Highlights of Brazil’s LGPD
Brazil became the latest country to draw inspiration from Europe’s General Data Protection Regulation (“GDPR”) and adopt its own national comprehensive legal framework for personal data regulation, called the Lei Geral de Proteção de Dados (“LGPD”). A comparison of some of the key topics covered by the GDPR and LGPD are summarized below:
||May 25, 2018
||August 15, 2020 (but enforcement will not begin until August 1, 2021)
||Up to the higher of €10 M or 2% of global annual revenue from preceding financial year
||Up to the lesser of 50 M reals or 2% of Brazilian sourced revenue from preceding financial year
||Personal data processing activities when:
1. Controller or processor is established in the EU, regardless of whether the processing takes place in the EU or not;
2. the data refers to individuals located in the EU when offering goods or services to such data subjects or monitoring their behavior;
3. carried out by a controller not established in the EU, but in a place where Member State law applies by virtue of public international law.
|Personal data processing activities when:
1. carried out
… Keep reading
As we’ve previously blogged about, the California Consumer Privacy Act (“CCPA”) is an exhaustive piece of legislation requiring organizations to heed and defend consumer rights relating to access to, sharing of, and deletion of personal information that is collected by businesses. In particular, the CCPA requires organizations to notify California consumers of the rights newly afforded to them under the CCPA. These rights are summarized in the graphic below.
Summary of Consumer Rights and Organization’s Related Responsibilities:
In addition to notifying California residents of their consumer rights, organizations need to provide at least two methods– including a toll-free phone number—for consumers to submit requests to exercise their rights. If the organization maintains a website, one of those methods needs to be a website address. If an organization operates exclusively online and has a direct relationship with the consumer, it does not need to provide a toll-free number and only needs to provide an email address as a designated method for submitting requests.
Response Requirements When Consumer Exercises a CCPA Right
Once an organization obligated to comply with the CCPA receives a California consumer request to exercise a CCPA right, it must disclose and deliver the information free of charge … Keep reading
Prior to the unique data security and privacy challenges unexpectedly presented as a result of a mass movement to remote working earlier this year, the California Consumer Privacy Act (“CCPA”) was one of the most highly anticipated regulation organizations were (or, should have been) preparing to comply with. Despite industry pressure to delay enforcement of the CCPA so organizations could continue to focus on mitigating further disruptions and damage to their operations caused by the COVID-19 pandemic, the California Attorney General has maintained his commitment to begin enforcement of the CCPA on July 1, 2020.
In preparation for the enforcement date, Burns & Levinson will be doing a series detailing some of the highlights of the CCPA, which technically went into effect on January 1, 2020. If the CCPA applies to your organization and you had not previously taken steps to bring your organization into compliance with Europe’s General Data Protection Regulation (“GDPR”), you may have significant work to do in order to bring your organization into compliance with the CCPA. If your organization has previously engaged in GDPR compliance, you may still have work to do. While there is some overlap between the regulatory and statutory requirements of … Keep reading
Chances are, if you have ever posted or published content on the web, or your company operates a website, you have heard the term “take-down notice.” Perhaps you have even been on the receiving end of such a notice, claiming that content on your website is owned by a third party, and that if you do not remove the content, your website will be taken down or a lawsuit will be filed claiming copyright infringement.
These notices are part of a mechanism available to copyright owners—including those who have not registered their copyrights— under a U.S. law called the Digital Millennium Copyright Act. This statute was enacted in the late 1990s as an attempt to bring the U.S. Copyright Act up to speed with society’s increased engagement via the Internet. The take-down procedure was introduced to provide a “safe harbor” for internet service providers that provide platforms for others to post content. Essentially, by following the procedures detailed in the DMCA, a website owner (or ISP) may be able to shelter him/herself from liability for infringement if a user posts infringing content, provided the website owner is not actively participating in or encouraging infringement and otherwise … Keep reading