Sent to subscribers in May 2019

Almost one year after GDPR Day, the European Union Member States have not yet fully completed their implementation of the EU General Data Protection Regulation (GDPR) into their national laws. While the GDPR became applicable as of May 25, 2018, and is fully in effect throughout the European Union, each Member State has the opportunity to make changes or additions to approximately 50 clauses of the GDPR. Some Member States have already done so, but a few are behind. In Supplement #29, we provide new information about changes in several Member States. 

In the meantime, the EU data supervisory authorities have begun enforcement actions against violators. These actions have resulted in a wide range of fines. The smallest fine so far is approximatively €5,000. The largest fine was assessed in January 2019 by CNIL, the French data supervisory authority, against Google and amounts to €50 million. A summary of the Googleopinion is provided in Chapter 06A. Google is appealing the decision primarily on jurisdictional grounds.

In addition to the GDPR, a new law has become “the talk of the town”: The California Consumer Privacy Act (CCPA). The CCPA was passed in California at the end of June 2018 and amended in August 2018. More than 40 amending bills have been filed in an attempt to amend it further. The CCPA is expected to take effect on January 1, 2020, unless a federal omnibus data protection law is passed in the U.S. Congress that supersedes the CCPA. As it stands currently, the CCPA grants California residents rights of information, access, erasure, and objection that have significant similarities with those provided to EU residents under the GDPR. The CCPA is of interest to all companies worldwide that do   business with California residents or are located in California. It also applies to companies that control a business that is subject to the CCPA. The scope of the law and its requirements are described in Chapter 65.

As we are approaching the 10th anniversary of this treatise, it is fascinating to look back and evaluate the significant changes, evolution, and expansion of the law of the protection of personal information.