I had a great conversation about the future direction of privacy in the next four years with Cam Kerry (Brookings), Alexandra Reeve Givens (CDT), and Justin Antonipillai (Wirewheel). This video is part of Wirewheel’s Spokes Conference. Check out the video here:
Join Wirewheel’s Spokes Conference (Dec. 1-2, 2020) for other great sessions!
I’m pleased to announce that Paul Schwartz and I have launched a new casebook, EU Data Protection and the GDPR.
Developed from the casebook Information Privacy Law, this paperback contains key cases and materials focusing on privacy issues related to the GDPR and data protection in the European Union. Topics covered include the GDPR, Schrems cases, the right to be forgotten, and international data transfers. The book also contains key excerpts from the GDPR.
This book is designed for use in courses and seminars on comparative and international law, EU law, privacy law, information law, and consumer protection law.
Topics covered include:
More details about the book are at our casebook website.
Click here for the new table of contents.
You can order a review copy at the Wolters Kluwer site.
I’m pleased to announce that the new 7th edition of my Information Privacy Law casebook is in print.
The Seventh Edition of Information Privacy Law has been revised to include the California Consumer Privacy Act, the GDPR, Carpenter, state biometric data laws, and many other new developments.
New to the Seventh Edition:
More details about the book are at our casebook website.
Click here for the new table of contents.
You can order a review copy at the Wolters Kluwer site.
Co-authored by Prof. Woodrow Hartzog
It was inevitable. On Monday, Zoom joined an exclusive club of tech companies – Facebook, LinkedIn, Twitter, Microsoft, Google, Uber, Snap, and more. This club involves companies that have been under a Federal Trade Commission (FTC) consent decree. In a weird sense, for tech companies, being enforced against by the FTC for a privacy or security violation has become an initiation ritual to being recognized in the pantheon of the tech company big leagues.
As is the typical process, the FTC announced a complaint and consent order against Zoom for a violation of Section 5 of the FTC Act. More specifically, the FTC charged Zoom with unfair and deceptive data security practices related to encryption and efforts to bypass browser security safeguards.
I am excited to announce a new GDPR training course — the General Data Protection Regulation (GDPR) — extensive version (20 mins). My existing course is a shorter 7 min introduction; this new 20-min course provides a more detailed overview of the GDPR.
If you’re interested in evaluating the new 20-min GDPR course (or the existing 7-min GDPR course), please fill out the form on our GDPR training page.
The course is also available in the new TeachPrivacy store.
Below is an outline of the new 20-min GDPR course.
Use the form on our GDPR training page if you want to evaluate the course for your organization or go to the TeachPrivacy store if you want to take the course for yourself.
I had an excellent conversation about the privacy implications of AI and machine learning with Igor Jablokov, CEO, Pryon, and one of the masterminds behind Amazon’s Alexa and Justin Antonipillai, CEO and Founder, WireWheel. Check out the video of our conversation here:
In this video, Justin Antonipillai (Wirewheel) and I discuss the CPRA and its potential effects with Alastair Mactaggart (Californians for Consumer Privacy). Mactaggart’s referendum sparked the passage of the California Consumer Privacy Act (CCPA) in 2018. This year, he has another referendum (Proposition 24) called the Californian Privacy Rights Act (CPRA), which aims to amend and strengthen the CCPA.
In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of the US law’s regulation of government surveillance, and this concern is difficult to fix with better contracts or stricter binding rules. The decision has thus left great uncertainty about how most forms of personal data transfer can occur from the EU to the US.
In a surprising turn of events, the LGPD–Brazil’s new privacy law–went from an expected delayed implementation to being fully active. The twists and turns of the LGPD’s jolt to life make one’s head spin. It was originally scheduled to become active on August 16 of this year, but then delayed until May 2021 due to Covid. But then the plan shifted with a proposal to shorten the delay to December 31 of this year. But the legislature then abruptly changed course and through a maneuver, dropped all delays, reverting back to the law’s original active date of August 16th. So, to adapt something J.R.R. Tolkien might have said, we’ve journeyed to there . . . and there . . . and there, and back again . . .
Now, the switch has been flipped, and the LGPD has risen from the table. Instead of tracing the bizarre procedural maneuverings that got us to where we are, I want to provide some information about the LGPD that can help folks who are suddenly starting to contend with this new law.
• The LGPD stands for the name of the law in Portuguese – the Lei Geral de Proteção de Dados Pessoais.
• Regulatory sanctions for LGPD violations will not start until August 1, 2021.
• There is still no regulation to help implement the LGPD.
• Like the GDPR, the LGPD is extraterritorial in its scope. This means that it applies to organizations outside of Brazil offering goods or services to people in Brazil that process the personal data of people in Brazil.
In this video, we discuss Privacy and Women’s Equality, Leadership, and Mentorship with Alisa Bergman (Adobe), Lindsey Finch (Salesforce), Tanneasha Gordon (Deloitte) and Susan Markel (Wirewheel). I hosted this discussion along with Justin Antonipillai (Wirewheel).