-discrimination clause, its ambiguities and potentially contradictory provisions, and impact on businesses. Continue Reading
On December 4, 2018, the New York Attorney General (NYAG) announced that Oath Inc., which was known until June 2017 as AOL Inc. (AOL), has agreed to pay a $4.95 million civil penalty to settle allegations that AOL’s ad exchange practices violated the Children’s Online Privacy Protection Act (COPPA). The $4.95 million penalty is the largest ever assessed by any regulator in a COPPA enforcement matter. Continue Reading