cover1_Fotor.jpg

Hey there.

Welcome to my blog. I'm a lawyer intrigued by legal issues in the fashion industry.  When I'm not working, I'm exploring new places, wines, and beauty products.

Hope you find something you like.

Here's why you keep getting those "updated privacy" emails - GDPR

Data privacy relates to personal information that is stored electronically and how that technology that deals with the collection, storage, and organization of such information.  The more personal the information, the more protection it should be under.  Personally identifiable information, including social security numbers, medical records, and financial data must be heavily protected for obvious reasons.  Different parts of the world consider different types of data "private," for example, European consumers typically believe that protecting names and addresses as much more necessary than in the U.S., perhaps just from a difference of culture.  When data ends up in the wrong hands or a large breach occurs, it could mean a loss of reputation for a company or a theft of identity for an individual.

Data privacy is the sexy new field that is no longer affecting only tech dorks.  In today's world, a local boutique in Maine can ship to customers in Europe, and its collection of consumer data and how its protected falls under data privacy laws. 

The European Union's General Data Protection Regulation was implemented this month and is considered the most strict and costly privacy regulation ever to be enacted.  The GDPR applies to EU based companies that do business in the EU, as well as any U.S. company that has a web presence or markets product over the web... which means, basically everyone. 

Some of the most critical aspects of the GDPR include a 72 hour window of notification obligations for a data breach, requirements including appointing data protection officers to manage data collectors and processors, and heavy penalty provisions for failing to conform.  In addition, from a consumer perspective, one has the right of erasure, meaning you can demand that a company erase all stored personal information they have on you and consumers can also request his or her data from a company - so consumers can see at all times what information was collected.  From this ability to "collect" your own data from a company, arises the right of data portability, which companies are still unclear about.  The right of data portability would allow an individual to obtain their information from one company and essentially share that same information with another company - meaning, an individual's data can easily be copied and transferred in a safe and secure way.  Companies are sweating this provision out, since one companies ability to collect and maintain valuable information can now easily be shared with its biggest competitors, without the competitors having to do any work.

What is trade dress protection?