Rules, rules, rules!

There is a long list of data protection-related policies that organizations present in the EU have implement for GDPR.

But do they really need them?

Here is Golden Data Law candid advice on what to invest in and what to avoid.

Because, let’s be honest, for resource strained nonprofits/not-for-profits deciding what not to do is just as important as deciding what to do and when…

ACKNOLEDGEMENT: Big thanks to Ismail Ali for his contributions to this article.

NOTE: This posting is part of a series of blog post by Golden Data Law dedicated to making freely available…


NOTE: This posting is part of a series of blog post by Golden Data Law dedicated to making freely available to the nonprofit community resources about privacy, data protection and cybersecurity. To learn more about us visit our site at https://goldendatalaw.com/

Since the General Data Protection Regulation (“GDPR”) went into effect in 2018, the European Commission has been working on creating a new version of the Standard Contractual Clauses (SCCs) that facilitate compliance with international data transfers restrictions (codified in Article 44 et sec. of GDPR.) …


The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal statute enacted by the 104th United States Congress which was signed into law by President Bill Clinton on August 21, 1996. The law required the creation of national standards to protect sensitive patient health information and gave the US Department of Health and Human Services (HHS) rulemaking authority.

HHS has issued the following rules:

  • HHS published a final Privacy Rule in December 2000, which was later modified in August 2002. This Rule set national standards for the protection of individually identifiable health information by three types of…

This case in a nutshell

In this case the court found that, while legislative or discretionary powers or trusts devolved by charter or law on a council or governing body, or a specified board or officer, cannot be delegated to others, it is equally well established that ministerial or administrative functions may be delegated to subordinates or agents. [Sacramento Chamber of Com. v. Stephens, 212 Cal. 607, 299 P. 728 (1931)]

Therefore, under the charter of the city of Sacramento, the city council had power to enter into a contract with the Chamber of Commerce of that city, by which the latter agreed for a…


This case in a nutshell

This case revolves around an ordinance which decrees that the salaries of certain city employees shall be no less than the average of those of an adjoining city and those of an adjoining county.

Defendant’s main contention rested upon the proposition that the enactment of the ordinance by either the council or the electorate would constitute an unlawful delegation of legislative power.

The court found that there is no unlawful delegation of legislative power where the power to legislate has been expressed and exerted in the enactment of the policy of such parity. Future adjustment in salaries pursuant to that…


This case in a nutshell

At issue in this case was whether the Public Utilities Commission (the PUC) had the authority to implement the Electric Program Investment Charge (EPIC). EPIC required electric utility corporations serving California to collect a surcharge on their ratepayers’ electricity bills to fund renewable energy research, development, and demonstration projects with the aim of making electricity service cheaper, safer, and more reliable for the corporations’ own ratepayers. The Southern California Edison Company (SCE), one of the three large investor-owned utilities required to collect the surcharge, petitioned for writ of review to challenge the PUC’s two decisions creating EPIC. In sum, the…


This case in a nutshell

This case is all about what powers conferred upon California public agencies and officers can be delegated. The ruling restates the rule that, when those powers “involve the exercise of judgement or discretion” they are “in the nature of public trust and cannot be surrendered or delegated to subordinates in the absence of statutory authorization.” On the other hand, “public agencies may delegate the performance of ministerial tasks, including the investigation and determination of facts preliminary to agency action.”


The Colorado Privacy Act (aka “ Protect Personal Data Privacy Act) (CPA) was enacted in 2021 through SB21–190 to protect the fundamental right to privacy of Colorado residents and to “require companies to be responsible custodians of data as they continue to innovate.” (See Legislative Declaration for SB21–190.)

The CPA:

  • Provides Colorado residents with the right to access, correct, and delete personal data and the right to opt-out not only of the sale of personal data but also fo the collection and use of personal data in certain scenarios;
  • Imposes an affirmative obligation upon companies to safeguard personal data; to…

European Digital Rights (EDRi) is the biggest European advocacy group defending rights and freedoms online in Europe.

EDRi is an NGO headquartered in Brussels, Belgium.

EDRi’s mission is “to challenge private and state actors who abuse their power to control or manipulate the public. We do so by advocating for robust and enforced laws, informing and mobilising people, promoting a healthy and accountable technology market, and building a movement of organisations and individuals committed to digital rights and freedoms in a connected world.”

Through it NGOs, experts, and advocates collaborate and contribute to advocacy work.

EDRi runs campaigns to increase…


Lawyer’s advice on how to get into “data for good” and keep it “good”

I used to picture data scientists as aloof nerdy types that do not like to get in the brawl when it comes to policy. “Tell me what you want to know and I will ask the data” kind of people.

That is actually not true (or at least not true for all.)

For a few years now, data scientists have been collaborating with organizations, policymakers, and researchers to actually harness the power of data in the service of humanity. And they get together. …

Golden Data Law

Golden Data Law is a mission driven benefit corporation that provides legal services to the not-for-profit community and to governmental agencies.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store