The U.S. data protection law landscape is moving fast since the GDPR arrived in the EU. This movement happens mostly at the state level so far, the CCPA being the best known of these new laws. The California Consumer Privacy Act (CCPA) is indeed a significant advancement for the Golden State data privacy legal framework. The U.S. doesn’t yet have a nation-wide federal data privacy law. But this day may come, as the need to unify a patchwork of U.S. data privacy laws grows.[Read more…] about U.S. Data Privacy Laws: CCPA, HIPAA, COPPA… and soon a Federal Data Protection Act?
OPINION. In its fight against Covid-19, China makes intensive use of the personal data of its people, while the EU doesn’t – yet. Big data analytics “for the common good”, including large-scale monitoring of population movements and identification of potential cases is a significant innovation in the management of this epidemic. This should be done, but with privacy in mind.[Read more…] about We Should Weaponize Personal Data to Fight Covid-19, with Privacy in Mind
Data Privacy in China is usually only mentioned in discussions on state surveillance, and the legitimate concerns it raises. A lesser known question is the development of obligations for companies towards consumers, i.e. consumer privacy rules. This post focuses on their evolution, culminating with China’s Cybersecurity Law, and their comparison with data privacy rules in the U.S. and the EU.
This post summarizes the main results of my law review article “China’s Approach on Data Privacy Law: A Third Way Between the U.S. and the EU?” to be published in the Penn State Journal of Law and International Affairs, vol. 8.1. This law review article comprehensively details the results of a research that is part of my Ph.D earned from Shanghai Jiao Tong University. Whereas the present post only aims at “briefly” presenting the main findings in a more casual fashion.[Read more…] about Data Privacy Law in China: Comparison with the EU and U.S. Approaches
Will the EU Standard Contractual Clauses survive the new battle between Facebook and Maximilian Schrems? On October 3, 2017, the Irish High Court issued a decision requesting the CJEU to evaluate the validity of the EU Standard Contractual Clauses (SCCs). These clauses are used to export personal data collected in the European Economic Area (EEA) to a third country.
By this decision, the High Court acknowledges that there are “well-founded grounds for believing that [the EU Standard Contractual Clauses] are invalid,” and that it is therefore necessary to refer them to the CJEU to ensure uniform data protection in the EU (see paragraph 338 of the judgment).