No.

The European GDPR does not use the term “service provider” and, instead, refers to “processors.” While processors within the GDPR are defined in a similar manner to service providers under the CCPA, the GDPR is far more proscriptive regarding the contractual terms that must be present in a processor agreement. Specifically, the GDPR requires

Greenberg Traurig invites you to join us for an informative discussion on the recently enacted Proposition 24, the California Privacy Rights Act (CPRA), and how it builds on the compliance issues created by the California Consumer Privacy Act (CCPA).

Thursday, Jan. 14, 2021
10:00 – 10:30 a.m. MST / 12:00 – 12:30 p.m. EST

During

On December 10, 2020, the California Attorney General (AG) released the Fourth Set of Proposed Modifications to the California Consumer Protection Act (CCPA) Regulations, styled as “Modifications to Proposed Modifications.” The Fourth Set comes shortly after the comment period for the Third Set of Proposed Modifications closed on Oct. 28.  Per the AG’s Notice

Deidentified information is defined within the CCPA to mean “information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer, provided that a business that uses deidentified information:

  1. Has implemented technical safeguards that prohibit reidentification of the consumer to whom the information

Yes.

The CPRA adds “sensitive personal information”[1] to the examples of data types that may constitute personal information. The term “sensitive personal information” is itself defined within the CPRA to include 20 data fields. Some, but not all, of these data fields already existed in the CCPA, and their inclusion with the personal information

The CCPA requires that a service provider agree to three substantive restrictions involving the retention, use, and disclosure of personal information.  The CPRA ostensibly expands upon the three substantive contractual restrictions by referring to nine additional provisions that should be included within a service provider agreement.  The following chart compares the substantive service provider contractual

It depends.

The CPRA ostensibly expanded the three substantive contractual restrictions identified in the CCPA by referring to nine additional provisions that should be included within a service provider agreement by January 1, 2023.  Many of the new requirements, however, may be redundant of, or subsumed within, contractual provisions that were put in place to

It depends.

The CPRA ostensibly expanded the three substantive contractual restrictions identified in the CCPA by referring to nine additional provisions that should be included within a service provider agreement by January 1, 2023.  Many of the new requirements, however, may be redundant of, or subsumed within, contractual provisions that were put in place to

On Nov. 17, 2020, the Canadian government introduced the Digital Charter Implementation Act, 2020 (DCIA, or Bill C-11), a much-anticipated bill aimed at overhauling the country’s comprehensive private sector data privacy legal regime. As introduced by Minister of Innovation, Science and Economic Development Navdeep Bains, the DCIA would establish a new privacy law

The CPRA created a new sub-category of personal information that it labels “sensitive personal information.”[1] The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, or sexual orientation of a consumer. Beginning on January 1, 2023, consumers will have the right to instruct