The European Union’s General Data Protection Regulation (“GDPR”) is well known as the toughest privacy and security law in the world, as it has a wide reach and imposes heavy fines against those who violate its privacy and security standards (which are quite broad). The impact of the GDPR has already been felt in the United States since it went into effect in 2018, and now U.S. lawmakers in numerous states are moving to enact similar legislations. The California Consumer Protection Act (“CCPA”) was the first instance of the GDPR’s impact in the United States, as California put in place a statute and regulations that mirrored the GDPR in several respects. Now Virginia has set in motion what could be a year-long string of states enacting similar legislation. In particular, Washington and New York have proposed legislation following the framework of the CCPA. This article will compare the CCPA to the newly enacted and proposed privacy laws in the United States.
Continue Reading GDPR in the USA? New State Legislation Is Making This Closer to Reality

In the News

It has now been more than four months since the GDPR was enacted, leaving corporations around the world grappling with the implications.  Bryan Clark recently offered some insights in Digital Journal’s “Q&A: Analyzing GDPR’s Impact So Far,” where he discussed the impact of GDPR on people and companies operating outside of Europe, similar privacy laws that may impact the U.S., how businesses can prepare for new privacy laws, and the impact on consumers.
Continue Reading In the News: Media & Privacy Risk Report Editors Blaine Kimrey and Bryan Clark Discuss GDPR in AdExchanger and Digital Journal

Match stick DeskJust when you thought it was safe to open your e-mail again without being inundated with updated privacy policies, here comes the California Consumer Privacy Act of 2018 (“CCPA”).  The new law, which goes into effect on January 1, 2020, will expand the privacy rights of California residents and bring some of the EU’s widely discussed General Data Protection Regulation (“GDPR”) to the United States.  There will be lots to talk about over the next year and a half as companies gear up for compliance, but here are some key features to be aware of:
Continue Reading California and GDPR “light”: A Match Made in Plaintiffs’ Lawyers’ Heaven?