Notes from the IAPP, May 17, 2019

(May 17, 2019) Greetings from Portsmouth, New Hampshire! We’re finally coming out of a cold and wet weather pattern here in New England. I did not need a jacket on my way into work today, and if I squint just enough, I can convince myself the sun is peeking through the clouds. I hope your local weather has been more spring appropriate. Facial-recognition technology received a lot of attention this week. San Francisco banned it; Oakland, California, and Somerville, Massachusetts, are considering doing the sam... Read More

Top-five most-read privacy stories since May 10, 2019

(May 17, 2019) Each week, the IAPP offers up this top-five list to help distill all the privacy-related content that gets published on a weekly basis. Sure, we try to boil it down each day with the Daily Dashboard and our weekly regional digests, but we know our readers are very busy being privacy pro rock stars. So here are the top-five most-read privacy stories going back to Friday, May 10.  1. IAPP Westin Research: TheScore's privacy notice analyzed against the CCPA, by Mitchell Noordyke, CIPP/E, CIPP/USRe... Read More

The Privacy Advisor Podcast: A look at privacy in Mexico and Brazil

(May 17, 2019) While it's true privacy and data protection laws are undergoing shifts in many parts of the world, this is especially true for Latin America, where there is no shortage of legislative action. Brazil approved its general data protection law last year, and it will come into effect in early 2020. Just as the U.S. is seeing with the California Consumer Privacy Act, Brazil's law is now being amended in all kinds of ways ahead of implementation. Amendments to the LGPD, the acronym used for its formal ... Read More

Perspective: A new twist for CCPA class actions

(May 17, 2019) News broke Thursday that California State Senate Bill 561, which had been endorsed by California Attorney General Xavier Becerra and would have amended the California Consumer Privacy Act, was rejected by a California State Senate committee. "This means as a practical matter the bill will miss the Senate cut-off deadline and will not move forward this year and that there will be no expansion of the private right of action to privacy violations," write DLA Piper's Jim Halpert and Andrew Serwin, C... Read More

Dispatch on the privacy landscape in Mexico and Brazil

(May 17, 2019) While it's true privacy and data protection laws are undergoing shifts in many parts of the world, this is especially true for Latin America, where there is no shortage of legislative action. Brazil approved its general data protection law last year, and it will come into effect in early 2020. Just as the U.S. is seeing with the California Consumer Privacy Act, Brazil's law is now being amended in all kinds of ways ahead of implementation. Amendments to the LGPD, the acronym used for its formal ... Read More

Looking at GDPR data breach notification response data one year later

(May 17, 2019) Preparing for the EU General Data Protection Regulation was a herculean effort for many privacy professionals, and now here we are, almost a year later. While the tide of GDPR fervor has ebbed, it has not completely receded. Organizations should have most of the basic structures for the GDPR in place, including plans to respond to data breaches. In this piece for The Privacy Advisor, Radar CEO and President Mahmood Sher-Jan looks a benchmarking data to see how organizations have complied with da... Read More

Turkey's BTK makes decision on data localization for e-SIM tech

(May 17, 2019) Turkey’s Information Technologies and Communication Authority, the Bilgi Teknolojileri ve İletişim Kurumu, published its decision earlier this year on remote programmable e-SIM technologies imposing localization requirements on e-SIM technologies, and prohibition of permanent roaming is once again clarified. The recent decision from the BTK outlines the general use of e-SIM technologies to ensure the promotion of innovative tech, effective competition and protection of personal data. Gün + Partn... Read More

EDPB: Authorities received 65K data breach notifications in first nine months of GDPR

(May 17, 2019) The European Data Protection Board found EU national supervisory authorities received 64,684 data breach notifications in the first nine months under the EU General Data Protection Regulation, GovInfoSecurity reports. The EDPB report found the authorities also received 94,622 GDPR-related complaints in the same time period. Regulators in 11 European countries issued $63 million in fines for GDPR violations. “Nine months after the entry into application of the GDPR, the members of the EDPB are of... Read More

Study shows US companies struggle with privacy regulation and will continue to do so

(May 17, 2019) MarTech Advisor reports new compliance research from privacy management platform DataGrail reveals that two-thirds of 300 U.S. respondents don't expect they will be prepared for federal privacy legislation. “The Age of Privacy: The Cost of Continuous Compliance” report also shows two-thirds of surveyed privacy management decision makers believe it will take less than six months to ready their companies for the California Consumer Privacy Act. The report also looked back on U.S. preparations for ... Read More

The twists and turns of the CCPA class action

(May 17, 2019) It is now clear that there will be no class-action exposure for privacy violations under the California Consumer Privacy Act when it takes effect in 2020. However, the range of data elements whose breach could give rise to class-action exposure under the CCPA appears likely to grow before the legislature adjourns in September.  Senate Bill 561, which had been endorsed by California Attorney General Xavier Becerra, was rejected in a California State Senate committee Thursday. This means as a pra... Read More