Extraterritorial Application of The GDPR

By:  Ron Moscona, Jamie Nafziger and Clint Conner The EU General Data Protection Regulation (GDPR), which is billed as the most important development in data privacy regulation in at least 20 years, arrived with a bang in May of this year and companies have been scrambling to implement compliance measures that will avoid its stiff… Read More

Claimed Failure to Disclose GDPR’s Collateral Impact Leads to Class Action Against Nielsen Holdings

In what could be a harbinger of things to come for business models negatively impacted by the throttling of data flow under the European Union’s General Data Protection Regulation (“GDPR”), Nielsen Holdings (“Nielsen”) was named in a putative class action complaint on August 22, 2018, for allegedly misrepresenting the anticipated effects of GDPR on Nielsen’s business model.  Importantly, the class action takes aim not at Nielsen’s ability to comply with GDPR, but rather the effects of GDPR on the big data platforms used by Nielsen.  Nielsen provides consumer market analytics, particularly regarding digital media and e-commerce.  When big data platforms and associated analytic providers began restricting access to consumer data in order to comply with GDPR, it apparently negatively impacted Nielsen’s business model.  Those effects surfaced in Nielsen’s latest Q2 financial report, causing its stock to drop by more than 25 percent, and giving rise to the class action claims.

Financial Industry Groups Should Have a Pulse on the California Consumer Privacy Act of 2018

Financial institutions that are grappling with how the European Union’s General Data Protection Regulation (“GDPR”)may impact their U.S. operations should also be keeping a close eye on the California Consumer Privacy Act of 2018 (“CCPA”).  The CCPA, or Assembly Bill (“AB”) No. 375, which was passed on June 28, 2018 and is set to take effect in 2020, mirrors some GDPR protections by providing California residents greater control over the dissemination of their personal data, including the option of barring companies from selling their data. 

Proposal for new European ePrivacy Regulation

On 10 January 2017, the European Commission announced its proposal for new legislation which would update the law relating to privacy in electronic communications. The Commission has proposed a draft ePrivacy regulation that would repeal and replace the existing ePrivacy Directive (2002/58/EC) (“ePrivacy Directive”). The draft regulation aims to further the Commission’s Digital Single Market Strategy by complementing and conforming privacy rules in the telecommunications sector with the General Data Protection