We have issued a client alert on four key takeaways on the Office of the Attorney General of California’s recent modified regulations to provide guidance on the California Consumer Privacy Act.
Continue Reading
Privacy
Blockchain Technology: Data Privacy Issues and Potential Mitigation Strategies – Practical Law Practice Note
By Pritesh Shah & Daniel F. Forester on
Davis Polk partner Pritesh Shah and associate Daniel Forester are among the authors of a new Practice Note for Thomson Reuters’ Practical Law discussing blockchain technology and recent trends in data privacy law and the tensions between them. The article explains blockchain technology’s characteristics and describes issues and potential strategies…
Continue Reading
Considering A National Security Framework for Protecting Personal Data
By Avi Gesser & Joseph Kniaz on
We have recently written on whether protecting personal data should be regulated using a property model instead of a privacy model (and concluded, probably not). Another framework for regulating personal data that is getting increased attention is a national security model, which looks at securing personal data as a means…
Continue Reading
Highlights & Takeaways: California Attorney General Releases Proposed CCPA Regulations – Davis Polk Client Alert
By Avi Gesser on
We have issued a client alert on three key takeaways on the Office of the Attorney General of California’s recent notice of proposed rulemaking activity and related proposed regulations to provide guidance on the California Consumer Privacy Act.
Continue Reading
European Court of Justice Limits Territorial Reach of “Right to Be Forgotten” – Davis Polk Memo
By Avi Gesser on
We have issued a memo on the European Court of Justice’s recent preliminary ruling on the GDPR and a data subject’s qualified right of erasure with respect to personal data, which concluded that EU rules require a search engine operator to carry out such a request only on versions of…
Continue Reading
New York Law Journal Publishes Avi Gesser’s Article on Balancing Between Cybersecurity and Employees’ Privacy
Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures. The…
Continue Reading
Microchipping Employees and Biometric Privacy Laws – It’s Time To Start Paying Attention
By Avi Gesser on
Posted in Cyberaware, Privacy
Until recently, biometric privacy was a niche area of the law that had little application to most companies. But with the rapid growth in commercial biometric data collection, including voice samples, fingerprints, retina scans, and facial geometry, as well as some recent developments in the applicable case law, it’s probably…
Continue Reading
A New Safe-Harbor Approach to Cybersecurity Regulation
By Avi Gesser & Will Schildknecht on
Momentum is building for federal privacy legislation, with several different proposals circulating in Washington. Ohio’s new cybersecurity law offers an interesting approach for incentivizing companies to protect their customers’ personal data.
We have written previously on two competing models for cybersecurity regulation—“standards” versus “rules.” The standards-based approach, historically…
Continue Reading
Federal Privacy Legislation Is Coming. Maybe. Here’s What It Might Include
Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws. These developments have businesses concerned that they will face a patchwork…
Continue Reading
Private Actions Under the GDPR—One More Privacy Concern for U.S. Companies to Worry About?
In the lead-up to the EU’s General Data Protection Regulation (“GDPR”) becoming effective on May 25, little attention was paid in the U.S. to the private right of action that the GDPR creates. But so far, private actors have filed approximately 24 cross-border GDPR complaints with EU regulators.
At least…
Continue Reading