Archives

The FTC Faces New Hurdles After Eleventh Circuit Decision

This post is authored by Kacey Jennings, a second-year law student at Villanova University’s Charles Widger School of Law. Ms. Jennings is a legal-intern with the XPAN Law Group. When I was growing up, you couldn’t ask Alexa to play the newest album from your favorite artist. There was no Spotify or Apple Music in […]

The Shared Responsibility Model: Balancing Liability in a Matrix of Service Providers

As companies continue to develop new and innovative technologies, streamlining and automating operations, there is an increasing reliance on a number of third-party services to provide services and efficiencies. Each of these third-party providers adds (or attempts to add) a unique new *twist* on the old: more functionality, hopefully improved security, and any other add-ons […]

Privacy is a Blue Chip Investment for Businesses

I recently read an article in the wake of the precipitous drop in Facebook stock, titled: “Facebook ‘puts privacy first’ and stocks plunge 20%”. The title alone was enraging. To suggest that prioritizing privacy can cause Facebook to suffer a devaluation is preposterous and a serious disservice to companies everywhere. But, before the air gets […]

So, it begins: California adopts legislation that reminds many of the GDPR

A common question that we receive at our firm is: will the U.S. adopt legislation similar to the GDPR? And, if yes, what will that look at? Well, let us look into our “magic-8” ball . . . . And, no surprise, it looks like privacy is moving (slowly) across the pond to the US […]

Privacy Is the New Black

It seems to have all started with the Health Insurance Portability and Accountability Act (HIPAA), which was passed in 1996 and signed into law by President Bill Clinton. Then, after stumbling around for almost a decade, in 2009 the HITECH Act was signed by President Barack Obama which gave the necessary teeth to the privacy […]

Cross-Border Data Management and Cybersecurity: Walking the Tightrope of Compliance and Business Efficiency

This article originally appeared on KuppingerCole Analyst’s Blog on June 26, 2018 and is available in its original here. * * * * * Technology is changing rapidly, correlating in an increasing amount of data collected every second.  These technologies cross-borders and allow businesses to operate on a global scale, at a rate never before […]

Are You a Joint Controller with Facebook? The CJEU’s Judgment in Case C-210/16

How many companies maintain business-oriented pages on Facebook?  Millions. In today’s social media driven economy — where individuals digest news, shopping, and friend’s updates all on the same platform — companies are increasingly trying to harness those platforms to drive customers to them.  Even our firm has a Facebook page, a LinkedIn page, and a […]

The GDPR and Higher Education #4: International Data Transfers

We are concluding our series on the Impact of the European Union’s General Data Protection Regulation (“GDPR”) on Higher Education Institutions located in the United States.  The first post frames the application of the GDPR to higher-education institutions; the second post focuses on the two key roles under the GDPR:  data controllers and data processors; and the third post focuses on data processing and key rights under the GDPR.  This final post in the series discusses the data transfer provisions under the GDPR:  key to US-based institutions that intend to transfer data related to EU data subjects to the United States.

The GDPR and Higher Education #3: Lawful Data Processing and Data Rights

As we discussed in our first and second blog posts, higher education institutions — including those in the United States — are impacted by the forthcoming European Union’s General Data Protection Regulation (“GDPR”).  We continue our conversation in this post, focusing on the actual processing of data and the rights of data subjects.

The GDPR and Higher Education #2: Universities as Data Controllers & Data Processors

As we discussed in our first blog post framing the impact of the European Union’s General Data Protection Regulation (“GDPR”) on higher education, there are a number of key GDPR provisions that higher education institutions should be aware of when contemplating GDPR compliance.  This second blog post will focus on data controllers and data processors, key definitions and roles under the GDPR.