Draft Standard Contractual Clauses Released by European Commission: New Clause Cause for Applause?


Following on from last week’s big announcement by the European Data Protection Board (EDPB) on its expectations for international data transfers after the European Court of Justice’s July 16 Schrems II decision, the European Commission released a draft set of new Standard Contractual Clauses (SCCs) and a draft implementing decision. The Commission’s draft set of clauses allows for two new types of transfer and contains important updates to bring the text of the clauses in line with the General Data Protection Regulation. The draft documents are now available for public consultation, and both the EDPB and the European Data Protection Supervisor will be asked for their opinions on the documents. Following the Schrems II decision, many organizations have been waiting for guidance on additional safeguards and for the (long overdue) arrival of updated Standard Contractual Clauses. While the last few days have seen some welcome developments after a period of hiatus, organizations will likely need some time to assess the practical implications before making radical changes to international data transfer arrangements.

For the full alert, visit the Faegre Drinker website.

European Data Protection Board Issues New Recommendations for International Data Transfers: Essential Guarantees, Supplemental Measures, and False Warrant Canaries


A pair of highly anticipated guidance documents outline the European Data Protection Board’s (EDPB) expectations for organizations transferring data out of the EU. While the detailed process for evaluating data transfers brings welcomed guidance and clarity, some aspects of the EDPB’s framework present significant obstacles for those working with non-EU service providers or moving data for routine business purposes.

For the full alert, visit the Faegre Drinker website.

Here Come the Proposed CCPA Regulations We’ve All Been Waiting For


After a long wait, the California Attorney General’s (AG) office held a news conference on October 10, 2019, and published proposed regulations implementing the California Consumer Privacy Act (CCPA). Companies gearing up for CCPA’s January 1, 2020, effective date should quickly review and assess the proposed regulations’ potential effects on their operations and consider attending upcoming public hearings or submitting public comments by December 6, 2019.

Continue reading “Here Come the Proposed CCPA Regulations We’ve All Been Waiting For”

How We Spent Our Summer Vacation or Summary of CCPA Amendments


The long anticipated amendments to the CCPA were passed by the California Legislature in early September and now await Governor Newsom’s signature.  Some of the changes were “clean up” amendments to update cross references, standardize language, and generally address issues of drafting.  What follows is a summary of the most significant and substantive amendments:

Continue reading “How We Spent Our Summer Vacation or Summary of CCPA Amendments”

California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act


The California Department of Justice has opened up public forums this month as part of the Attorney General’s rulemaking process to promulgate regulations under the California Consumer Privacy Act of 2018 (CCPA). We previously discussed the Attorney General’s Office’s public statement regarding the CCPA here.

As required by the CCPA, the Attorney General must adopt certain regulations on or before July 1, 2020. In holding these public forums, the Attorney General’s Office hopes to provide an initial opportunity for the public to participate in establishing procedures to facilitate consumers’ rights under the CCPA and to provide guidance for business compliance. Specifically, the following aspects are of high priority: businesses’ obligation to disclose data collection and sharing practices to consumers; consumer rights to request deletion of data; consumer rights to opt out of having their personal information sold to third parties; and restrictions on the sale of personal information of consumers under the age of 16 without explicit consent. The Attorney General’s Office scheduled six public forums across different counties in California and invites in-person attendance or written submissions of public comments through February 2019.

Continue reading “California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act”

Stay In Touch! Email Marketing After the GDPR


Part I: Untangling the GDPR and the e-Privacy Directive

This is the first post in a four part series on GDPR and email marketing.

Your email in-box has probably finally recovered from the wave of GDPR opt-in requests and notices that peaked around May 25th. But, if you’ve followed the privacy press or the statements from EU regulators, you’re probably left wondering what it was all for. Many statements made in news stories (both in the U.S. and the EU) and by commentators have claimed that the GDPR means no one can send marketing emails any more without your permission. But, other stories suggest that the opt-in emails and privacy notices were unnecessary or, even, inappropriate. Who’s right? And what email marketing is allowed now?

Continue reading “Stay In Touch! Email Marketing After the GDPR”