In August 2018, Brazil took a significant step by passing comprehensive data protection legislation: the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – Law No. 13,709/2018, as amended) (LGPD). The substantive part of the legislation takes effect August 16, 2020, leaving fewer than six short months for companies to prepare.

With the backdrop of an apricot-coral sunset from high above San Francisco Bay, Greenberg Traurig was pleased to welcome leaders from the United Kingdom’s Information Commissioner’s Office (ICO), as part of an IAPP S.F. Bay Area Knowledgenet held at the law firm on February 11.

The U.K.’s Information Commissioner, Elizabeth Denham, and ICO Executive Director,

On January 8, 2020, the “Virginia Privacy Act” (HB 473), was introduced for consideration to the General Assembly of Virginia. The proposed legislation includes notice requirements similar to the California Consumer Privacy Act’s (CCPA), provides consumers with rights similar to those under the EU’s General Data Protection Regulation (GDPR), and unlike either

At the end of October 2019, the Berlin Commissioner for Data Protection and Freedom of Information imposed a fine of about EUR 14.5 million against a German residential real estate company for various violations of the EU General Data Protection Regulation (GDPR). The fine is not yet legally binding but, reportedly, has been appealed. However,

On Nov. 22, 2019, the representatives of the EU member states rejected the Finnish Presidency’s proposed text for the ePrivacy Regulation, making the future of ePrivacy Regulation uncertain. The ePrivacy Regulation, which if adopted would be binding across all EU member states, will govern direct electronic marketing messages, cookies, and similar tracking technologies. The ePrivacy

On Nov. 5, California Congresswomen Anna G. Eshoo and Zoe Lofgren introduced the Online Privacy Act of 2019, H.R. 4978, to balance the actual needs of businesses with users’ fair privacy rights and expectations. The proposed privacy bill seeks for the United States to adopt many of the requirements of the California Consumer Privacy Act (CCPA), which is effective Jan. 1, 2020, and that exist under the EU’s General Data Protection Regulation (GDPR). Below is a brief summary of the main components of the Act. A copy of the Online Privacy Act can be found here, and a section-by-section analysis by the Congresswomen can be viewed here.
Continue Reading

On Sept. 24, 2019, the Court of Justice of the European Union (CJEU) decided that the “right to be forgotten” does not require a search engine operator to carry out de-referencing on non-EU member state versions of its search engine.

Background

The case relates to a penalty of €100,000 that the French data protection authority,

On July 29, 2019, the Court of Justice of the European Union (CJEUfound that a website operator using a social media plugin is a joint controller with the social media company providing the plugin and can be held jointly liable in relation to such processing activities. Although the case was decided under

It has been over a year since the General Data Protection Regulation (GDPR) came into force – and it did so with great fanfare. The GDPR had the effect of overhauling how personal data is dealt with across Europe, introducing the ‘gold standard’ of protection for the rights and freedoms of EU data subjects. At

While many are still digesting the changes brought about by the EU General Data Protection Regulation (GDPR), a new privacy regulation is already on its way. The Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications – in short, the ePrivacy Regulation  – is currently a