Ohio House Bill 345, also known as The Ohio Personal Privacy Act, was introduced at the end of 2023 and is currently being considered in committee. The bill establishes requirements related to the collection, processing, and...more
The U.S. Patent and Trademark Office (USPTO) has issued new guidance on patent subject matter eligibility, specifically concerning AI inventions. This guidance aims to assist patent examiners in assessing whether claims in a...more
Keypoint: Assuming the bills become law and go into effect, operators of websites and online services that collect the personal data of minors and are subject to the bills will need to undertake several compliance activities....more
Challenges may arise when conducting an internal investigation related to an underlying disclosure by a whistleblower pursuant to the EU Directive, because companies must strictly comply with the GDPR. Failure to comply with...more
The upcoming year will continue to hold challenges for data privacy programs. The Quarles Privacy Week 2024 programming from this week has provided an overview of the upcoming issues and challenges that are on the horizon....more
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
On August 9, 2023, India passed a data protection law that will govern how entities who process users’ personal data. The Digital Personal Data Protection Act (“the Act”) will establish guardrails for how organizations should...more
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
Alla luce del recente provvedimento dell’Autorità Garante per la Protezione dei Dati Personali Francese, la Commission nationale de l'informatique et des libertés (“Garante” o “CNIL”), riportiamo di seguito un’analisi del...more
After a significant delay, on February 3, 2023, the California Privacy Protection Agency (CPPA) unanimously approved amended regulations. The new regulations have not yet gone into effect as they must first be approved by the...more
2023 continues to be a busy year for European data protection authorities. Following its release of the Irish Data Protection Commission’s (DPC’s) binding decisions in cases against Facebook and Instagram, the European Data...more
On January 19, the Irish Data Protection Commission (DPC) announced the conclusion of an inquiry into the data processing practices of a U.S.-based messaging service’s Ireland operations and fined the messaging service €5.5...more
On 3 February 2022, the French Commission Nationale de l'Informatique et des Libertés (the "CNIL") published a set of commercial management guidelines for all organizations that conduct data processing for the management of...more
On July 28, 2022, the California Privacy Protection Agency (the “Agency”) held a special meeting (the “Meeting”) to discuss and act on the proposed federal privacy legislation, the American Data Protection and Privacy Act...more
The California Privacy Protection Agency (CPPA) recently released the draft proposed CCPA Regulations and draft initial statement of reasons. Importantly, these are draft regulations that are likely to be subject to extensive...more
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
On June 3, 2022, Senator Wicker (R-Miss.), Ranking Member of the Senate Commerce Committee, and Representatives Pallone (D-N.J.) and Rodgers (R-Wash.), Chairman and Ranking Member of the House Energy and Commerce Committee,...more
Keypoint: The chances for the United States to finally enact a federal privacy bill appear to have increased with the circulation of a bipartisan discussion draft although its chances for passage are far from clear....more
Connecticut Passes the Fifth US State Consumer Privacy Law - The Connecticut governor has formally signed and passed An Act Concerning Personal Data Privacy and Online Monitoring (CPDA), making this law the fifth US state...more
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer. But in the processor-sub-processor data processing agreement, the data processor reserves the right to disclose...more
Over the span of five months in 2021, our team published a series of articles on how to implement the five core functions of the National Institute of Standards and Technology (NIST) Privacy Framework. We wrote an initial...more
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the...more
The National Institute of Standards and Technology (NIST) Privacy Framework is a widely known control set used to assist organizations in identifying privacy risks within their business environment and allocating resources to...more
On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more