Category: Privacy Law

Global Scope of the GDPR & Applicability to Companies in the United States

European Union Law, Privacy Law, Technology

So this is the question that is coming up more and more here in the United States – Does the GDPR apply to our company?

Remember that GDPR was put in place to protect individuals from improper use of their personal data and also to allow them to freely move same, and to enjoy certain other rights with respect to their personal data.  While its reach is broad, the GDPR does not apply to processing of data if it falls outside the scope of EU law (processing for public safety, or government issues is not subject to it). If your company interacts with customers within the EU for purposes of trade, and you you store, process or share EU citizen’s personal data then the GDPR rules apply to your company.  Read more

GDPR’s Restrictions on “Processing” of Personal Data

European Union Law, Privacy Law, Technology

At the heart of it, the European Union’s new data privacy legislation, the General Data Protection Regulation (“GDPR”), restricts what the company’s that hold or manipulate personal data of individuals can do with it, and what type of consent is required for what acts.  Like all regulations, there are a number of defined terms, which must be understood to grasp the coverage of the GDPR.  In summary it covers a lot of activities that companies may not have thought would be regulated.   Read more

Privacy Law – The EU’s General Data Protection Regulation (GDPR) – Data Breaches

European Union Law, Privacy Law

We will be doing a number of posts on the European Union’s General Data Protection Regulation (“GDPR”) as it will be taking effect in May of 2018.  Unlike its predecessor the GDPR is not a directive, but a regulation, meaning that all EU member countries have to comply with its explicit terms (unlike a directive which they are to incorporate into their domestic law).  The GDPR applies to a lot of data, but only that which is “personal data” defined as “any information relating to an identified or indentifiable natural person (‘data subject’)”.

One of the important new aspects of the GDPR versus any European predecessor is that it defines the term “personal data breach”, and sets forth notification requirements to both the jurisdiction and the individuals that were/could be affected by the breach. Read more

Overview of US Privacy Law

Privacy Law, Technology

One of the current and future hot button legal issues is privacy law.  As technology progresses, how it intertwines with privacy rights is going to be an interesting area.  There are many instances where people knowing and willingly forego certain rights to privacy, like allowing certain apps to track their movements or share certain information with the world.  There are many instances where people give up part of their privacy rights without even knowing it.

There are a host of areas that people in the United States think of as “privacy” rights, some of which are (1) our individual right to choosing to be alone (to not be taped or viewed in private), (2) decisional privacy (right to contraception, access to abortion, right to marry whomever you choose, right to procreate), (3) information privacy (right to not have your information disclosed to third parties), and (4) others. Each of the privacy rights that we hold as individuals may arise from different areas of law including constitutional law, statutory law, agency regulations and even social norms. Read more