Posts by Lynn Goldstein
Assessments in an AI World – Requirements for US State Privacy Laws
By: Lynn Goldstein and Peter Cullen Data Protection Assessment required by U.S. state privacy laws call for balancing of all stakeholder’s risks and benefits but don’t tell how to balance…
Read MoreMultistakeholder Sessions Set the Tone for the New Wave of Demonstrable Assessments (Part 1)
By: Lynn Goldstein and Barb Lawler This month the IAF held a multistakeholder session featuring our research on Demonstrable Assessments for U.S. State Privacy Laws, attended by regulators, academics and…
Read MoreA recent EDPB decision on criteria for a GDPR Main Establishment in the EU puts the use and benefits of BCRs potentially at risk.
By: Lynn Goldstein & Steve Wood Binding corporate rules (BCRs) form a crucial governance and data protection strategy for many multinational organizations, including many IAF members. A recent EDPB decision…
Read MoreCJEU Case in SCHUFA Has Implications Beyond Credit Scoring
The European Court of Justice opinion that credit scoring constitutes automated decision-making under GDPR Article 22(1) has broader implications beyond credit-scoring. The ruling by the court “to fill a legal…
Read MoreThere Is Privacy Law Innovation in the United States
U.S. states are leading innovation in data protection law and regulation. Four states (California, Colorado, Connecticut, and Virginia) have enacted laws that require data protection assessments (DPAs), and three states…
Read MoreThe Overturning of Roe v. Wade Undermines the Right to Privacy
The effect of the United States Supreme Court’s overturning of Roe v. Wade is not limited to the right to abortion and bodily autonomy. Its consequences, as some have worried,…
Read MoreThe Right to Privacy is as Important as the Right to Use Guns
Due to the recent mass shootings, especially those of shoppers at a Buffalo supermarket and of school children in Uvalde, there is much attention on the Second Amendment’s “right” to…
Read MoreThere are Many Reasons to Worry About Data Transfers, but the Austrian DPA Second Google Analytics Decision Should not be one of Them
noyb’s posting that the “risk-based approach” to data transfers has been rejected is disingenuous. Moreover, the Austrian Data Protection Authority’s second Google Analytics decision is poorly reasoned and is based…
Read MoreLesson from the North: The Expectations for Federal Privacy Legislation Will Overwhelm the Process
By: Lynn Goldstein & Marty Abrams Are the goals of a comprehensive U.S. privacy bill to cure the ills of surveillance capitalism? Algorithmic discrimination? Labor displacement through AI? Data monopolies…
Read More