In a major plot twist over the last few days, Brazil’s new General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) – Law No. 13,709/2018 (LGPD) will take effect in two short weeks, after a last-minute decision not to delay its rollout.

The Background: A Very Brief Overview of the LGPD

The LGPD is similar to the EU’s General Data Protection Regulation (GDPR), applying data protection obligations to companies processing personal data regarding Brazilian residents. Among other requirements, the LGPD requires certain legal bases for processing data and provides Brazilian residents with many enumerated rights over their personal data. For a helpful overview of the LGPD’s provisions, including the individual rights, legal bases for processing, and sanctions as enumerated in the legislation, see GT Alert, 6 Months Until Brazil’s LGPD Takes Effect – Are You Ready?
Continue Reading Brazil’s Data Protection Law Will Be Effective After All, But Enforcement Provisions Delayed Until August 2021

As the way we work, consume, travel, and interact has changed due to Coronavirus Disease 2019 (COVID-19), so too has the way our children learn and play changed. Millions of children (and families) affected by the closures of in-person schools, day cares, athletics, summer camps, and other kids programming now rely on home computers and

The Court of Justice of the European Union (CJEU)’s historic decision in Schrems II, in which the EU-U.S. Privacy Shield was invalidated, requires businesses to rethink the mechanism they can rely on to transfer personal data from the EU to the United States and other countries. However, how the decision will be enforced remains

Kate Black of Greenberg Traurig LLP led the development of genetic testing company 23andMe’s law enforcement protocol and program and continues to advise companies with innovative technologies about how to use data appropriately with consumers’ privacy in mind, earning her a spot among cybersecurity and privacy attorneys under age 40 honored as Law360 Rising Stars

The Court of Justice of the European Union (CJEU) declares invalid a decision of the European Commission which attested that the EU-U.S. Privacy Shield provided adequate protection to personal data transferred from the EU to the U.S., if the receiving party had self-certified its adherence to the Privacy Shield Principles. At the same time, the

It has been a busy time for the California Consumer Privacy Act (CCPA)—enforcement begins July 1st, final implementing regulations have been submitted for approval, and qualifying signatures for a wide-ranging “CCPA v2.0” ballot initiative are in the process of being counted.

Yet the effect of the CCPA on digital advertising, mobile applications and websites remains

With the California Attorney General’s enforcement of the California Consumer Privacy Act (CCPA) beginning on July 1, 2020, businesses are eagerly awaiting the forthcoming final version of the CCPA Regulations to ensure that their compliance is in line with the law and its Regulations. Due to the upcoming CCPA enforcement deadline, and California’s shelter-in-place status,

The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), enacted March 27, 2020, rewrote significant portions of 42 U.S.C. § 290dd-2, the federal statute governing the confidentiality of substance use disorder (SUD) records that is more commonly known by its implementing regulations at 42 C.F.R. Part 2 (Part 2). Among other changes, the CARES