Higher education institutions face new data security challenges, including increased “global regulatory requirements on data privacy,” JacksonLewis attorneys blogged Friday.
Cross-Border Data and Transfers
Cross-border data transfers are a flashpoint in global privacy law, particularly between the EU and U.S. Mechanisms like the EU-U.S. Data Privacy Framework and Standard Contractual Clauses face ongoing scrutiny by courts and regulators as global corporate operations must sync with divergent national regulatory environments. This legal uncertainty has pushed companies to adopt more rigorous transfer impact assessments and contractual safeguards. This page tracks regulatory developments, enforcement actions, and emerging requirements for international data flows.
Most changes to the U.K.'s data protection regime will ease data flows between the U.K. and EU, but some should be clarified and monitored, the European Data Protection Board (EDPB) said Monday.
Privacy is an ever-evolving landscape, meaning that company privacy policies, technologies and teams must be constantly updated, panelists said Wednesday during a webinar hosted by Didomi, a consent-management software vendor. With enforcement actions by regulators increasing and legislators continuing to implement new laws, companies must stay on top of the latest developments, they added.
DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.
Though many digital health apps and online platforms fall outside the scope of the Health Insurance Portability and Accountability Act (HIPAA), courts and regulators are using other tools to expand enforcement against them when they share sensitive health data without consent, said Sheppard Mullin lawyers in a blog post.
Many industries are sounding the alarm over proposed rules to implement the New Jersey Data Privacy Act. In comments submitted by the Sept. 2 deadline, industry officials said a draft by the attorney general’s Division of Consumer Affairs is too burdensome and exceeds what’s allowed under the NJDPA and other laws. On the flip side, several consumer privacy advocates suggested that the state legislature should overhaul the law itself to make it far stricter.
Brazil ensures a level of data protection comparable to the EU's and merits an adequacy decision to allow cross-border data flows, the European Commission said Friday.
The EU General Court threw out a challenge to the EU-U.S. Data Privacy Framework (DPF) on Wednesday, confirming that the U.S. adequately protects Europeans' personal data and that trans-Atlantic data flows can continue.
Congress should amend the Gramm-Leach-Bliley Act and preempt all state privacy laws from regulating financial services, the Mortgage Bankers Association (MBA) said in comments to the House Financial Services Committee.
As the next deadline nears for DOJ’s bulk data transfer rule, “businesses must continue to take proactive steps to understand and implement the rule’s complex compliance requirements,” said Benesch privacy and tech attorneys in a blog post Friday.