BCLP actively tracks the proposed, failed and enacted AI regulatory bills from across the United States to help our clients stay informed in this rapidly-changing regulatory landscape. The interactive map is current as of...more
After nearly seven months of lawmaking, California legislators ended this session without the passage of a bill regulating the development or deployment of artificial intelligence (AI) systems....more
9/15/2023
/ Artificial Intelligence ,
Congressional Investigations & Hearings ,
Executive Orders ,
Governor Newsom ,
Innovation ,
Legislative Agendas ,
Public Procurement Policies ,
Public Sector ,
Risk Assessment ,
State Legislatures ,
State Procurement Contracts ,
Technology Sector
On June 16, 2023, Nevada Governor Joe Lombardo signed SB 370 into law. This new law is a consumer health data bill that is similar in many ways to Washington’s My Health My Data Act (MHMDA). SB 370, like most provisions of...more
In recent months, organizations have been dealing with an emerging wave of lawsuits from an unexpected source: the VPPA. The Video Privacy Protection Act (“VPPA”), originally intended to prevent “wrongful disclosures” of...more
7/26/2023
/ Class Action ,
Cookies ,
Data-Sharing ,
Defense Strategies ,
Online Videos ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Service Provider ,
Video Recordings ,
VPPA ,
Web Tracking ,
Websites
The Colorado Privacy Act (“CPA”), Colorado’s first comprehensive consumer privacy law, came into effect on July 1, 2023. Like many new privacy laws, though, there has been uncertainty surrounding when meaningful enforcement...more
As with a growing number of states, Connecticut passed a comprehensive consumer privacy law, the Connecticut Data Privacy Act (the “CTDPA”), on May 10, 2022. The CTDPA becomes effective on July 1, 2023 and, in spite of the...more
7/3/2023
/ Amended Legislation ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Selling ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
PHI ,
Sensitive Personal Information ,
State Privacy Laws
In 2023, state legislatures across the U.S. responded to the growing impact of artificial intelligence (AI) by introducing a substantial number of bills aimed at regulating its development and use by private industry. To...more
To date, US non-profit organizations have enjoyed an exemption from the state omnibus privacy laws. That’s about to change. Unlike the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA),...more
On March 15, 2023, the Colorado Attorney General’s Office announced the finalization of the Regulations implementing the Colorado Privacy Act (CPA), which will take effect on July 1, 2023. Covered businesses that make use of...more
The Federal Trade Commission (“FTC”) has issued a policy statement addressing biometric technologies in a signal of enforcement actions to come: It states: “In light of the evolving technologies and risks to consumers, the...more
5/26/2023
/ Biometric Information ,
Data Collection ,
Data Privacy ,
Data Security ,
Enforcement ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Policies and Procedures ,
Policy Statement ,
Risk Assessment ,
Unfair or Deceptive Trade Practices
On April 27, 2023, the Washington state governor signed into law the My Health My Data Act, also known as the MHMDA. The majority of the law’s provisions will take effect on March 31, 2024, providing companies with one...more
On January 1, 2023, the California Privacy Rights Act of 2020, which amended the existing California Consumer Privacy Act (collectively, the “CPRA”) and Virginia’s Consumer Data Protection Act (“VCDPA”) went into effect....more
After much anticipation by organisations both in and out of the PRC, the new standard contractual clauses have been issued by the Chinese regulatory authorities as a means to permission the cross-border transfer of personal...more
“Precise Geolocation” has become a hot button issue in the privacy world with recent data privacy laws seeking to regulate the collection and processing of such information, including in California and Virginia. The...more
3/30/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Information ,
Data Collection ,
Federal Trade Commission (FTC) ,
Geolocation ,
Guidance Update ,
Location Data ,
Location Privacy ,
Mobile Apps ,
Mobile Devices ,
Privacy Concerns ,
Third-Party Service Provider
The concept of Sensitive Personal Information (SPI) has made its way into new and emerging US privacy laws. The usual challenges associated with a novel privacy obligation certainly apply to Sensitive Personal Information,...more
2023 will be yet another dynamic year for data privacy regulation. In addition to the data privacy laws in Virginia, Colorado, Utah, and Connecticut going into force this year, businesses also have to contend with the fact...more
Businesses have become increasingly reliant on artificial intelligence (AI) to assist with hiring, promotion, and other employment-related tasks. These tools are facing increased scrutiny from regulators, especially in New...more
1/9/2023
/ Americans with Disabilities Act (ADA) ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Automation Systems ,
Bias ,
Corporate Counsel ,
Equal Employment Opportunity Commission (EEOC) ,
Fair Credit Reporting Act (FCRA) ,
Hiring & Firing ,
Job Applicants ,
Local Ordinance ,
Software
Two and a half years after the Schrems II decision invalidated the EU-US Privacy Shield, the EU and US are inching closer to a replacement data transfer mechanism for EU to US personal data transfers. On 13 December 2022, the...more
Under the PRC Cybersecurity Law, PRC Personal Information Protection Law and PRC Data Security Law, certain organisations (as well as individuals) are now required to conduct a security assessment of outbound transfers of...more
On October 7, President Joe Biden signed an Executive Order (EO) on Enhancing Safeguards for United States Signals Intelligence Activities, which is intended to move forward next steps in the EU US Privacy Shield Framework...more
10/24/2022
/ Biden Administration ,
Compliance ,
Compliance Dates ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Intelligence Agencies ,
National Security ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance
The American Data Privacy and Protection Act (“ADPPA”) has been working its way through Congress with notable bipartisan support. After a July 20th markup session in the House Committee on Energy & Commerce amending the bill,...more
The California Privacy Protection Agency (CPPA) Board met on September 23, 2022, to discuss ongoing efforts to prepare for the California Privacy Rights Act (CPRA), which becomes operative on January 1, 2023 (an agenda of the...more
By now, it is generally known that comprehensive privacy laws include requirements to allow consumers to opt-out of the sale of the their personal information, including personal information collected through the use of...more
9/19/2022
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Data Selling ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Search Engines ,
State Privacy Laws ,
Targeted Digital Advertising
Do Companies have a cure period for alleged violations under the California Privacy Rights Act (“CPRA”)?
No, the CPRA eliminates the thirty (30) day cure period originally permitted under the California Consumer Privacy...more
Unless the California legislature acts soon, the scope of information subject to the California Privacy Rights Act (“CPRA”) will include all employee or human resource-related personal information on January 1, 2023. To date,...more
6/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Privacy ,
Data Subjects Rights ,
Employee Privacy Rights ,
Employer Liability Issues ,
Employer Responsibilities ,
Exemptions ,
Human Resources Professionals ,
Personal Data ,
Personnel Records ,
Risk Management