Privacy Compliance & Data Security Blog

Odia is a frequent contributor to the firm's Privacy Compliance & Data Security blog, writing regularly on a wide variety of emerging international data privacy and cybersecurity issues. Topics include the European Union's General Data Protection Regulation, the California Consumer Privacy Act and Pacific Rim data privacy initiatives.

Read Odia's most recent posts below or view a complete list of all her articles.

Recent Blog Posts

  • CCPA Regulations: What if You Inadvertently Sell Personal Information? Commenters on the final California Consumer Privacy Act (CCPA) regulations asked what happens if you map your third party sharing and implement a process but still inadvertently sell personal information as such term is defined in CCPA? The California Attorney General responded: This is not an exception to the definition of sale but if you really have a process, and implement it and follow it, the Office of Attorney General may exercise prosecutorial discretion and not enforce. ... More
  • California Enters Privacy Law Limbo The California Privacy Rights Act (CPRA) is going on the November ballot and, if passed, will bring California data protection law closer to the European Union’s General Data Protection Reguation (GDPR), implementing concepts such as: data minimization retention limitation sensitive information limitation data protection risk assessments; and strong buttoning down of downstream service providers This means more compliance work for companies subject to CCPA. Even companies that are already subject to GDPR will have compliance work to do. More details in this Wall Street Journal story about... More
  • California Attorney General: CCPA Enforcement is Underway On the first day the California Consumer Privacy Act became enforceable, California Attorney General Xavier Becerra issued the following public statement: “Today we begin enforcement of the California Consumer Privacy Act (CCPA), a first-of-its-kind data privacy law in America. We encourage every Californians to know their rights to internet privacy and every business to know its responsibilities. The website of every business covered by the law must now post a link on its homepage that says ‘Do Not Sell My Personal... More
  • CCPA Compliance: Facebook Announces ‘Limited Data Use’ Feature Facebook has announced that it is introducing a new feature businesses can use to limit how they use the data they send to Facebook, called “Limited Data Use,”  with the result that Facebook would process the information as a “service provider” under the California Consumer Privacy Act. (CCPA) To give businesses time to implement Limited Data Use, Facebook has initiated a transition period during which the default setting for California users will be that of the “limited use.” The transition period... More
  • European Data Privacy Regulators Promise to Enforce Data Privacy Despite Pandemic The COVID-19 pandemic has upended global business, but European regulators say it won’t stop them from promoting privacy and data protection, according to the International Association of Privacy Professionals. “What’s clear about the regulators’ enforcement strategies is that they each intend to keep pushing data protection forward, knowing its general importance is only growing as the effects of COVID-19 continue to take shape” Ireland: No particular stance across the board on any type of softening of approach. “We’ll consider any reasonable request... More
  • CCPA 2.0: The CPRA is on the Ballot in California For companies scrambling to button up their California Consumer Privacy Act (CCPA) compliance by the July 1 enforcement date,  some news out of the state capital of Sacramento: Per a memorandum issued June 24, 2020 by the California Secretary of State, the California Privacy Rights Act (CPRA), often dubbed “CCPA 2.0”, has collected a sufficient number of signatures to be included on the ballot in November 2020. CPRA sets out to amend and fortify CCPA and contains many concepts that will bring... More
  • CCPA Regulations: Are Audio Recordings Personal Information? A comment submitted to the California Attorney General’s final California Consumer Privacy Act regulations asked if audio recordings are personal information under CCPA and should they be included in the specific pieces produced as part of an access request? California Attorney General: Yes, and Yes. As a category, there is nothing that exempts audio data from the definition of personal information and so it should be included in the response. If another exception under the regs applies (e.g. inability to verify or inability... More
  • Apple’s Privacy-Focused ‘Nutrition Labels’ for Apps are Only a Start News in the privacy disclosure world. Apple announced it will require mobile apps to self-report data privacy practices and will display this as a “nutrition label” in the app. “Today, we require that apps have a privacy policy. Wouldn’t it be great to even more quickly and easily see a summary of an app’s privacy practices before you download it? Now, where have we seen something like that before? For food, you have nutrition labels; you can see if it’s packed with... More
  • CCPA Regulations: Are Vehicle ID Numbers Personal Information? Commenters on the final California Consumer Privacy Act (CCPA) regulations asked if a Vehicle Identification Number, even by itself, is personal information. Do you have to delete it? How do you address sharing of VINs with third parties for the purpose of an opt-out under CCPA? The California Attorney General replies: Whether or not VIN by itself would be personal information is a fact-specific determination. Whether or not a VIN is exempt from the right to delete is a fact-specific determination. Re opt-out: VIN is... More
  • Israeli Privacy Leaders Form Data Protection Foundation in Response to COVID-19 Tracing Plan Following the decision of the Israeli government to submit a bill allowing phone tracking by the Secret Service for the purpose of COVID-19 tracing, a group of Israeli privacy experts and leaders, including Haim Ravia, Tehilla Shwartz Altshuler, Karine Nahon, Michael Birnhack, Niva Elkin-Koren, Anat Ben-David, Eran Toch, former heads of the Israeli data protection authority Yoram Hacohen and Rivki Dvash and others, is forming a data protection foundation to serve as an alternative to the Israeli data protection authority. The Israeli authority, they say, has been excluded from the... More