The sky has not fallen. The Internet has not stopped working. The multi-million euro fines have not happened (yet). It was always going to be this way. A year has gone by since the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) became effective and the digital economy is still going and growing. The effect of the GDPR has been noticeable, but in a subtle sort of way. However, it would be hugely mistaken to think that the GDPR was just a fad or a failed attempt at helping privacy and data protection survive the 21st century. The true effect of the GDPR has yet to be felt as the work to overcome its regulatory challenges has barely begun. So what are the important areas of focus to achieve GDPR compliance?
The application of the California Consumer Protection Act of 2018 (“CCPA”) to employee data has been the subject of much debate since the first version of the bill was introduced on June 21, 2018 (just days prior to its enactment on June 28). Under a plain language reading of the CCPA, the law likely applies to employee data. However, it is unclear whether the California legislature intended that result. There is no clarity to be found in the general statutory structure, the legislative history, legislative responses to advocate letters, or the technical amendments signed into law on September 23. As part of our ongoing series on the CCPA, this post lays out why the issue of CCPA applicability to employees is controversial and nevertheless offers potential strategies to address CCPA compliance requirements as they may relate to personnel records.
Recently, the Russian Data Privacy Authority, Roskomnadzor, organized an Open Doors Day in honor of the International Data Privacy Day. During the occasion, Roskomnadzor officers presented on the authority’s 2017 enforcement activities. They followed this presentation with an open question and answer period, during which they responded to numerous questions raised by attendees. This post summarizes the key takeaways.