As more children spend their time online exploring and learning, government bodies in the United States and internationally have enacted policies to ensure safer spaces, privacy, security, and protection for children online. The California Senate Judiciary Committee recently voted to advance two California bills to protect children’s online activities.
Closely modeled after the UK’s Children’s
The terms “deidentified” and “deidentification” are commonly used in modern privacy statutes and are functionally exempt from most privacy and security-related requirements. As indicated in the chart below, differences exist between how the term was defined in the California Consumer Privacy Act (CCPA) and how it was defined in later state privacy statutes that are
The terms “pseudonymize” and “pseudonymization” are commonly referenced in the data privacy community, but their origins and meaning are not widely understood among American attorneys. Most American dictionaries do not recognize either term.[1] While they derive from the root word “pseudonym” – which is defined as a “name that someone uses instead of his
What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA?
The written policies and procedures that service providers put into place to assist in their compliance with the CCPA differ depending upon several factors including the size of the service provider, the quantity of personal
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Implications |
 |
|
Modern privacy laws contain different definitions for the term “consent,” and different standards for when consent will, and will not, be effective.
In Europe, the right of an individual to withdraw consent for the processing of their personal data has become near axiomatic and is often referred to by Member State supervisory authorities. The right
The impetus to conduct a Data Transfer Impact Assessment (TIA) comes from three legal authorities: (1) the European Court of Justice’s recommendation in Schrems II that the parties to a transfer verify on a case-by-case basis whether the “law of the third country of destination ensures adequate protection . . . of personal data transferred
No. The European GDPR does not use the term “service provider” and, instead, refers to “processors.” Click here to read the full answer, published by the Washington Legal Foundation.
Global Privacy Control, a way for consumers to signal privacy preferences to a host of websites without manually reaching out to each one, is gaining traction. It is unclear if it can be used as a legal compliance mechanism. GT Shareholder Darren Abernethy is quoted in this article on Global Privacy Control and privacy laws
No.
The GDPR requires that when a “controller or processor … transfer[s] … data to a third country” that is not considered to have data protection laws analogous to those within the European Union, it utilizes an adequacy measures.[1] In situations where an individual within the European Union is initiating the transfer to a