Privacy & Data Protection

At 9:30 a.m. Central European Time, privacy professionals around the world were refreshing their browsers to read the long-awaited judgment of the Court of Justice of the European Union (CJEU) principally addressing the viability of Standard Contractual Clauses (SCCs) and the EU-U.S. Privacy Shield (Privacy Shield) as means to transfer personal data from the European Union (EU) to the United States (U.S.).

When the judgment arrived, it landed with a bang: though the CJEU upheld the use of SCCs, it invalidated the Privacy Shield, the well-known mechanism to transfer personal data from the EU to the U.S.  The decision also cast doubt on the viability of other options, including SCCs, for making transatlantic transfers.

The foundation of this decision and previous decisions affirming challenges to U.S. privacy practices is that the protection of personal data is a fundamental right in the EU, akin to a constitutional right in the U.S.  The General Data Protection Regulation (GDPR) enshrined these fundamental rights and established uniform data protection standards across the EU designed to protect the personal data of EU-based individuals.


Continue Reading Privacy Shield Invalidated: EU Data Transfers to the U.S. under Siege (again…)

Companies in the online marketplace have been paying close attention to Section 230 of the U.S. Communications Decency Act of 1996 (CDA) in recent weeks and months. As noted in our previous client alert, CDA Section 230 “is a powerful law that provides websites, blogs, and social networks that host third-party speech with liability


On March 11, 2020, California’s Office of the Attorney General (OAG) released a second set of proposed revisions to the California Consumer Privacy Act (CCPA) draft regulations originally released in 2019 (Proposed Regulations).

The latest revisions, available here, are substantial and come in response to public comments submitted to the OAG during a 15-day

California businesses have been nervously waiting for the first class action asserting a violation of California’s now-infamous California Consumer Privacy Act (CCPA).

The wait is now over.

The CCPA, a consumer privacy law that Crowell & Moring has analyzed and written about at length provides California consumers with a private right of action when

On February 7, 2020, California’s Office of the Attorney General (OAG) released proposed revisions to the California Consumer Privacy Act (CCPA) draft regulations of 2019.

The proposed revisions, available here, are substantial and come in response to public comments submitted to the OAG last year. The revisions and a new deadline of February 24,

On January 1, 2020, California’s landmark privacy law, the California Consumer Privacy Act (CCPA), took effect. The CCPA imposes various obligations on covered businesses and provides extensive rights to consumers with respect to controlling the collection and use of their personal information. While some companies have largely completed their CCPA compliance efforts, many others are

An Analysis of the Requirement to Verify Consumer Requests and Parental Consents

On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.

In parts one and

On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.

In part one of our multi-part series regarding the draft CCPA regulations, we focused on businesses’

On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.

In this first part of our multi-part series on the CCPA regulations, we will focus on