Here’s a summary of the three new privacy laws signed by Gavin Newsom on October 8, 2025 in California: AB 566 – California Opt Me Out Act Requires browser developers (for browsers used by Californians) to include a built-in “opt-out preference signal” (sometimes called OOPS) that lets users send a global opt-out request for sale/sharing […]
The European Union has unveiled a series of significant updates to the GDPR framework that organizations should monitor closely. The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) have welcomed targeted amendments focusing on record-keeping obligations for smaller entities — part of a broader effort to simplify compliance requirements. At the same […]
What happens to your GDPR Compliance Program in the event that the UK leaves the EU without striking an agreement with the EU. Here is a summary of actions you will likely need to take, followed by a more detailed explanation. Revise your standard contractual clauses for transfers from the EU to the UK […]
As the new sheriff in town, the GDPR casts a dark shadow over businesses processing direct marketing data. The regulation has businesses wondering if they must obtain new consents for their entire marketing database. The answer is “it depends.” This problem arises from Recital 171 of the GDPR which states: “Where processing is based […]
On May 25th, 2018, EU lawmakers unleashed the GDPR—a new privacy law capable of delivering a financial blow to businesses across the globe, not just in Europe. The data which drives email marketing programs must be processed and stored in accord with the GDPR. Recital 47 of the GDPR states: “The processing of personal data […]
Just when you thought you could catch your breath, California, on June 28, 2018, enacted the strictest data privacy law in the United States—the California Consumer Privacy Act (“CCPA”). With striking resemblances to the GDPR, the new law will carry with it broad implications for businesses providing services to, or collecting data from, California consumers. […]
The powerful nature of the GDPR has instilled fear among businesses across the globe. As most companies rush toward compliance, some try to hide behind others. Just weeks after the GDPR came into effect, the European Court of Justice (ECJ) decided a case that made clear that businesses cannot avoid liability by hiding behind other […]
In light of the GDPR’s stringent requirements for consent, HR departments will need to review the legal basis for processing employee data under employment contracts based on consent. The GDPR heightened the requirements for using consent as a legal basis, making this method risky and burdensome. The GDPR requires that consent must be: (1) freely […]
