Recent Rulings Could Signal Expansion of California Consumer Privacy Right of Action -
Judges in two separate cases in the U.S. Northern District of California (“N.D. Cal.”) recently ruled that class actions brought by...more
5/2/2025
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Compliance ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
New Legislation ,
Privacy Laws ,
State Privacy Laws ,
UK
English High Court Rules that "Relatively High" Consent to Cookies and Profiling is Required Where Individual is Vulnerable -
In a dispute between an individual claimant who was a recovering gambling addict and two...more
2/28/2025
/ Artificial Intelligence ,
Compliance ,
Consent ,
Cookies ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
EU ,
Gambling ,
OECD ,
Personal Data ,
Privacy Laws ,
UK
Illinois Courts Split over Whether Biometric Privacy Law Amendment Applies Retroactively -
Two federal judges in the Northern District of Illinois have taken conflicting views on the issue of whether the Illinois...more
12/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Privacy Protection Agency (CPPA) ,
Code of Conduct ,
Data Protection ,
Enforcement Actions ,
Failure To Disclose ,
Federal Trade Commission (FTC) ,
FTC Act ,
IL Supreme Court ,
Opt-Outs ,
Penalties ,
Privacy Laws ,
Proposed Amendments ,
Retroactive Application ,
Settlement ,
UK GDPR
Happy 3rd Anniversary to Dechert's Cyber Bits! As we celebrate our 3rd year anniversary, we want to thank you for your support in making our publication a huge success. Thank you to the entire Cyber Bits team, who work...more
10/25/2024
/ Advertising ,
Consent Decrees ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Security ,
et al v. FCC ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Settlement ,
UK ,
UK Data Protection Act
X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
Incident Response Plans and Written Information Security Programs Continue to be Essential and Will Need to Be Reviewed. Most sophisticated organizations currently have in place incident response plans. Those organizations...more
7/2/2024
/ Covered Entities ,
Data Breach ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Notification Requirements ,
Personal Information ,
Policies and Procedures ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections -
On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
7/1/2024
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Multi-Factor Authentication ,
Personal Data ,
Securities and Exchange Commission (SEC) ,
Settlement ,
State Privacy Laws ,
UK GDPR ,
Vermont
European Parliament Approves EU AI Act -
On March 13, 2024, the European Parliament approved the EU Artificial Intelligence Act (“AI Act”). A first of its kind legal framework for AI, the AI Act has extraterritorial effect,...more
3/29/2024
/ Appeals ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity Framework ,
Data Brokers ,
Data Collection ,
European Parliament ,
Federal Trade Commission (FTC) ,
Foreign Adversaries ,
General Data Protection Regulation (GDPR) ,
Popular ,
Sensitive Personal Information ,
Strategic Planning ,
Transparency
Biden Administration Issues Executive Order Restricting Bulk Transfers of U.S. Citizens' Personal Data to “Countries of Concern” -
On February 28, 2024, President Biden issued an Executive Order (“EO”) to address the...more
3/15/2024
/ Biden Administration ,
California ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Selling ,
Employee Monitoring ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
High-Risk Countries ,
NIST ,
Opt-Outs ,
Personal Data ,
Sensitive Personal Information ,
UK
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
FTC Settles with Rite Aid on its Use of AI and Processing of Biometric Information -
The Federal Trade Commission (“FTC”), on December 19, 2023, announced that it had reached a settlement with Rite Aid Corporation (“Rite...more
1/19/2024
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Brokers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Inventors ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-In ,
Patents ,
Rite Aid ,
Sensitive Personal Information ,
Settlement ,
UK
President Biden’s recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence:
Establishes a federal government-wide effort to mitigate risks of improper AI development and use....more
12/21/2023
/ Artificial Intelligence ,
Biden Administration ,
Consumer Protection Laws ,
Cybersecurity ,
Data Privacy ,
Executive Orders ,
Financial Institutions ,
Financial Services Industry ,
Machine Learning ,
National Security ,
New Guidance ,
NIST ,
Personal Data ,
Reporting Requirements ,
Risk Mitigation ,
Securities and Exchange Commission (SEC)
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
UK-U.S. Data Bridge Approved -
The UK has approved an extension to the EU-U.S. Data Privacy Framework (DPF) called the ‘UK-U.S. Data Bridge,’ which facilitates data flows from the UK to the U.S. From October 12, 2023...more
10/6/2023
/ Amazon ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Cross Border Privacy Rules (CBPR) ,
Delaware ,
EDPS ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Regulatory Oversight ,
State Data Privacy Laws ,
UK ,
UK GDPR ,
Unfair or Deceptive Trade Practices
Cybersecurity Alert: Silicon Valley Bank and Signature Bank Fallout -
Undoubtedly, cyber criminals are out in full force with phishing links and other scams trying to capitalize on the disruption and panic that many...more
3/17/2023
/ Artificial Intelligence ,
Banking Sector ,
Critical Infrastructure Sectors ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Phishing Scams ,
Privacy Legislation ,
Security Risk Assessments ,
Software Developers
The California legislature recently adjourned its 2022 session without extending several exemptions from the California Consumer Privacy Act of 2018 (CCPA). As a result, due to the California Privacy Rights Act (CPRA)...more
11/21/2022
/ Asset Management ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Carve Out Provisions ,
Data Collection ,
Data Privacy ,
Enforcement ,
Expiration Date ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
U.S. Government Releases Guide of ‘Minimum Baseline’ Cybersecurity Practices for Protecting Critical Infrastructure -
The Cybersecurity & Infrastructure Security Agency (“CISA”) has released a guide to help organizations...more
11/11/2022
/ Advisory Board ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
European Commission ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
International Data Transfers ,
Internet of Things ,
Joint Control ,
New Guidance ,
Popular ,
Transatlantic Trade and Investment Partnership ,
TTP
US Federal Appellate Court Issues Opinion on Proof of Injury in Data Breach Cases -
On September 2, 2022, the U.S. Court of Appeals for the Third Circuit reinstated a class action lawsuit that had previously been dismissed...more
9/30/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Advisory Opinions ,
Appellate Courts ,
Automation Systems ,
Breach of Confidence ,
Breach of Contract ,
Breach of Duty ,
Breach of Implied Contract ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Dark Web ,
Data Breach ,
Data Collection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Fiduciary Duty ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Identity Theft ,
Negligence ,
Popular ,
Putative Class Actions ,
Request For Information ,
Risk Assessment ,
Surveillance ,
UK
On August 24, 2022, California Attorney General (“CA AG”) Rob Bonta announced a settlement with Sephora USA, Inc. that includes a $1.2 million fine—the first monetary penalty imposed under the CCPA. The settlement also...more
8/31/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Selling ,
Enforcement Actions ,
Failure to Cure ,
Opt-Outs ,
Personal Information ,
Privacy Policy ,
Reporting Requirements ,
Settlement ,
State Attorneys General ,
State Privacy Laws ,
Third-Party Service Provider
CJEU: Special Category Data Just Got More Complicated -
On August 1, 2022, the Court of Justice of the European Union (“CJEU”) delivered a preliminary ruling on the legal interpretation of special categories of personal...more
8/19/2022
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Do Not Call List ,
EU ,
FCC ,
General Data Protection Regulation (GDPR) ,
Online Safety for Children ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Scams ,
UK ICO
Less than two months after the California Privacy Protection Agency (“CPPA” or “Agency”) formally took over rulemaking for the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act...more
6/8/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Policy Drafting ,
Popular ,
Regulatory Agenda
On March 9, 2022, the Securities and Exchange Commission (“SEC”) voted three-to-one to propose new and amended rules for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934...more
3/18/2022
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Regulation