Senate Bill 561, which would have generated even greater compliance challenges and litigation risk for businesses, has been held in committee and placed on suspense. This development effectively prevents the bill from advancing for a vote and is a bit of CCPA good news for businesses. It also serves as a minor setback to consumer
Data Privacy
And Texas joins the Privacy Fray – Part 2 (or, Everything is Bigger in Texas…)
Cross-Posted from The Global Privacy Watch Blog
In Part 1 of our ‘Texas Joins the Privacy Fray’ series, we focused on the Texas Consumer Privacy Act. Here, we shine the light on the Texas Privacy Protection Act (HB 4390).
The TXPPA is distinguishable from both the TXCPA and the CCPA because the applicability threasholds are different. For the TXPPA to apply, a business must 1) be doing business in Texas; 2) have more than 50 employees; 3) collect personally identifiable information (“PII”) of more than 5,000 individuals, households, or devices (or has it collected on the business’s behalf); and 4) meet one of the following two criteria – the business’ annual gross revenue exceeds $25 million; or the business derives 50% or more of its annual revenue from processing PII.
Continue Reading And Texas joins the Privacy Fray – Part 2 (or, Everything is Bigger in Texas…)
And Texas Joins the Privacy Fray – Part 1 (or, the Elephant in the room just got a LOT bigger…)
Cross-Posted from The Global Privacy Watch Blog
Last month, Texas saw the introduction of not one, but TWO privacy bills in the Texas state legislature: The Texas Consumer Privacy Act (TXCPA) and the Texas Privacy Protection Act (TXPPA). With news of this likely meeting with a collective groan and shoulder shrug, we do have some good news for you.
Both bills’ foundations are set with familiar CA Consumer Privacy Act (“CCPA”) language. Unfortunately, this is also bad news because they both suffer from the same problems found in the CCPA – we’ll explain below. It’s also still early in the game, with the bills having just been filed in the state legislature. Given that there is time in the legislative session for amendments to be made and especially considering the ‘ring-side’ view Texas lawmakers have to the CA legislative and Attorney General rule/procedure process currently unfolding, it would be unreasonable not to expect changes. Finally, the bills are reactive responses to the national (or international) focus on privacy issues of late and may allow impacted businesses a grace period, as we’ve seen in the CCPA. In this blog, we shine the light on the first of these bills: The Texas Consumer Privacy Act.
Continue Reading And Texas Joins the Privacy Fray – Part 1 (or, the Elephant in the room just got a LOT bigger…)
Recently Proposed Amendment to CCPA Could Change the Compliance and Risk Landscape in a Big Way
Just when we thought we had an remote understanding on how the California Consumer Privacy Act (“CCPA”) would work from an enforcement and penalty perspective, Senate Bill 561 was introduced on February 22. The bill has the full support of Attorney General Xavier Becerra and appears to be heading for a vote; the odds are…
The California Consumer Privacy Act of 2018: What Businesses Need to Know Now
California, home to more than 40 million people and the 5th largest economy in the world, has passed the California Consumer Privacy Act (CCPA), its omnibus consumer privacy law. The law creates sweeping new requirements concerning the collection, maintenance, and tracking of information for both employees or customers who are residents of California. Many aspects of the implementation and enforcement are still being finalized by the California Attorney General. However, companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
Continue Reading The California Consumer Privacy Act of 2018: What Businesses Need to Know Now
Google First “Tech Giant” to be Fined for Violating GDPR
This weekend, Google was fined 50 million euros (over $55 million) by France’s Data Privacy Authority, CNIL, for breaching Europe’s (fairly) new General Data Protection Regulation.
GDPR lays the framework for the legal processing of personal data, requiring that companies have a lawful basis for processing a user’s personal information. This lawful basis can result from the user’s genuine consent prior to collecting personal information; processing necessary for the performance of a contract, compliance with a legal obligation, to protect the vital interests of a data subject or natural person, for the performance of a task in the public’s interest, or for the purpose of the legitimate interests of a controller or third party.
The GDPR went into effect on May 25, 2018. Shortly after its enactment, two privacy rights groups, noyb (Max Schrems’ brainchild) and La Quadrature du Net (LQDN) filed complaints against Google with the CNIL. The noyb complaint was filed on May 25, the same day the Regulation took effect.
Continue Reading Google First “Tech Giant” to be Fined for Violating GDPR
Seyfarth Legal Forum and CLE: 2018 Highlights and a Look Ahead to 2019
Seyfarth Synopsis: Please join us at our Chicago Willis Tower office on Thursday, December 6th, for breakfast along with a Seyfarth Legal Forum and Continuing Legal Education (CLE): 2018 Highlights and a Look Ahead to 2019.
About the Program
Providing our clients with a multidisciplinary overview of Legal Hot Button issues and Best Practice. …
European Data Protection Board Issues Statement About Work Underway but Nothing of Real Substance Yet
The European Data Protection Board (EDPB) recently issued a report after their November 16, 2018 plenary session. The statement covered a range of topics being discussed by the Board, but no substantive publications. The EDPB is charged with ensuring that GDPR is applied consistently across the EU and that there is consistent enforcement by DPAs…
Seyfarth Shaw Partner Jordan Vick to Present at the 15th Annual Advanced eDiscovery Institute in Washington, DC
Seyfarth Shaw Partner Jordan Vick is on the panel for the “Playing by the Rules: Rule Changes Essential to Your Practice” session on Friday, November 16, at Georgetown Law’s 15th annual Advanced eDiscovery Institute in Washington, D.C.
Session topics include:
- The 2015 Amendments to the FRCP and their actual impacts on practitioners, including unintended consequence
…
California’s Consumer Privacy Act of 2018 – Get Ready for New GDPR Style Requirements in the US
At the end of June, the California legislature passed its Bill 375, the California Consumer Privacy Act of 2018. The Act contains a number of concepts that would be familiar to those who are working to bring their companies and organizations into compliance with GDPR. The new law defines a category of “Personal Information” that radically departs from a traditional definition of Personal Data commonly found in various State Data Privacy Laws, which usually ties an individual name to other identifiers like social security number, account number, or other factors. Instead, the California Act defines “Personal Information” as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not, mercifully, include publicly available information, but it still comes closer to a GDPR-like definition of “personal data” than any other US law.
The Act provides California residents some rights that also appear familiar. For example:
- Consumers can request a copy of all the Personal Information a business has collected;
- Consumers have the right to request that the business delete their Personal Information (subject to some exceptions), and a right to direct a company to not share their Personal Information with third parties; and
- Consumers can request that a business disclose the categories of information it has collected, the sources of information, the purpose for the collection and/or its sale of the information, and the third parties with whom the information is shared.