1. EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.
  2. Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.
  3. Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking

No.

The European GDPR does not use the term “service provider” and, instead, refers to “processors.” While processors within the GDPR are defined in a similar manner to service providers under the CCPA, the GDPR is far more proscriptive regarding the contractual terms that must be present in a processor agreement. Specifically, the GDPR requires

We have a deal! After several months of negotiations, on 24 December 2020, the EU and the UK announced that they have finally agreed on an agreement regulating trade and cooperation between the UK and the remaining 27 member states after 31 December 2020 (Trade Agreement). From a data protection perspective, this is welcome news

Maybe.

“Tokenization” refers to the process by which you replace one value (e.g., a credit card number) with another value that would have “reduced usefulness” for an unauthorized party (e.g., a random value used to replace the credit card number).[1] In some instances, tokens are created through the use of algorithms, such as hashing

The regulations implementing the CCPA require that “[e]very business . . . shall provide a privacy policy in accordance with the CCPA and the [regulations].”1 The regulations clarify that a business meets its obligation to “provide” a privacy policy by posting the policy online or, if it does not operate a website, “mak[ing] the

The UK is nearing the end of its Brexit transition period (the Transition Period), which expires Dec. 31, 2020. Although the UK has not been a party to the European Economic Area (EEA) agreement since the passage of Brexit, it has been treated as an EEA member during the Transition Period. Because of this status,

A joint controller is defined within the GDPR as “two or more controllers” that “jointly determine the purposes and means of processing.”[1]

There is considerable ambiguity surrounding what it means to “jointly determine” the purpose and means of processing. Legal professional organizations in some countries have indicated that barristers and solicitors rarely function as

A joint controller is defined within the GDPR as “two or more controllers” that “jointly determine the purposes and means of processing.”[1]

There is considerable ambiguity surrounding what it means to “jointly determine” the purpose and means of processing. While regulatory authorities have not offered guidance as to whether the term does, or does

On Nov. 17, 2020, the Canadian government introduced the Digital Charter Implementation Act, 2020 (DCIA, or Bill C-11), a much-anticipated bill aimed at overhauling the country’s comprehensive private sector data privacy legal regime. As introduced by Minister of Innovation, Science and Economic Development Navdeep Bains, the DCIA would establish a new privacy law