The scope of the GDPR, the CCPA, and the 2020 Washington Privacy Act bill compared

UPDATE On Washington privacy Act  March 2020 – Washington Privacy Act fails again It was almost given for granted that the Washington Privacy Act would have passed this time. The Washington State House and Senate were debating two similar bills. The major difference was in the enforcement mechanism: while in the House’s Bill both the […]

A closer look to damages under the GDPR

The General Data Protection Regulation, GDPR (Regulation (EU) 2016/679) started to apply on May 25, 2018. See here. The GDPR sets forth the data subject’s right to compensation and liability for the damages caused by processing infringing the GDPR. Pursuant to Article 82, GDPR: “Any person who has suffered material or non-material damage as a result of an infringement […]

Multiple ways in which the GDPR will be “enforced” abroad (spoiler alert: market is one of those)

The GDPR (the General Data Protection Regulation) has started its application on May 25, 2018[i]and applies “extraterritorially. Privacy practitioners and EU regulators alike have highlighted the advantages of GDPR compliance for organizations, such as better data management, enhanced protection against cyber-risks, competitive advantages, etc. Many companies share the same positive view. Some others see the GDPR […]

US discovery rules will likely override your EU privacy obligation: Plan ahead!

The E.D. Michigan held that despite European data protection laws that might restrict disclosure of personal information, a US litigant must comply with federal discovery rules even if that means producing documents stored in the EU.  Under EU Directive 46/1995 and the national implementation legislation,[i] personal information can only be processed according to privacy rules. Disclosure in […]

The (E)Discovery of Things: Privacy in Internet-Connected Devices

The Internet of Things has created discoverable data repositories not only out of cell phones but many other household items.  Smart watches calculate our steps and heart rates, and can contradict a claim of disability or injury.  Smart home devices track internal temperature and may contradict a spouse’s claim to have been home on a […]

What data controllers should do before receiving a subject access request

What data controllers should do before receiving a possible subject access request  As a data controller, you obviously know it: one day you may receive an access request from a data subject. Being available to promptly comply with the request when you receive it is far from being enough. Indeed, there is much more that […]