The Federal Trade Commission recently settled complaints against two data brokers over their handling of consumers’ sensitive location information. The agency alleged that such practices constitute unfair practices. Under the...more
Are you ready for the next set of US state privacy laws going into effect? Delaware, Iowa, Nebraska, and New Hampshire are effective January 1, and New Jersey’s law go into effect two weeks later (January 15)....more
In the waning months of the current administration, the White House issued a memo setting forth actions focused on national security as directed in the AI Executive Order from last year. As a reminder, the order -while...more
12/17/2024
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Government Agencies ,
National Security ,
NIST ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector
In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year....more
In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more
In the third in our series of new CCPA regulations from California, we look at obligations for conducting risk assessments under CCPA. CCPA had called on the California agency to promulgate rules to address such assessments,...more
In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely...more
12/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Legislative Agendas ,
Machine Learning ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Agenda ,
Risk Assessment ,
State and Local Government ,
State Privacy Laws ,
Technology
The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which...more
12/9/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Cybersecurity ,
Data Brokers ,
Deadlines ,
Enforcement Actions ,
Insurance Industry ,
Legislative Agendas ,
Machine Learning ,
Privacy Laws ,
Proposed Rules ,
Regulatory Agenda ,
State Privacy Laws
The FTC updated its Negative Option Rule last month and gave it a new name to emphasize the expanded scope of programs to which it applies. It will now be the “Rule Concerning Recurring Subscriptions and Other Negative Option...more
The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from...more
The United Kingdom and the United States released a joint statement last month outlining plans focused on children’s online privacy. As indicated in the statement, they intend to engage national institutions and other...more
The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft....more
Regulations impacting children’s use of social media continues to be a space in motion the past few months. There have been developments at both the state level, as well as with the FTC. And there is no sign of slowing down....more
11/7/2024
/ COPPA ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
First Amendment ,
Florida ,
Legislative Agendas ,
Online Safety for Children ,
Parental Consent ,
Privacy Laws ,
Regulatory Agenda ,
Social Media ,
State Legislatures ,
State Privacy Laws
The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like. First, some background: an EU law that...more
11/1/2024
/ Accessibility Rules ,
Data Collection ,
Data Privacy ,
Data Protection ,
e-Privacy Directive ,
Electronically Stored Information ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
New Guidance ,
Privacy Laws ,
Technology ,
Tracking Systems
The dust is beginning to settle from the raft of AI-related bills Governor Newsom signed last month in California. (See for example, our post about neural data.) Most of the provisions will not go into effect for another few...more
10/30/2024
/ Artificial Intelligence ,
California ,
Data Security ,
Disclosure ,
Entertainment Industry ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
Privacy Laws ,
Robocalling ,
State and Local Government ,
State Privacy Laws ,
Transparency
The New York Department of Financial Services has modified its cybersecurity requirements for regulated entities. These requirements are in addition to those included in the regulations as last updated in November of last...more
10/29/2024
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Security ,
Financial Services Industry ,
Incident Response Plans ,
New York ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws
The FTC’s staff report summarizes how it views the operations of social media and video streaming companies. Of particular interest is the insight it gives into potential enforcement focus in the coming months, and into 2025....more
California’s governor has signed an amendment to CCPA, the state’s well-known privacy law. While California was the first to pass a “comprehensive” privacy law, it is the second -with this new amendment- to include “neural...more
Those tracking CIPA litigation are familiar with the recent decision holding in favor of a company whose site had an online chat operated by a vendor. The court in that case held (1) that the company had not violated the...more
California has been active in the kids space. First, the Ninth Circuit’s recently ruled on the California’s Age-Appropriate Design Code Act. Second, the governor has just signed a new law aimed at social media sites....more
Malaysia is in the process of updating its Personal Data Protection Act to align more closely with laws in other jurisdictions. The law was originally passed in 2010 and then modified this year. As part of the modification...more
2024 seems like it is flying by. For those keeping track of US state “comprehensive” privacy laws you know that October 1 – a week away – brings the effective date of the Montana privacy law. The “big sky” state will join...more
9/24/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Montana ,
New Legislation ,
New Regulations ,
Privacy Laws ,
Regulatory Agenda ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Wondering what the requirements are for transferring personal information out of Brazil? Under the country’s Data Protection Law, extra-territorial transfers of personal information are regulated in much the same way as in EU...more
Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on...more
Verkada, a manufacturer and retailer of security cameras, has settled FTC accusations of lax security measures. The company sells its products to businesses, including schools and medical facilities. It markets its products...more