PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

New 7th Edition of Information Privacy Law Casebook

Information Privacy Law Casebook - 7th edition

I’m pleased to announce that the new 7th edition of my Information Privacy Law casebook is in print.

The Seventh Edition of Information Privacy Law has been revised to include the California Consumer Privacy Act, the GDPR, Carpenter, state biometric data laws, and many other new developments.

New to the Seventh Edition:

  • California Consumer Privacy Act (CCPA)
  • Carpenter v. United States
  • General Data Protection Regulation (GDPR)
  • State biometric data laws
  • New FTC enforcement actions, including Facebook
  • Schrems II
  • New materials on privacy and feminism, civil rights, poverty, and social class
  • New material on the TCPA, COPPA, and the First Amendment

More details about the book are at our casebook website.

Click here for the new table of contents.

You can order a review copy at the Wolters Kluwer site.

Continue Reading

The FTC Zoom Case: Does the FTC Need a New Approach?

FTC Zoom Case

Co-authored by Prof. Woodrow Hartzog

It was inevitable. On Monday, Zoom joined an exclusive club of tech companies – Facebook, LinkedIn, Twitter, Microsoft, Google, Uber, Snap, and more. This club involves companies that have been under a Federal Trade Commission (FTC) consent decree. In a weird sense, for tech companies, being enforced against by the FTC for a privacy or security violation has become an initiation ritual to being recognized in the pantheon of the tech company big leagues.

As is the typical process, the FTC announced a complaint and consent order against Zoom for a violation of Section 5 of the FTC Act. More specifically, the FTC charged Zoom with unfair and deceptive data security practices related to encryption and efforts to bypass browser security safeguards.

Continue Reading

New GDPR Course

GDPR Training Course - Extensive Version

I am excited to announce a new GDPR training course — the General Data Protection Regulation (GDPR)extensive version (20 mins).  My existing course is a shorter 7 min introduction; this new 20-min course provides a more detailed overview of the GDPR.

If you’re interested in evaluating the new 20-min GDPR course (or the existing 7-min GDPR course), please fill out the form on our GDPR training page.

The course is also available in the new TeachPrivacy store.

Below is an outline of the new 20-min GDPR course.

GDPR Training Course - Extensive Version

Use the form on our GDPR training page if you want to evaluate the course for your organization or go to the TeachPrivacy store if  you want to take the course for yourself.

Video: AI and Privacy Implications with Igor Jablokov, Justin Antonipillai, and Daniel Solove

I had an excellent conversation about the privacy implications of AI and machine learning with Igor Jablokov, CEO, Pryon, and one of the masterminds behind Amazon’s Alexa and Justin Antonipillai, CEO and Founder, WireWheel.  Check out the video of our conversation here:

Continue Reading

Video – CPRA and Its Potential Effects: A Talk with Alastair Mactaggart, Justin Antonipillai, and Daniel Solove

In this video, Justin Antonipillai (Wirewheel) and I discuss the CPRA and its potential effects with Alastair Mactaggart (Californians for Consumer Privacy). Mactaggart’s referendum sparked the passage of the California Consumer Privacy Act (CCPA) in 2018. This year, he has another referendum (Proposition 24) called the Californian Privacy Rights Act (CPRA), which aims to amend and strengthen the CCPA.

Continue Reading

The Impact of the Schrems II Decision: An Interview with Wim Nauwelaerts

The Impact of the Schrems II Decision

In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of the US law’s regulation of government surveillance, and this concern is difficult to fix with better contracts or stricter binding rules. The decision has thus left great uncertainty about how most forms of personal data transfer can occur from the EU to the US.

Continue Reading

Brazil’s LGPD: Its Sudden Jolt to Life and Its Key Requirements

LGPD - Brazil - TeachPrivacy LGPD Training

In a surprising turn of events, the LGPD–Brazil’s new privacy law–went from an expected delayed implementation to being fully active.  The twists and turns of the LGPD’s jolt to life make one’s head spin.  It was originally scheduled to become active on August 16 of this year, but then delayed until May 2021 due to Covid. But then the plan shifted with a proposal to shorten the delay to December 31 of this year.  But the legislature then abruptly changed course and through a maneuver, dropped all delays, reverting back to the law’s original active date of August 16th.  So, to adapt something J.R.R. Tolkien might have said, we’ve journeyed to there  . . . and there . . . and there, and back again . . .

Now, the switch has been flipped, and the LGPD has risen from the table.  Instead of tracing the bizarre procedural maneuverings that got us to where we are, I want to provide some information about the LGPD that can help folks who are suddenly starting to contend with this new law.

• The LGPD stands for the name of the law in Portuguese – the Lei Geral de Proteção de Dados Pessoais.

• Regulatory sanctions for LGPD violations will not start until August 1, 2021.

• There is still no regulation to help implement the LGPD.

• Like the GDPR, the LGPD is extraterritorial in its scope. This means that it applies to organizations outside of Brazil offering goods or services to people in Brazil that process the personal data of people in Brazil.

Continue Reading

Video – Privacy and Women’s Equality, Leadership, and Mentorship

Privacy and Women’s Equality, Leadership, and Mentorship

In this video, we discuss Privacy and Women’s Equality, Leadership, and Mentorship with Alisa Bergman (Adobe), Lindsey Finch (Salesforce), Tanneasha Gordon (Deloitte) and Susan Markel (Wirewheel). I hosted this discussion along with Justin Antonipillai (Wirewheel).

Continue Reading

The Deal with Data Rights: An Interview with Heather Federman

Data Rights Training

Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.

 

Continue Reading

Video – Privacy Conversations – Schrems II Aftermath with Justin Antonipillai and Peter Swire

 

In this video, I discuss the aftermath of Schrems II with Justin Antonipillai (Wirewheel) and Peter Swire (Georgia Tech and Alston & Bird).

Peter Swire’s new Lawfare piece on how to address the individual redress issue is After Schrems II: A Proposal to Meet the Individual Redress Challenge.

Continue Reading