The long-awaited UK data transfer mechanism has been published by the Information Commissioner’s Office (ICO), resolving the question of how international transfers of personal data from the UK will be handled post-Brexit. As a refresher, the European Commission published four new versions of the EU standard contractual clauses (SCCs) in June 2021. However, these new

The California attorney general (AG) celebrated data privacy day by doing an “investigative sweep” of the loyalty programs of retailers, supermarkets, home improvement stores, travel companies, and food service companies, and sending out notices of non-compliance to businesses that the AG’s office believes might not be fully compliant with the CCPA. As the

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity within a country recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”) that imposes many of the

No.

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity within a country recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”) that imposes many of

The Article 29 Working Party took the position that for an action to constitute profiling three elements must be met:

  1. An activity must involve “an automated form of processing;”
  2. An activity must be “carried out on personal data;”
  3. The objective of the activity must be “to evaluate personal aspects about a natural person.”1

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access and deletion requests

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, if a business offers a do not sell my personal information

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses that sell personal information must report on the percentage of

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, if a business offers a do not sell my personal information

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or