On Friday, July 21, 2023, the White House announced that seven US technology companies at the forefront of generative artificial intelligence (AI) agreed to eight voluntary commitments to “promote the safe, secure, and...more
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
7/21/2023
/ Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Policies and Procedures ,
Popular ,
Risk Assessment ,
Risk Management ,
Settlement
On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the successor to the EU-U.S. Privacy Shield, which the Court of Justice of the European Union...more
7/19/2023
/ Certification Requirements ,
Compliance ,
Compliance Monitoring ,
Department of Transportation (DOT) ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
International Data Transfers ,
Privacy Framework ,
UK
On June 27, the Federal Trade Commission (FTC) announced an enforcement action against Publishers Clearing House (PCH) in connection with the company’s long-running sweepstakes promotions. Though the FTC’s complaint alleges a...more
7/18/2023
/ Advertising ,
CAN-SPAM Act ,
Consumer Privacy Rights ,
Contests & Promotions ,
Data Collection ,
Data-Sharing ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Personal Data ,
Privacy Policy ,
Sweepstakes ,
Targeted Digital Advertising
On June 30, 2023, the Washington Attorney General (AG) published a series of Frequently Asked Questions (FAQs) related to the My Health My Data Act (MHMDA). As we discussed previously, the MHMDA will impose new requirements...more
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy...more
7/12/2023
/ Adequacy Requirement ,
Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Iceland ,
International Data Transfers ,
Liechtenstein ,
Member State ,
Norway ,
Personal Data ,
U.S. Commerce Department
On June 30, the Sacramento County Superior Court issued a ruling that will delay enforcement of regulations issued pursuant to the California Privacy Rights Act (CPRA) to March 29, 2024. These regulations were originally...more
7/11/2023
/ Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Chamber of Commerce ,
Compliance Dates ,
Covered Entities ,
Enforcement ,
Grace Period ,
Risk Assessment ,
State Privacy Laws ,
Statutory Requirements ,
Time Extensions
On June 30, the Delaware legislature passed the Personal Data Privacy Act (“the Act”). The Act now moves to the Delaware Governor’s desk for consideration and, if signed into law, will make Delaware the seventh state this...more
7/11/2023
/ Advertising ,
Advertising to Minors ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Minors ,
Notice Requirements ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
On June 16, the Federal Trade Commission (FTC) announced an enforcement action against 1Health.io Inc. (“1Health,” also known as Vitagene, Inc.), a genetic testing company that analyzes consumer-provided DNA samples and uses...more
6/30/2023
/ Consent Order ,
Data Protection ,
Data Security ,
DNA ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Genetic Materials ,
Genetic Testing ,
Privacy Policy ,
Section 5 ,
Sensitive Personal Information ,
Unfair or Deceptive Trade Practices
On June 21, 2023, Senate Majority Leader Chuck Schumer joined the Center for Strategic and International Studies (CSIS) to launch his SAFE Innovation Framework, a comprehensive approach to address challenges associated with...more
As of June 25, 2023, the Oregon House and Senate have signed Senate Bill 619 (the “Act”), which previously passed in the House 54-0. The Act now moves to the Oregon Governor’s desk for signature (and is set to become law as...more
6/27/2023
/ Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Processors ,
Enforcement ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Pending Legislation ,
Sensitive Personal Information ,
State Privacy Laws
On June 5th, the Federal Trade Commission (FTC) announced a settlement with Microsoft over alleged violations of the Children’s Online Privacy Protection Act (COPPA) for its data practices involving its Xbox live product. ...more
6/21/2023
/ Amazon ,
Compliance ,
COPPA ,
Data Collection ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Parental Consent ,
Personal Information ,
Popular ,
Xbox
On June 14, 2023, the European Parliament adopted its negotiating position regarding the proposal of the European Commission for a regulation laying down harmonized rules on artificial intelligence. This is the most recent...more
6/16/2023
/ Artificial Intelligence ,
Contract Negotiations ,
Distributors ,
EU ,
European Commission ,
European Parliament ,
Importers ,
International Harmonization ,
Machine Learning ,
Proposed Legislation ,
Risk Assessment ,
Risk-Based Approaches
On June 5, the Nevada state legislature passed an amended version of Senate Bill 370 (“SB 370”), a bill imposing new requirements on the collection, use, and sale of consumer health data. The bill has been delivered to...more
As we move into the summer months, state comprehensive privacy law developments continue to steadily emerge. Most notably, in the weeks since our last update, the Texas legislature passed the Texas Data Privacy and Security...more
On June 2, the Connecticut state legislature passed an amended version of Senate Bill 3 (“SB 3”), a bill containing provisions imposing new requirements related to consumer health data and children’s online protection. The...more
On May 18, the Federal Trade Commission (FTC) proposed changes to the Health Breach Notification Rule (the HBNR or the Rule), including clarifying the rule’s applicability to health apps and other similar technologies. These...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
On May 28, 2023, the Texas legislature reached an agreement (by conference committee) on the Texas Data Privacy and Security Act (the Act), setting the stage for Texas to become the tenth state with a comprehensive privacy...more
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation
The weeks since our last update have seen continued developments in the state comprehensive privacy law arena. Bills passed by the Indiana, Tennessee, and Montana legislatures were officially signed into law by those states’...more
On May 18, the Federal Trade Commission (FTC) issued a policy statement warning about the increased use of consumers’ biometric information and related marketing of technologies that use biometric information. The agency...more
5/23/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Policy Statement ,
Protected Class ,
Section 5 ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
On May 4, the Florida House passed an amended version of SB 262, a bill establishing the Florida Digital Bill of Rights. The bill now moves to Governor Ron DeSantis’s desk for signature. ...more
On April 26, 2023, a bipartisan coalition of federal lawmakers proposed a new piece of legislation that would impose additional guardrails around the use of social media by children under eighteen. The Protecting Kids on...more
On May 1, the Federal Trade Commission (FTC) released a blog post cautioning companies about the use of generative AI tools to change consumer behavior. Generative AI is a subset of AI that can generate new text, images, and...more