Privacy update: Brazil, Schrems and California

Tactical tips for managing changes in the privacy landscape

Black man typing a message at the beach The global privacy landscape has seen major developments over the past few months. Brazil’s Lei Geral de Proteção de Dados (LGPD) came into effect sooner than expected and the EU’s Court of Justice (CJEU) decision in the Schrems II decision invalidated the EU-US Privacy Shield framework. Finally, updates to the California Consumer Protection Act (CCPA) included finalization of the Attorney General’s implementing regulations and an amendment to extend employee/B2B data carve-outs.

“The privacy regulatory environment, as we all know and understand, is evolving and we expect it to continue to evolve for years to come,” said Privacy and Data Protection Principal Lindsay Hohler. “Even with so many changes, there are a lot of ways organizations can support a constantly changing environment like what we see in privacy right now,” said Privacy and Data Protection Senior Manager Ariana Davis.

In this podcast, Hohler and Davis provide an update on the regulatory landscape, how to respond to these changes in the short term and how to support the adaptability and maturity of a privacy program leveraging the “three lines of defense” model, with privacy positioned on the second line of defense as an assurance function.


Lindsay HohlerLindsay Hohler
Principal, Privacy and Data Protection
T +1 703 847 7529

Davis ArianaAriana Davis
Senior Manager, Privacy and Data Protection
T +1 212 624 5336