Another Data Privacy Law? Colorado Enacts the Colorado Privacy ActColorado became the third state to enact comprehensive data privacy legislation when Gov. Jared Polis signed the Colorado Privacy Act (CPA) on July 8, 2021. The CPA shares similarities with its stateside predecessors, the California Consumer Privacy Act (CCPA), the California Privacy Rights Enforcement Act (CPRA), and the Virginia Consumer Data Protection Act (VCDPA), as

Privacy Moves to the East Coast: Virginia Set to Enact Comprehensive Consumer Data Protection LawVirginia is primed to become the next U.S. state to pass comprehensive data-privacy legislation with striking similarities to the California Consumers Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the E.U.’s General Data Protection Regulation (GDPR).

The legislation, known as the Consumer Data Protection Act, passed the Virginia House of Delegates on January

2020 Brings Times of Change: Key Privacy Law Updates This YearThe privacy law landscape is constantly changing, and it can feel like a daunting task for businesses to keep up with the laws of 50 states in the U.S. plus any international laws that also may be applicable. 2020 seems to be a banner year for change on many fronts. COVID-19 and the 2020 elections

Schrems II, Part 2 — Additional Guidance for the Transfer of Personal Data Between the EU and U.S.Additional Impacts of the Invalidation of the EU-U.S. Privacy Shield

As previously advised, on July 16, 2020, the Court of Justice of the European Union (CJEU) issued a lengthy and detailed opinion invalidating the EU-U.S. Privacy Shield. The decision required immediate changes in the transfer of “personal data” between the European Union (EU) and

Impacts of the European Union invalidation of the EU-U.S. Privacy Shield

Initial Guidance for the Transfer of Personal Data between the European Union and the United States

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a very lengthy and detailed opinion invalidating the EU-US Privacy Shield (Decision 2016/1250), thereby requiring an immediate re-assessment of transfers of Personal Data between the European Union (EU) and the