EU’s Highest Court Rules on Automated Decision-Making -
The Court of Justice of the EU (“CJEU”) recently issued a significant ruling regarding the scope of data subjects’ right of access under the GDPR in relation to...more
4/11/2025
/ Algorithms ,
Artificial Intelligence ,
Biometric Information Privacy Act ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Transparency ,
UK ,
Wiretapping
UK Government Publishes Research Report on Proposed Cyber Governance Code of Practice -
The UK Department for Science, Innovation and Technology (“DSIT”) published a research report detailing results from a pilot of the...more
3/28/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Constitutional Challenges ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
State Privacy Laws ,
UK ,
UK GDPR
Warby Parker Fined $1.5 Million Following HHS Investigation of Credential Stuffing Security Breach -
On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a...more
3/14/2025
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Personal Data ,
Popular ,
Reporting Requirements ,
UK
English High Court Rules that "Relatively High" Consent to Cookies and Profiling is Required Where Individual is Vulnerable -
In a dispute between an individual claimant who was a recovering gambling addict and two...more
2/28/2025
/ Artificial Intelligence ,
Compliance ,
Consent ,
Cookies ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
EU ,
Gambling ,
OECD ,
Personal Data ,
Privacy Laws ,
UK
UK Data Regulator Expands Cookie Compliance Review Across the UK’s Top 1,000 Websites -
The UK Information Commissioner's Office (“ICO”) has announced an expanded review of advertising cookie practices to encompass the...more
2/17/2025
/ California Privacy Protection Agency (CPPA) ,
Compliance ,
Consent ,
Cookies ,
COPPA ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
Privacy Laws ,
Settlement ,
UK GDPR ,
Web Tracking
UK Data Regulator Responds to Google’s Policy Shift on Fingerprinting -
Google announced that starting February 16, 2025, its platform program policies will change to remove the prohibition in its current policies against...more
1/31/2025
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Digital Operational Resilience Act (DORA) ,
EU ,
Federal Trade Commission (FTC) ,
Fingerprints ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Privacy Concerns ,
Privacy Laws ,
Transparency ,
UK
DOJ Final Rule: New US Restrictions on Nearly All Foreign Access to Personal Data -
The National Security Division of the United States Department of Justice has issued a sweeping final rule that would prevent access to...more
1/17/2025
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EU ,
European Data Protection Board (EDPB) ,
Final Rules ,
Foreign Governments ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
National Security ,
OCR ,
Personal Data ,
Sensitive Personal Information ,
UK
When faced with a third country authority request to disclose information including personal data, organisations subject to the GDPR have been attempting the difficult feat of simultaneously complying with the request and the...more
Illinois Courts Split over Whether Biometric Privacy Law Amendment Applies Retroactively -
Two federal judges in the Northern District of Illinois have taken conflicting views on the issue of whether the Illinois...more
12/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Privacy Protection Agency (CPPA) ,
Code of Conduct ,
Data Protection ,
Enforcement Actions ,
Failure To Disclose ,
Federal Trade Commission (FTC) ,
FTC Act ,
IL Supreme Court ,
Opt-Outs ,
Penalties ,
Privacy Laws ,
Proposed Amendments ,
Retroactive Application ,
Settlement ,
UK GDPR
FTC Settles Allegations of Over Inflated Reviews with AI-Enabled Review Platform Sitejabber -
On November 6, 2024, the Federal Trade Commission (“FTC”) announced a proposed settlement with GGL Projects, Inc., doing...more
11/22/2024
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Financial Protection Bureau (CFPB) ,
Department of Labor (DOL) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Information Commissioner's Office (ICO) ,
Investigations ,
Opt-Outs ,
Surveillance ,
UK ,
Web Scraping
Four Companies Settle SEC Allegations for “Misleading Cyber Disclosures” Regarding SolarWinds -
On October 22, 2024, the Securities and Exchange Commission (“SEC”) announced settlements with four companies for alleged...more
11/8/2024
/ Artificial Intelligence ,
Consumer Financial Protection Bureau (CFPB) ,
Covered Entities ,
Cybersecurity ,
Disclosure Requirements ,
European Commission ,
Final Rules ,
Notice of Proposed Rulemaking (NOPR) ,
NYDFS ,
Public Disclosure ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act of 1934 ,
Settlement ,
Social Engineering ,
Social Networks ,
SolarWinds ,
UK
Happy 3rd Anniversary to Dechert's Cyber Bits! As we celebrate our 3rd year anniversary, we want to thank you for your support in making our publication a huge success. Thank you to the entire Cyber Bits team, who work...more
10/25/2024
/ Advertising ,
Consent Decrees ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Security ,
et al v. FCC ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Settlement ,
UK ,
UK Data Protection Act
FTC and DOJ Reach US$2.95 Million Settlement with Verkada for Alleged Violations of the FTC Act and CAN-SPAM Act -
On August 30, 2024, the Federal Trade Commission (“FTC”) announced a proposed order with Verkada Inc....more
9/27/2024
/ Amicus Briefs ,
Arbitration Agreements ,
Artificial Intelligence ,
CAN-SPAM Act ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Ethics ,
EU ,
European Commission ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Human Rights ,
Online Reviews ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Standard Contractual Clauses ,
UK ,
Web Tracking
New BIPA Ruling: Dismissal of Claims Against Samsung Over its Face App Data -
On July 24, 2024, a federal judge in Illinois dismissed the case GT v. Samsung Electronics America, Inc., in which a putative class of Samsung...more
8/19/2024
/ Biometric Information Privacy Act ,
Data Protection ,
Enforcement ,
European Commission ,
European Parliament ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Illinois ,
Information Commissioner's Office (ICO) ,
Informed Consent ,
Minor Children ,
Personal Information ,
Settlement ,
Social Media ,
State Data Privacy Laws ,
Tracking Systems ,
UK
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections -
On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
7/1/2024
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Multi-Factor Authentication ,
Personal Data ,
Securities and Exchange Commission (SEC) ,
Settlement ,
State Privacy Laws ,
UK GDPR ,
Vermont
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
European Data Protection Board Publishes Strategy for 2024-27 -
The European Data Protection Board (“EDPB” - the EU body tasked with promoting consistency and cooperation in enforcement of the GDPR) has outlined its...more
5/6/2024
/ Artificial Intelligence ,
Department of Health and Human Services (HHS) ,
Draft Guidance ,
Enforcement ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Machine Learning ,
Penalties ,
Personal Data ,
Reproductive Healthcare Issues ,
Transparency ,
UK
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Machine Learning ,
OMB ,
Online Safety for Children ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
UK ,
Voluntary Compliance
European Parliament Approves EU AI Act -
On March 13, 2024, the European Parliament approved the EU Artificial Intelligence Act (“AI Act”). A first of its kind legal framework for AI, the AI Act has extraterritorial effect,...more
3/29/2024
/ Appeals ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity Framework ,
Data Brokers ,
Data Collection ,
European Parliament ,
Federal Trade Commission (FTC) ,
Foreign Adversaries ,
General Data Protection Regulation (GDPR) ,
Popular ,
Sensitive Personal Information ,
Strategic Planning ,
Transparency
Biden Administration Issues Executive Order Restricting Bulk Transfers of U.S. Citizens' Personal Data to “Countries of Concern” -
On February 28, 2024, President Biden issued an Executive Order (“EO”) to address the...more
3/15/2024
/ Biden Administration ,
California ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Selling ,
Employee Monitoring ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
High-Risk Countries ,
NIST ,
Opt-Outs ,
Personal Data ,
Sensitive Personal Information ,
UK
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
FTC Announces Proposed Settlement with Data Aggregator over its Alleged Selling of Precise Location Data -
The Federal Trade Commission (“FTC”), on January 18, 2024, announced a proposed settlement with InMarket Media...more
FTC Settles with Rite Aid on its Use of AI and Processing of Biometric Information -
The Federal Trade Commission (“FTC”), on December 19, 2023, announced that it had reached a settlement with Rite Aid Corporation (“Rite...more
1/19/2024
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Brokers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Inventors ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-In ,
Patents ,
Rite Aid ,
Sensitive Personal Information ,
Settlement ,
UK