Data Privacy Blog

Odia is a frequent contributor to the firm's Privacy Compliance & Data Security blog, writing regularly on a wide variety of emerging international data privacy and cybersecurity issues. Topics include the European Union's General Data Protection Regulation, the California Consumer Privacy Act and Pacific Rim data privacy initiatives.

Read Odia's most recent posts below or view a complete list of all her articles.

Recent Blog Posts

  • Ireland: Employees Subject to Vehicle Tracking Must Be in the Know Due to the importance of data protection law for employee monitoring practices, a careful and considered approach must be taken when potentially highly intrusive methods, such as tracking employee vehicles, are used. Employees must be informed of the existence of tracking and how it operates, as well as being clearly informed of all the purposes for which their personal data is to be used, in advance of any such tracking being implemented. This means that the employer must clearly explain to... More
  • French Data Protection Authority Offers Guidance on Cookies, Trackers The French data protection authority (CNIL) recently issued detailed guidance on online cookies and trackers. The guidance includes four documents: Guidelines, Recommendations, FAQs, and a specific statement on audience measurement. Here are some highlights: You can offer users a global consent to a set of purposes if you present, in advance, all the purposes pursued, for example “accept all,” “refuse all.” Present each purpose with a short and prominent title, accompanied by a brief description. Make the exhaustive and regularly updated list of... More
  • German Transport Authority, Information Security Office Plan Cooperation on Autonomous Vehicles The German Federal Motor Transport Authority (KBA) and the Federal Office for Information Security (BSI) recently signed an administrative agreement for cross-departmental cooperation to facilitate and accelerate the safe development of automated and networked driving. “Anyone who buys a new car today assumes that they will receive a safe vehicle. Modern cars are moving high-performance computers that depend to a large extent on digital technology and are to be controlled autonomously by this in the future. The question of safety must... More
  • EDPB Addresses Data Exchange With International Organizations Under GDPR How does GDPR apply to the transfer of personal data from an EU entity to an international organization? “Entities subject to the GDPR that exchange personal data with international organisations have to comply with the GDPR, including its rules on international transfers (Chapter V of the GDPR),” says the European Data Protection Board in a response letter to Miguel de Serpa Soares, Undersecretary General for Legal Affairs and UN Legal Counsel. “The EDPB guidelines on the territorial scope of the GDPR clarify... More
  • CCPA Amendments Address Deidentified Health Data California lawmakers recently passed legislation that amends the California Consumer Privacy Act. “The most significant outcome of AB 713’s passage is that, pending California Gov. Gavin Newson’s signature, information that is deidentified is exempt from regulation under the CCPA if the information is (1) derived from patient information that is protected under HIPAA, the California Confidentiality of Medical Information Act, or the Federal Policy for the Protection of Human Subjects, also known as the Common Rule; and (2) created pursuant to... More
  • Illinois Attorney General Discusses New Data Breach Law, Future Privacy Legislation “The Illinois General Assembly has evaluated numerous proposals similar to the CCPA. Illinoisans want to know that their personal information is protected, and they have a right to know who is collecting their data, for what purpose, and within reason, a right to request that data to be deleted if it is not needed. I will continue to work with the industries that collect this data to develop policies that afford consumers basic data protection rights that are also feasible... More
  • IAPP: What to Expect on Revised Standard Contractual Clauses in Light of Schrems II “It is unknown what the new [Standard Contractual Clauses] will say on ‘Schrems II’ … It would be surprising if the new SCCs did not address the CJEU decision, but it may be overly optimistic to think that they will provide the much-needed certainty that privacy professionals are looking for. The additions are likely to be reasonably high level and generic and unlikely to replace the case-by-case assessment that the ‘Schrems II’ decision seems to require from controllers that want... More
  • Could There Be a Schrems II Data Transfer Solution by Christmas? It’s beginning to look a lot like (a Schrems II solution by) Christmas. “A revised mechanism allowing companies to transfer Europeans’ data around the world may be ready before Christmas,” said EU digital chief Margrethe Vestager. “My colleagues Vera Jourova and Didiers Reynders are working very, very hard to look at standard contractual clauses, at least for that to step in as an intermediate solution. They are very ambitious and hope that it can be in place before Christmas … because the... More
  • U.S. Outlines Privacy Safeguards for Post-Schrems II Data Transfers The U.S. government has published a whitepaper that outlines the robust limits and safeguards in the United States pertaining to government access to data in an effort to assist organizations in assessing whether their transfers offer appropriate data protection in accordance with the European Court of Justice’s (ECJ) Schrems II ruling.   Key Takeaways Particularly in view of the extensive U.S. surveillance reforms since 2013 … the U.S. legal framework for foreign intelligence collection provides clearer limits, stronger safeguards and more rigorous independent oversight than the equivalent laws... More
  • Newsom Signs CCPA Employee and B2B Carve-Out Extensions AB1281, the California Consumer Privacy Act amendment extending the employee and B2B carve-outs, has been signed by Governor Newsom. Unless affected by the passing of the California Privacy Rights Act ballot initiative, the carve-outs will apply until January 1, 2022. Governor Newsom Issues Legislative Update 9.29.20  ... More