On July 21, the White House announced that seven leading AI companies (Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI) have agreed to make voluntary commitments around three key areas of their AI systems:...more
Swiftly on the heels of the U.S. announcing it fulfilled its commitments for implementing the EU-U.S. Data Privacy Framework (the Framework), the European Commission (the EC) formally recognized that commercial organizations...more
7/14/2023
/ Court of Justice of the European Union (CJEU) ,
Data Security ,
Department of Justice (DOJ) ,
Department of Transportation (DOT) ,
Enforcement ,
EU Data Protection Laws ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Liability ,
Notice Requirements ,
ODNI ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On December 21, 2023, the Colorado Attorney General released a second draft of the Colorado Privacy Act Rules, revising the previous draft of the proposed rules. Our analysis of the first draft of the rules can be found here....more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
October was a busy month in New York for cybersecurity enforcement. In addition to a $4.5 million settlement between the New York Department of Financial Services and EyeMed Vision Care (discussed in a forthcoming blog post),...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
The Federal Trade Commission has formally launched a rulemaking proceeding that nominally is focused on consumer privacy issues, but actually raises significant questions about the impact of artificial intelligence/machine...more
TThe Federal Trade Commission (FTC) recently published a blog post asserting that Section 5 of the FTC Act may require companies to notify individuals of breaches of their personal data, even where there is no specific breach...more
The California Privacy Protection Agency Board (the "CPPA Board") announced on May 27, 2022, that it would hold a public meeting on June 8 to discuss, among other things, a set of detailed proposed regulations to "Implement,...more
6/6/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Proposed Regulation ,
State Privacy Laws
On March 31, 2022, the Payment Card Industry Security Standards Council published version 4.0 of its PCI Data Security Standard (PCI DSS). The updated standards provide significant new guidance on the scope and applicability...more