On Wednesday, April 21 at 1:00 p.m. EST, join GT Shareholder David A. Zetoony, co-chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, for a Federal Bar Association webinar on “AdTech, Cookies, Wiretapping, and Banners: The impact of changing laws and changing technology on the world of cookies.”

The program will provide the

The terms “pseudonymize” and “pseudonymization” are commonly referenced in the data privacy community, but their origins and meaning are not widely understood among American attorneys. Most American dictionaries do not recognize either term.1 While they derive from the root word “pseudonym” – which is defined as a “name that someone uses instead of his

Deidentified information is defined within the CCPA to refer to information that “cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer” provided that a business that uses deidentified information takes four operational and organizational steps to ensure that such information is not

The CCPA includes a non-exhaustive list of data types that may fall under the definition of personal information. One of those data types is “biometric information.”1

While the CCPA provides a definition of “biometric information,” it is worth noting that the CCPA’s definition differs from the definition of the term in other statutes and

After more than four years of negotiations, the Regulation on Privacy and Electronic Communications (ePrivacy Regulation), which will replace the ePrivacy Directive (2002/58/EC), appears to be at a turning point. On Feb. 10, 2021, the Council of the European Union announced it has adopted a consolidated version (the “Council’s Position”) which will be the basis

Maybe.

“Hashing” refers to the process of using an algorithm to transform data of any size into a unique fixed-sized output (e.g., combination of numbers and letters). To put it in layman’s terms, some piece of information (e.g., a name) is run through an equation that creates a unique string of characters. Anytime the exact

On March 10, 2021, Rep. Suzan DelBene (D-Wash.) introduced the first comprehensive consumer privacy bill of the 117th Congress. The Information Transparency and Personal Data Control Act is designed to “establish a uniform set of rights for consumers and create one set of rules for businesses to operate in,” according to a press release from

The CPRA amended the CCPA’s definition of a service provider such that, beginning Jan. 1, 2023, a service provider could include any person (not just a legal entity), and a service provider could be a business that receives personal information “on behalf of” another business. The CPRA also added the requirement that written contracts contain

Possibly, yes. The European Data Protection Board (EDPB) has issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a common

The California Online Privacy Protection Act (CalOPPA) requires operators of some commercial websites to disclose whether they respond to “Web browser ‘do not track’ signals or other mechanisms that provide consumer the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web