In a putative class action filed on June 28, 2023, in the Northern District of California, and in other similar cases, plaintiffs allege that OpenAI, Microsoft, and their respective affiliates violated the privacy rights of...more
7/18/2023
/ Artificial Intelligence ,
Business Model ,
Computer Fraud and Abuse Act (CFAA) ,
Copyright Infringement ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Getty Images ,
Intellectual Property Protection ,
Machine Learning ,
Open Source Software ,
Privacy Laws ,
Putative Class Actions ,
Software ,
User-Generated Content ,
Web Scraping
Colorado Department of Law Issues Draft CPA Revisions -
On December 22, the Colorado Department of Law issued updates to the draft Colorado Privacy Act (CPA) rules. These revisions build on written comments and feedback from...more
1/13/2023
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
COPPA ,
Data Security ,
Employee Definition ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
New Guidance ,
Penalties ,
Personal Data ,
Popular ,
Privacy Laws ,
Rulemaking Process ,
Standard Contractual Clauses ,
UK
FTC Is Tracking Twitter Developments With “Deep Concern” -
Elon Musk’s recent purchase of Twitter has led to numerous resignations in the security department. Most recently, Twitter’s chief information security officer,...more
11/15/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Retention ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Personal Information ,
Risk Assessment ,
Twitter
California Privacy Protection Agency Releases Revised Regulations -
With the effective date less than three months away, and ahead of a Board Meeting on October 28 and 29, the California Privacy Protection Agency released...more
10/24/2022
/ Biometric Information Privacy Act ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
Internet of Things ,
Joe Biden ,
National Security ,
NIST ,
Online Safety for Children ,
PIPEDA ,
Popular ,
Privacy Framework ,
Privacy Laws ,
Ransomware ,
Schrems I & Schrems II ,
Sensitive Personal Information
Colorado Attorney General Seeks Rulemaking Comments for the Colorado Privacy Act -
With the Notice of Proposed Rulemaking set for fall 2022, Colorado’s Attorney General office is currently inviting preliminary comments for...more
4/8/2022
/ Artificial Intelligence ,
Chile ,
China ,
CNIL ,
Colorado ,
Cyber Incident Reporting ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Risk Management ,
Rulemaking Process ,
Social Media ,
State Privacy Laws
The European Union (EU) and the United States (US) government have now reached an agreement in principle for a “Privacy Shield 2.0” to replace the original Privacy Shield Framework that was invalidated under the Schrems II...more
US News -
Utah Will Soon Publish US’s Latest Comprehensive State Privacy Law -
The Utah Consumer Privacy Act, also known as Senate Bill 227, recently cleared the Senate and the House. Though there are a few more steps...more
3/11/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Dismissals ,
Enforcement ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
India ,
New Legislation ,
Oman ,
Popular ,
Privacy Laws ,
Proposed Regulation ,
Settlement ,
State and Local Government ,
State Privacy Laws ,
Wiretapping ,
Workers Compensation Act
United Kingdom New Standard Contractual Clauses Submitted to Parliament -
The United Kingdom has finalized its new International Data Transfer Agreement and Addendum to the new EU standard contractual clauses. Subject to...more
2/17/2022
/ Brazil ,
California Consumer Privacy Act (CCPA) ,
Cookies ,
COPPA ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
NIST ,
Personal Data ,
Popular ,
Right of Access ,
Standard Contractual Clauses ,
UK
The EDPB releases guidelines to clarify a simple but surprisingly confusing question, "What is a data transfer under the GDPR?" In light of the new guidelines, businesses should review potential transfer activities and ensure...more
In Blackbaud Inc. Customer Data Security Breach Litigation, No. 3:20-mn-02972 (D.S.C. Aug. 12, 2021), a federal judge found that defendant, Blackbaud Inc. was subject to the CCPA despite its motion to dismiss asserting that...more
9/22/2021
/ California ,
California Consumer Privacy Act (CCPA) ,
China ,
Class Action ,
COPPA ,
Cyber Attacks ,
Data Breach ,
Data Collection ,
Enforcement Actions ,
EU ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Information Protection Law (PIPL) ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Standard Contractual Clauses ,
UK
The legislation updates the Children’s Online Privacy Protection Act (COPPA) by prohibiting internet companies from collecting personal information from anyone 13- to 15-years old without the user’s consent
Senators...more
6/9/2021
/ Biometric Information ,
Broker-Dealer ,
Cookie Banners ,
COPPA ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Collection ,
Data Protection ,
EU ,
European Commission ,
Executive Orders ,
Facial Recognition Technology ,
FBI ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Latin America ,
NGOs ,
Online Safety for Children ,
Personal Information ,
Popular ,
Proposed Legislation ,
Schrems I & Schrems II ,
Securities and Exchange Commission (SEC) ,
Standard Contractual Clauses ,
Suspicious Activity Reports (SARs)
The Federal Trade Commission (FTC) continues to put emphasis on the importance of corporate board involvement in privacy and data security.
Corporate Boards: Don’t Underestimate Your Role in Data Security Oversight -
The...more
5/20/2021
/ Apple ,
Article III ,
Artificial Intelligence ,
Board of Directors ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
Google ,
Identity Theft ,
Latin America ,
Mobile Apps ,
New Rules ,
ONC ,
Personal Data ,
Popular ,
SCOTUS ,
Standing
California Can Enforce Net Neutrality Law After Court Victory -
California’s net neutrality law bars internet service providers from prioritizing, blocking, slowing down, or speeding up internet content. California’s law...more
4/13/2021
/ Adtech ,
California ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Data Brokers ,
Data Collection ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Injunctions ,
Internet Service Providers (ISPs) ,
Net Neutrality ,
Opt-Outs ,
Personal Data Protection Act 2012 (PDPA) ,
Proposed Legislation ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
UK
According to the Council of the European Union, there are plans to move forward with replacing the Cookie Directive with the ePrivacy Regulation.
Background on the ePrivacy Directive -
While the General Data...more
FBI Issues Updated Ransomware Guidance -
A recent report from New Zealand-based cybersecurity firm Emsisoft has revealed the extent to which ransomware is being used in cyberattacks in the United States. The first 9 months...more
11/21/2019
/ Advertising to Minors ,
Bilateral Agreements ,
California Consumer Privacy Act (CCPA) ,
China ,
CLOUD Act ,
Comment Period ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Protection Authority ,
EU ,
False Advertising ,
FBI ,
Federal Trade Commission (FTC) ,
Germany ,
Guidance Update ,
Influencers ,
Personal Information ,
Popular ,
Privacy Laws ,
Proposed Regulation ,
Ransomware ,
Social Media ,
Social Networks ,
State Attorneys General ,
State Data Privacy Laws ,
UK ,
Unfair or Deceptive Trade Practices
Inside the Privacy Shield Annual Review -
Dozens of senior US and EU government officials were joined by officials from data protection authorities in Austria, Bulgaria, France, Germany and Hungary to discuss whether the...more
10/9/2019
/ Audio Recording ,
California Consumer Privacy Act (CCPA) ,
Credit Cards ,
Data Breach ,
Data Collection ,
Data Protection Authority ,
Email ,
Enforcement Actions ,
Equifax ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Personal Information ,
Popular ,
Schrems I & Schrems II ,
Settlement ,
Software ,
Spam ,
Technology Sector ,
UK ,
UK Employment Appeal Tribunal ,
Unfair Dismissal
Equifax to Pay up to $700 Million as Part of Settlement for 2017 Data Breach -
Equifax has agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the FTC, the CFPB, and...more
8/13/2019
/ Amended Regulation ,
Brazil ,
California Consumer Privacy Act (CCPA) ,
Canada ,
Capital One ,
Comment Period ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
COPPA ,
Data Breach ,
Equifax ,
EU ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Public Hearing ,
Security and Privacy Controls ,
Settlement ,
Websites
Data protection authorities in the UK and France have released updated guidance for website operators that use cookies on their websites. This new guidance may mandate changes to existing cookie banners and provides further...more
7/22/2019
/ CNIL ,
Cookies ,
Data Protection Authority ,
e-Privacy Directive ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
Implied Consent ,
Prior Express Consent ,
Privacy Laws ,
UK ,
UK ICO ,
Website Owner Liability ,
Websites
Federal US News -
FTC Takes Action Against Companies Falsely Claiming Compliance With International Privacy Agreements -
The FTC reached a settlement with a background screening company over allegations it falsely claimed...more
7/16/2019
/ Accreditation ,
Advertising ,
Annual Reports ,
Asia Pacific ,
Automotive Industry ,
California Consumer Privacy Act (CCPA) ,
Code of Conduct ,
Consumer Information ,
Consumer Privacy Rights ,
Cookies ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
False Statements ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Internet Service Providers (ISPs) ,
Legal Representatives ,
New Rules ,
NIST ,
Popular ,
Prior Express Consent ,
Privacy Laws ,
Private Right of Action ,
Proposed Legislation ,
Right of Access ,
Right to Be Forgotten ,
Right to Control ,
Settlement ,
State Legislatures ,
Targeted Digital Advertising ,
Third-Party Service Provider ,
UK ,
UK ICO