Privacy Compliance & Data Security Blog

Odia is a frequent contributor to the firm's Privacy Compliance & Data Security blog, writing regularly on a wide variety of emerging international data privacy and cybersecurity issues. Topics include the European Union's General Data Protection Regulation, the California Consumer Privacy Act and Pacific Rim data privacy initiatives.

Read Odia's most recent posts below or view a complete list of all her articles.

Recent Blog Posts

  • Washington State Introduces Privacy Legislation That Goes Beyond CCPA “We see your CCPA and we raise you some GDPR,”  says Washington state with a new privacy bill. If passed, the Washington Privacy Act would go into effect on July 31, 2021 and would enact a comprehensive law that includes individual rights that go beyond CCPA. Key provisions that go beyond CCPA: Strong provisions that align with GDPR (e.g data minimization, purpose limitation, controller processor distinction) Commercial facial recognition provisions Obligations to perform data risk assessments Opt-in consent for the processing of sensitive data (including information... More
  • Study: Few Consent Management Platforms Meet GDPR Cookie Requirements A new study has found only 11.8% of the most popular Consent Management Platforms (CMPs) used on UK websites meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent. The researchers’ scraper was used to determine whether a consent form met GDPR and eDirective requirements. The rules say consent must be explicit. So, for example, users must click a button rather than just hop straight through to the website; all aspects of consent must be equally easy to... More
  • California Attorney General Issues Consumer Advisory on CCPA “In California we are rebalancing the power dynamic by putting power back in the hands of consumers. I encourage all Californians to take a moment to understand their new rights and exercise these rights to take control of their personal data,” wrote California Attorney General Xavier Becerra. “Becerra has issued an advisory for consumers highlighting their new rights as part of the California Consumer Privacy Act (CCPA), which went into in effect on January 1, 2020. The advisory describes consumers’ basic... More
  • Could California Earn Its Own Data Transfer Adequacy Status With the EU? “Adequacy” seems to be the hardest word. On the brink of Brexit and the UK becoming a “third country” without a so called “adequacy” status for the cross border transfer of personal data from the European Union — Could California have its own Privacy Shield arrangement separate from the rest of the U.S.? This question emerged during the third annual review of the data-transfer agreements at the European Parliament. If the Court of Justice of the EU invalidates Privacy Shield, and California applied... More
  • CA Senate Proposes Expanded CCPA Carve-Outs Related to HIPAA, Biomedical Research On the sixth day of CCPA the California Senate Health Committee gave to me … a HIPAA carve-out. AB 713, reported favorably by the California Senate Health Committee, would expand the exemption related to HIPAA and medical research. Specific carve-outs: De-identified PHI or medical information, provided that the business does not attempt nor actually re-identify the information “Business associates” Personal information collected for, or used in, biomedical research subject to institutional review board standards and the Common Rule. Personal information collected for or used in research,... More
  • What is Online Privacy Worth? How much is that privacy in the window? Researchers behind experiments on people’s willingness to pay for privacy, including Angela Winegar, Cass Sunstein and Alessandro Acquisti argue that consumers’ behavior and preferences aren’t a reliable indicator of how they value their own privacy, let alone how a society as a whole should value it. “Study after study has found that people’s valuations of data privacy are driven less by rational assessments of the risks they face than by factors like the... More
  • Politico: Some EU Data Protection Leaders Voicing Concerns About GDPR Enforcement Wherefore art thou GDPR? Some EU supervisory authorities are voicing dissatisfaction with enforcement of GDPR to date. “After nearly one and a half years we must concede that we have a huge problem with the enforcement of cross border processing especially by globally acting companies,” says a spokesperson for the Hamburg data protection authority authority, referring to cases that concern web users in more than one country. “It is absolutely unsatisfactory to see that the biggest alleged data protection violations... More
  • CNIL: Continuous, Systematic CCTV Surveillance at Schools Excessive French Data Protection Authority CNIL has weighed in on CCTV surveillance in schools. CNIL received 25 complaints regarding systematic surveillance of students throughout their day, whether during their recess, during their lunch in the canteen or even during their class time. These cameras also made it possible to film almost constantly a part of the staff. “It is possible to film access to buildings (entrances and exits) and circulation areas, in particular to ensure the safety of students, agents and property and... More
  • With Fate of Federal Privacy Law Uncertain, More States Expected to Follow California’s Lead “Though it’s hard to predict what will happen with regard to a federal privacy bill in 2020, the reality is that the CCPA is here and other states will surely follow,” writes Jedidiah Bracy of the International Association of Privacy Professionals. “In addition to driving policy talks in the nation’s capital, the CCPA may also become a blueprint for other U.S. states to issue their own laws. New York, Illinois and Washington state are all expected to issue draft laws in... More
  • Digital Advertising Alliance’s CCPA Opt Out Tools Launch January 1 The Digital Advertising Alliance (DAA) announced that its web- and app-based tools are expected to go live on Jan. 1, 2020, as the California Consumer Privacy Act (CCPA) takes effect. The web-based tool will enable consumers to express an opt out from sale of their personal information, including its use for interest-based advertising, by companies that collect data across sites and are offering a CCPA opt out to the sale of information through the tools. (An app version of the... More