The California Privacy Protection Agency (“CPPA”) announced during its Board meeting on December 16, 2022 that the regulations implementing the California Privacy Rights Act (“CPRA”) will not likely go into effect until April 2023. CPPA Executive Direct Ashkan Soltani stated that the CPPA Staff plans to publish the final draft of the CPRA regulations in […]
Data Security
European Commission Takes Significant Step Towards New Solution for Transatlantic Transfers of Personal Data
What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the EU-U.S. Privacy Shield (“Privacy Shield”), which was struck down by Court of Justice of the European Union in the Schrems […]
European Parliament Adopts “NIS2” Cybersecurity Directive
On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]
California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations
On November 3, 2022, the California Privacy Protection Agency (“CPPA”) issued a notice of modifications to the Proposed Regulations implementing the California Privacy Rights Act (“CPRA”). These proposed modifications come in response to public comments on, and are meant to clarify, previously issued modifications. The modifications, which are largely based on the Modified Proposed Regulations […]
Recent FTC Order Has Implications for Executive Liability and Corporate Data Minimization Practices
On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that led to a data breach in 2020, which exposed the personal information of approximately 2.5 million Drizly customers. Drizly and its […]