PH Privacy

European Commission Releases Draft Article 28 SCCs
The European Commission recently released the draft standard contractual clauses between controllers and processors in the European Economic Area - i.e., draft data processing provisions in line with Article 28 of the GDPR (the “Draft Art. 28 SCCs”) which are open for consultation until early December.
European Commission Releases Draft SCCs for Consultation
The European Commission has, today, published its draft Implementing Decision on standard contractual clauses for the transfer of personal data to third countries (the “Draft SCCs”) which will be open for feedback until 10 December 2020.
European Data Protection Supervisor Announces Strategy for EU Institutions’ Compliance with Schrems II
On 29 October 2020, the European Data Protection Supervisor (“EDPS”) issued its “Strategy for Union institutions, offices, bodies and agencies to comply with the ‘Schrems II’ Ruling” (the “Strategy”). The aim of the Strategy is to monitor and ensure the compliance of EU Institutions, bodies, offices and agencies (“EUIs”) with the Schrems II decision. It is important to note therefore that this Strategy does not apply to corporate organisations, or non-EU institutions, but it does provide a useful insight for all organisations as to the views of the EDPS with respect to international transfers of personal data. The question is, how far will EU data protection authorities follow suit? Will they take a similarly strict stance towards international transfers as discussed below?
The California Privacy Rights Act (CPRA) Has Been Enacted into Law
Even as companies are still bringing their practices into compliance with the California Consumer Privacy Act (the “CCPA”) and its associated regulations (which are currently under further amendment), Tuesday’s election results will require companies to revisit their data collection and privacy practices to an even greater degree.
New Guidance is Published by the UK ICO on the Right of Access
The UK Information Commissioner’s Office (ICO) has recently published new guidance on the right of access under the GDPR (Article 15). The right of access gives individuals the right to request and obtain a copy of their personal data, as well as other supplementary information, and helps individuals understand how and why organisations are using their data.
Recent CFAA Decision Deepens Circuit Split; SCOTUS Resolution on the Horizon
Last month, the Sixth Circuit ruled that the Computer Fraud and Abuse Act (“CFAA”) does not apply to employees who misuse company data that they were authorized to obtain. The decision, Royal Truck & Trailer Sales v. Mike Kraft et al., deepens a decade-long circuit split over whether the CFAA applies to employees who violate company policies, but the Supreme Court may be set to resolve the split this term.
California DOJ Announces a Third Set of Proposed Modifications to the CCPA Regulations
The California Department of Justice (“DOJ”) announced this week a third set of proposed modifications to the California Consumer Privacy Act (“CCPA”) regulations last updated in August 2020.
January 1, 2022, Extension of CCPA’s HR and B2B Carve-Outs Signed into Law
On September 29, 2020, California Governor Gavin Newsom signed into law AB-1281, extending to January 1, 2022, the California Consumer Privacy Act of 2018 (“CCPA”) business-to-business (B2B) and employment-related communications carve-outs.
How Are Governments Reacting to the Invalidation of Privacy Shield?
Since the decision by the Court of Justice of the European Union (“CJEU”) to invalidate Privacy Shield and opine on the use of Standard Contractual Clauses ("SCCs"), we have been compiling and maintaining a list of the responses and reactions published by both data protection authorities across the EU and other regulators globally.
CCPA’s HR and B2B Carve-Outs Extended Until January 1, 2022
On August 31, 2020, the California legislature passed AB-1281, which extends the California Consumer Privacy Act’s human resources (employee/job applicant) and B2B communications carve-outs until January 1, 2022. Those two exclusions from the CCPA currently are set to expire in January 2021. The bill awaits the Governor’s signature.