Photo of Jenny L. Colgate

In July 2020, the Schrems II decision issued and the European Commission’s adequacy decision for the EU-US Privacy Shield Framework was invalidated.  Further, and broader than the invalidation of Privacy Shield adequacy decision, the Schrems II judgement found that US surveillance measures interfered with what are considered “fundamental rights” under EU law, i.e., the rights

On Friday, January 28, 2022, the California Office of Attorney General issued a press release announcing that California DOJ sent notices alleging non-compliance with the California Consumer Privacy Act (CCPA) to a number of businesses operating loyalty programs in California.  The press release stated, inter alia:

“Under the CCPA, businesses that offer financial incentives,

On August 13, 2018, the Associated Press published a story: “Google tracks your movements, like it or not.”  (https://apnews.com/article/north-america-science-technology-business-ap-top-news-828aefab64d4411bac257a07c1af0ecb)  According to the article, computer-science researchers at Princeton confirmed findings that “many Google services on Android devices and iPhones store your location data even if you’re using a privacy setting that says it will

It has been nearly a year and a half since the Schrems II decision issued in July 2020, which invalidated the European Commission’s adequacy decision for the EU-US Privacy Shield Framework.  As a result, companies were forced to reexamine their transfers of personal information out of the EU, and the safeguards that they rely on

France recently fined Alphabet Inc’s Google $169 million and Meta Platform’s Facebook $67 million on grounds that the companies violated the EU e-Privacy directive (aka the EU “Cookie Law”) by requiring too many “clicks” for users to reject cookies.  The result was that many users just accepted the cookies, thus allowing the identifiers to track

On August 20, 2021, China passed its first general data protection law, called the Personal Information Protection Law (“PIPL”).  The law is set to take effect on November 1, 2021 (two months away), and it applies to both (1) in-country processing of personal information of natural persons; and (2) out-of-country processing of personal information of

On April 22, 2021, the Supreme Court issued a unanimous decision finding that the FTC lacks authority to pursue equitable monetary relief in federal court under Section 13(b) of the Federal Trade Commission Act (the “FTCA”). The result means that defendant Scott Tucker does not have to pay $1.27 billion in restitution and disgorgement, notwithstanding

In December 2020, Apple started requiring Apps to display mandatory labels that provide a graphic, easy-to-digest version of their privacy policies.  They are being called “privacy nutrition labels,” presumably a reference to the mandatory FDA-required “Nutrition Facts” labels that have appeared on food since 1990.  Below I offer ten thoughts related to these new labelling

While Europe is leveraging hefty fines against violators of the EU General Data Protection Regulation (GDPR) (here is a tracker of recent fines: https://www.enforcementtracker.com/), the United States Supreme Court heard oral arguments last month on whether the FTC – the chief federal agency on privacy policy and enforcement since the 1970s – lacks authority