In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:

  1. Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or

Maybe not. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a very common

Virginia is poised to be the second state, after California, to pass comprehensive data privacy legislation.  The Virginia Consumer Data Protection Act passed the Senate and the House of Delegates on Feb. 24, 2021, and now awaits the approval of Governor Northam.

Although the Virginia statute will not take effect until Jan. 1, 2023, companies

The California Attorney General was asked to clarify whether the use of “website cookies shared with third parties” constituted the sale of personal information. The Attorney General declined to answer, stating only that whether a particular situation constitutes the sale of information “raises specific legal questions that would require a fact-specific determination, including whether or

Virginia is poised to be the second state, after California, to pass comprehensive data privacy legislation. The Virginia Consumer Data Protection Act passed the Senate and the House of Delegates on Feb. 24, 2021, and now awaits the approval of Governor Northam.

Although the Virginia statute will not take effect until Jan. 1, 2023, companies

While there is relatively little publicly available empirical data concerning website visitors’ interactions with cookie banners, the data that does exist indicates that user acceptance rates are significantly greater depending upon how many options are presented to a website visitor. For example, in one study researchers placed a cookie banner on a website that provided

Global law firm Greenberg Traurig, LLP has been identified as the top “Legal Influencer” for Q4 2020 in the field of U.S. Technology, Media and Telecommunications law by Lexology, the most comprehensive source of international legal updates, analysis and insights. Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice David A. Zetoony was also

In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step –

Businesses often struggle with how to display cookie banners given the complexities of conveying information to individuals that may lack technical expertise, and “banner fatigue” – a term which describes the reality that consumers presented with pop-ups and cookie banners across different websites may not spend time to read each banner before attempting to close