The Ninth Circuit Court of Appeals recently found that the American with Disabilities Act (“ADA”) applies to websites and apps in some circumstances. The ruling may impact any business in Oregon, Washington, or California that offers goods or services at a physical location and also facilitates access to those goods or service via a website… Continue reading Does Your Website Need to be ADA Compliant? Maybe.
We previously posted about the territorial scope of the EU’s General Data Protection Regulation (“GDPR”). Last month, the European Data Protection Board issued draft Guidelines to help companies outside of the EU determine whether the GDPR applies to them. Here are some key provisions: Establishment in the EU Under Article 3(1), controllers and processors established… Continue reading New Guidance on the Territorial Scope of the GDPR
In July, we reported on the California Consumer Privacy Act (CCPA), a sweeping privacy law signed by California Governor Jerry Brown. On August 31st, the California legislature passed SB1121, a bill to amend the CCPA. The amendments, currently awaiting Governor Brown’s signature, make the following changes: Earlier effectiveness and delayed enforcement. The amendments change the… Continue reading California Legislature Amends Consumer Privacy Act
Last week, California Governor Jerry Brown signed into law AB 375, the so-called California Consumer Privacy Act of 2018. The Act was passed in order to defeat a stricter privacy-focused initiative set to appear on the November ballot, which we wrote about in May. The group behind that initiative withdrew it upon passage of the… Continue reading California Enacts Strict Privacy Law
Last month, Senators introduced two bills aimed at increasing privacy protections for consumers. The Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act would authorize the Federal Trade Commission (FTC) to promulgate regulations that improve consumer control over how data is collected and used. The second piece of legislation, known as the Social Media… Continue reading New Privacy Legislation Introduced in the U.S. Senate
Recently passed amendments to Oregon’s Consumer Identity Theft Protection Act take effect on June 2, 2018. One of the most significant changes is to require notice to consumers, and Oregon’s Attorney General if the breach impacts more than 250 consumers, “not later than 45 days after discovering or receiving notification of the breach of security.”… Continue reading Oregon’s New Breach Notification Deadline
One of the most talked-about provisions in the GDPR is a new 72-hour breach notification requirement. Article 33 of the GPDR mandates that “in the case of a personal data breach, data controllers shall without undue delay” notify the supervisory authority “not later than 72 hours after having become aware of” the breach. The Article… Continue reading 72-Hour Breach Notification Rule