Data Privacy Blog

Odia is a frequent contributor to the firm's Privacy Compliance & Data Security blog, writing regularly on a wide variety of emerging international data privacy and cybersecurity issues. Topics include the European Union's General Data Protection Regulation, the California Consumer Privacy Act and Pacific Rim data privacy initiatives.

Read Odia's most recent posts below or view a complete list of all her articles.

Recent Blog Posts

  • Identifying Supply Chain Cybersecurity Risks: Tips From Down Under The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers. A key area flagged is foreign control, influence and interference and suggests a questionnaire for the suppliers which includes the following questions: What access might a foreign government gain in controlling or interfering with the business? What access does the business’ products or services have within their customers’ environments? Where does the business operate? Where is the business headquartered? Who has controlling shares in the... More
  • NY Law Addresses Use of Biometric Technology in Schools A new New York state law prohibits the use of biometric technology in New York state schools until the later of (i) July 1, 2022 or (ii) the Commissioner of Education completes a study and issues a report to facilitate the creation of a comprehensive statewide regulatory system governing the use of such technology. The report is required to consider: the privacy implications of collecting, storing, and/or sharing biometric information individuals entering a school the potential impact of the use of biometric... More
  • EU-UK Deal Includes Temporary Cross-Border Data Transfer Provision In atypical 2020 fashion, Santa actually gave UK the #1 present on its Christmas list: adequacy for cross-border data transfers from the EU as part of an overall trade deal. Bloomberg reports the deal will include an interim solution for a maximum of 6 months while the European Commission considers a full adequacy decision for the UK. The deal also requires the U.K. to suspend its own data protection rules until the adequacy decision has been finalized. Details from Bloomberg.... More
  • Brexit Implications for Companies With UK-Based HR, IT or Payroll Partners Do any of these things pertain to your business? Are you outsourcing your HR, IT or payroll function to a UK-based organization? Are you using a UK-based marketing company to send marketing communications to your customer database? Is your occupational health provider based in the UK? Is your pension scheme based in the UK? Are you using translation/transcribing services of a UK-based company where you might be sending personal data of employees, customers or suppliers? Are you using a UK-based company to analyze data on visitors... More
  • Waiting for EU-U.S. Privacy Shield Replacement? Don’t Hold Your Breath Winter is coming. “I don’t expect a new solution instead of Privacy Shield in the space of weeks, and probably not even months, and so we have to be ready that the system without a Privacy Shield like solution will last for a while,” European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski told Reuters “If you ask me what will be the attitude of the new administration towards the possible changes in American law on national security … that is first of all... More
  • Norway’s Data Protection Authority Offers Brexit Warning on Data Transfers to the UK Norway’s Datatilsynet does not mince words in its Brexit guidance: “On 31 December 2020, the Brexit transition period will end. This means, among other things, that anyone who transfers personal data to the United Kingdom after this date must follow the rules on the transfer of personal data to third countries.” “If the European Commission does not give the UK an adequacy decision before the New Year, companies that transfer personal data to the UK must ensure a transfer basis and comply with... More
  • California Issues Fourth Set of Amendments to CCPA Regulations On the first night of Hannukah, the California Department of Justice gave to me … a fourth set of amendments to California Consumer Privacy Act regulations … and a form opt out button (!?) Key changes: Offline notice:  A business that sells personal information that it collects in the course of interacting with consumers offline shall also inform consumers by an offline method of their right to opt out and provide instructions on how to submit a request to opt out. If in... More
  • Council of Europe Lists Priorities for Securing Growing Number of Connected Devices “Increased usage of consumer products and industrial devices connected to the internet will also raise new risks for privacy, information- and cybersecurity, including increasingly potential impacts on the integrity and availability of products and data, which can directly affect safety,”  says the Council of Europe in its “Conclusions on the cybersecurity of connected devices.” Additional points: Cybersecurity and privacy should be acknowledged as essential requirements in product innovation, the production and development processes, including the design phase (security by design), and should... More
  • EDPB Issues Guidance on Its Coordinated Enforcement Framework The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF). The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology The CEF is the foundation on which the annual coordinated action is built (the ‘rulebook’ for coordinated action). The objective of the CEF is to facilitate joint actions in the broad sense in a flexible but coordinated manner. Details in... More
  • European Parliament Addresses Smart Mobility Apps, Data Privacy and C-ITS The European Parliament issued a detailed study on the impact of smart mobility applications on the future of transport and addressed some data protection issues. Public authorities should further specify legislation for data privacy and protection. (e.g. addressing how drivers can grant third parties’ consent to use their data, where processing data is necessary for a task carried out in the public interest). The Cooperative Intelligent Transport System (C-ITS) industry and vehicle manufacturers should develop systems flexible enough to guarantee full control... More