Image of man preaching

EU Court Finds GDPR Applies to Religious Preaching

On July 10, 2018 the Court of Justice of the European Union (CJEU) published an opinion finding that the General Data Protection Regulation (“GDPR”) applied to the collection of personal data during “door-to-door” preaching by the Jehovah’s Witnesses religious community. This data included the name and addresses of individuals contacted, and in certain cases, the individuals’ religious beliefs and family circumstances. Members of the Jehovah’s Witnesses community used this data to coordinate preaching efforts across territories and to maintain lists of individuals who did not wish to be visited.

The judgment in this case (CJEU C-25/17) highlights the broad scope of the GDPR in several ways. First, it shows the limitation of the “personal or household” exception to the GDPR. Continue Reading EU Court Finds GDPR Applies to Religious Preaching

Lock placed on computer keyboard

California Consumer Privacy Act – The Top 5 Things You Need to Know

On June 28, 2018 Governor Brown signed off on the strictest set of data privacy laws to date in the United States – the California Consumer Privacy Act of 2018 (full text here). Learn more about how it compares to the former ballot initiative here.

The Consumer Privacy Act will give Californians unprecedented rights to know what information businesses collect about them, where that information comes from, and control how that information is shared. It applies to all companies that “do business” in California and that exceed one of the following thresholds:

  • Annual gross revenues of more than 25 million dollars
  • Processes the personal information of 50,000 or more California residents, households or devices annually
  • Receives 50% or more annual revenue from selling the personal information of California residents

According to a recent study by the International Association of Privacy Professionals, this means that over 500,000 US companies will be affected by the Consumer Privacy Act – including small to medium sized businesses.

Given the far-reaching effects of the Consumer Privacy Act, here are the top 5 things businesses should know about this new law:

1. The “Right to Know”: California consumers will have the ability to make a request, once every 12 months, to receive the following information about them:Continue Reading California Consumer Privacy Act – The Top 5 Things You Need to Know

Decorative image for Gen Why Podcast

Keeping up with Privacy Laws: Lily Li on The Gen Why Lawyer Podcast

On July 2, 2018 attorney Lily Li appeared as a guest star on The Gen Why Lawyer Podcast. During the half-hour segment, Ms. Li discussed starting her own dedicated privacy practice, the recent enactment of the General Data Protection Regulation, and growing developments in state privacy regulation.

Listeners may tune into this broadcast on ITunes, Stitcher, and The Gen Why Lawyer website at the links below:

 

***
The Gen Why Lawyer is a weekly podcast hosted by California Patent Attorney and Millennial, Karima Gulick. Join Karima each week as she chats with some of the greatest innovators and leaders in the legal profession. Listen in to hear their inspiring stories and learn from their insight on how to build a meaningful life and fulfilling career. For more information, check out their website.

California state flag

California Privacy Update: Tentative Compromise on Consumer Privacy Act

6/28/2018 Update: Governor Brown signed AB-375 into law on the afternoon of June 28, 2018. The law is named the California Consumer Privacy Act of 2018, and will take effect in January 2020. This will give industry and lawmakers some time to regroup and fine tune the regulations under this new act.

In a last-minute attempt to keep the California Consumer Privacy Act initiative off the November ballot, California lawmakers reached a tentative deal with ballot sponsor Alastair Mactaggart on June 21st to push forward a legislative privacy bill. The deal depends on the bill passing both houses and being signed by Governor Brown by June 28th.

The proposed bill, introduced by State Assembly member Ed Chau and state senator Robert Hertzberg, would give California consumers unprecedented rights to know what information businesses collect about them, where that information comes from, and how that information is shared. The bill also gives consumers the power to stop companies from selling their data.

The bill removes some of the most draconian features of the proposed Consumer Privacy Act, by removing private rights of action for procedural violations of the law, discarding minimum statutory damages for even de minimis violations, and providing a 30-day “right to cure” for businesses. Further, the proposed bill provides some relief for businesses facing “manifestly unfounded or excessive” requests from consumers concerning their data.

Though this compromise bill reduces many of the operational headaches of the proposed ballot initiative, it will likely face strong opposition from the tech sector. Most prominent amongst the initiative’s detractors is the Committee to Protect California Jobs, a PAC composed of the California Chamber of Commerce, TechNet, Internet Association, and technology giants such as Google, AT&T, and Comcast.

While it remains to be seen whether this bill prevents a November ballot showdown, the policy debate around the Consumer Privacy Act is indicative of broader trends towards privacy legislation. Public sentiment in support of state privacy laws is only growing, given the recent Facebook-Cambridge Analytica scandal, and the increasing frequency of large-scale data breaches like those affecting Equifax, Target, and Yahoo. This growing pro-privacy sentiment is not confined to California and follows on the heels of recent cybersecurity legislation in Massachusetts and New York, heightened data breach rules in Idaho and Oregon, and a new federal bill introduced in Congress by Sens. Edward Markey, D-Mass, and Richard Blumenthal, D-Conn. (the “CONSENT” bill).

California’s appetite for regulation is one of the largest in the nation, however, and it has a history of spearheading privacy rules. It was the first state to introduce data breach notification requirements in 2002, and so far, is the only state with specific rules on online privacy notices (under CalOPPA). Compared with other proposed legislation, this would be the widest in scope, increasing the operational burdens of most businesses. Regardless of the outcome of this tentative privacy deal, businesses should pay close attention to privacy developments in California, as they often provide a model for other states.

KUCI local radio logo

Metaverse Law Discusses GDPR and State Privacy Laws on KUCI 88.9 FM Privacy Piracy Radio

On Monday, June 25 at 8 A.M. Pacific, attorney Lily Li appeared as a guest star on KUCI 88.9 FM’s Privacy Piracy radio show. During the half-hour segment, Ms. Li discussed the impact of the recent General Data Protection Regulation, growing developments in state privacy regulation, and the California Consumer Privacy Act.

To listen to this broadcast, please click on the MP3 below.

KUCI 88.9 FM is a commercial free radio station, based out of the University of California – Irvine. For more information, see http://kuci.org/

Privacy Piracy is a half-hour public affairs radio show broadcasting on KUCI 88.9 FM. The show is co-hosted by attorney and privacy consultant Mari Frank and production engineer Lloyd Boshaw. For more information, see http://privacypiracy.org/

1 2 3 4 5 6