Privacy & Information Security Law Blog

On June 4, 2019, Hunton hosted a webinar with partners Lisa Sotto, Aaron Simpson, Brittany Bacon and Fred Eames on the evolving U.S. privacy landscape. The past year has seen highly consequential legislative developments in U.S. privacy law affecting compliance obligations for businesses that have or use consumer data. Various states and the U.S. Congress are considering bills that could transform privacy in the United States. In this program, our speakers discuss the California Consumer Privacy Act of 2018 (“CCPA”) and other significant state and federal privacy legislation.

On June 12, 2019, Hunton Andrews Kurth and its Centre for Information Policy Leadership (“CIPL”) will host a roundtable discussion in the firm’s Brussels office on the update of the EU Standard Contractual Clauses for international data transfers. The seminar will feature Ms. Cristina Monti, Policy Officer in the International Data Flows and Protection Unit of the EU Commission DG Justice and Consumers. Participants will:

On May 28, 2019, shortly after the appointment of the new Belgian commissioner and the Director of the Litigation Chamber, the Belgian Data Protection Authority (the “Belgian DPA”) imposed its first fine since the EU General Data Protection Regulation ( “GDPR”) came into effect. The Belgian DPA fined a Belgian mayor EUR 2,000 for abusive use of personal data obtained in the context of his mayoral functions for election campaign purposes.

On May 27, 2019, the Illinois General Assembly voted 79-32 to approve Senate Bill 1624, an amendment to the Personal Information Protection Act (“PIPA”). The bill’s sponsor, Senator Suzy Glowiak (D), expects Illinois Governor J.B. Pritzker (D) to sign the bill into law in short order. The amendment had already unanimously passed the state Senate last month.

On May 28, 2019, a federal jury returned a verdict awarding $1,000 to each of the roughly 68,000 class members whose criminal history was made publicly available online. The jury found that Bucks County willfully violated Pennsylvania’s Criminal History Records Information Act (“CHRIA”) and awarded the statutory minimum to each of the class members. As a result, Bucks County could pay up to $68 million in punitive damages.

On May 29, 2019, Nevada’s governor approved SB 220 (the “Amendment Bill”), which provides amendments to an existing law that requires operators of websites and online services (“Operators”) to post a notice on their website regarding their privacy practices. The Amendment Bill will require Operators to establish a designated request address through which a consumer may submit a verified request directing the Operator not to make any “sale” of covered information collected about the consumer. Pursuant to the Amendment Bill, Operators must respond to a verified opt-out request within 60 days of receipt.

On May 27, 2019, the Irish government announced that Helen Dixon, who currently serves as Irish Data Protection Commissioner, was appointed to a second five-year term in her position. Her reappointment was approved by a May 27 Cabinet vote.

On May 24, 2019, the Cyberspace Administration of China (the “CAC”), together with eleven other relevant government authorities, jointly released the draft Cybersecurity Review Measures for public comment. The deadline for public comment is June 24, 2019.

On May 27, 2019, Thailand’s Personal Data Protection Act B.E. 2562 (A.D. 2019) (the “PDPA”), which was passed by the National Legislative Assembly on February 28, 2019, was finally published in the Government Gazette, and thus became effective on May 28, 2019. Although now effective, the main operative provisions concerning personal data protection (including requests for data subjects’ consent; collection/use and disclosure of personal data; rights of data subjects; complaints; civil liabilities and penalties) will not come into force until one year after their ...

As reported by Bloomberg Law, on May 24, 2019, the Office of the Privacy Commissioner of Canada (the “OPC”) suspended its public consultation on transborder data flows (the “Consultation”). The suspension follows the announcement of the Digital Charter by the Canadian government, which puts forward principles for digital reform, including improvements to Canadian privacy law.