Four years ago, the European Union (“EU”) began enforcement of the General Data Protection Regulation (“GDPR”). The GDPR is a comprehensive data privacy law enacted to create a standardized and cohesive data privacy framework across all EU member countries. The GDPR has since encouraged the adoption of data privacy laws throughout the world,[1] such as the California Consumer Privacy Act. Businesses in the United States that process[2] personal data of European residents, after it has transferred from a country in the European Economic Area to the United States, must ...
The California Consumer Privacy Act (“CCPA”), which went into effect January 1, 2020, created rights and obligations related to the collection and sale of consumer personal data. The California Privacy Rights Act (“CPRA”) was a ballot measure that was approved by California voters on November 3, 2020. The CPRA significantly amends and expands the CCPA. Notably, the majority of the provisions revising the CCPA do not become “operative” until January 1, 2023, and enforcement will apply only to violations occurring on or after January 1, 2023.
On March 24, 2022, Utah Governor Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”) into law. The UCPA, which will become effective December 31, 2023, largely mirrors the Virginia Consumer Data Privacy Act (“VCDPA”), explained in more detail here, or Europe’s General Data Protection Regulation (“GDPR”).
On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (the “VCDPA”) into law. The VCDPA, which will become effective January 1, 2023, creates rights and obligations related to the collection and processing of consumer personal data. While many of these rights are similar to what we have seen under the California Consumer Protection Act (“CCPA”) or Europe’s General Data Protection Regulation (“GDPR”), many rights, such as the right to appeal the denial of a consumer data request and the establishment of a 30-day cure ...
September 2018 was a busy month for data privacy. We expect the next several months to be extremely active as well, especially with the number of new complaints and data breach notices filed in Europe since May. We will continue to monitor and update developments as the data privacy framework continues to evolve.
G-Day is May 25, 2018, the day when the European Union’s General Data Protection Regulation (“GDPR) is set to go into effect. Even though the Regulation has been approved and available for review for more than a year, most companies are still working to determine whether GDPR applies and, if so, how to become GDPR compliant. The litigators from KMK’s Cybersecurity and Privacy Team have prepared a Legal Alert which helps companies answer both questions.
Topics/Tags
Select- Cybersecurity and Privacy Law
- Privacy Laws
- California Consumer Privacy Act
- Privacy
- Cybersecurity Regulation
- GDPR
- Data Breach
- Cyber Insurance
- Coronavirus
- CCPA
- General Data Protection Regulation
- Class Action Litigation
- Mergers & Acquisitions
- SEC
- FISMA
- Incident Response Plan
- Information Governance
- Corporate Law
- E-Discovery
- Federal Trade Commission
- Seventh Circuit
- Department of Justice
- Litigation
Recent Posts
- New York Bans Sale of Certain Supplements to Minors
- GDPR Compliance: What is Privacy Shield 2.0?
- Connecticut's Data Privacy Law
- The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)
- The Utah Consumer Privacy Act
- The Colorado Privacy Act
- The Virginia Consumer Data Protection Act
- State Data Privacy Law Series
- TransUnion LLC v. Ramirez and the Impact on Class Action Litigation
- 2023: The Year of the CPRA and CDPA - Virginia Joins California in Passing Comprehensive Privacy Legislation