Should Businesses Have a Separate CCPA Privacy Policy for California & Non-California Consumers?

The CCPA only provides enhanced rights and protections for consumers who are California residents. As a result, businesses with national or global customer bases must decide whether to extend the CCPA’s consumer rights and disclosure requirements to their entire customer base, including both California and Non-California residents—Or should they provide CCPA rights to only consumers […]

CCPA: New Website Accessibility Requirements

The Article in 60 Seconds The California Attorney General (“CAG”) published, in its notice of modifications to the proposed CCPA regulations, a requirement that online privacy disclosures be—reasonably accessible—to consumers with disabilities. Notably, the CAG clarified that reasonable accessibility means that businesses must comply with “generally recognized industry standards,” such as the Web Content Accessibility […]

Cybersecurity the EU Network & Information Security Directive: U.S. Companies Take Note

Preventing or minimizing business risks should result in maximizing profits, but unexpected losses due to cybersecurity incidents can be costly to both businesses and affected consumers. The European Commission has finally addressed this rising issue with the new draft Directive, the Network and Information Security Directive (“NIS Directive”).  The intent behind the Directive is to […]

GDPR vs. HR Data: Time to Reconsider Consent as a Lawful Basis to Collect Personal Data?

In light of the GDPR’s stringent requirements for consent, HR departments will need to review the legal basis for processing employee data under employment contracts based on consent. The GDPR heightened the requirements for using consent as a legal basis, making this method risky and burdensome. The GDPR requires that consent must be: Freely given, […]

FTC Approves $5 Billion Dollar Fine Against Facebook Over Cambridge Analytica Scandal.

Although the E.U. handed down significant fines earlier this week, the U.S. ended the week by issuing record-setting fines against Facebook for 5 billion dollars. The fine against Facebook represents the powerful posture taken by the United States to enforce privacy legislation in the post-GDPR era. The chart above outlines the EU’s early GDPR enforcement efforts […]

California Consumer Privacy Act (CCPA)—Or should we say CDPR?

Just when you thought you could catch your breath, California, on June 28, 2018, enacted the strictest data privacy law in the United States—the California Consumer Privacy Act (“CCPA”). With striking resemblances to the GDPR, the new law will carry with it broad implications for businesses providing services to, or collecting data from, California consumers. […]

Facebook Page Administrators Faced with the Floodgate of Liability

The powerful nature of the GDPR has instilled fear among businesses across the globe. As most companies rush toward compliance, some try to hide behind others. Just weeks after the GDPR came into effect, the European Court of Justice (ECJ) decided a case that made clear that businesses cannot avoid liability by hiding behind other […]

Email Marketing Post-GDPR: Untangling Recital 47 in the Pre-ePR Era

On May 25th, 2018, EU lawmakers unleashed the GDPR—a new privacy law capable of delivering a financial blow to businesses across the globe, not just in Europe. The data which drives email marketing programs must be processed and stored in accordance with the GDPR. Recital 47 of the GDPR states: “The processing of personal data […]

Skip to content