EU’s Highest Court Rules on Automated Decision-Making -
The Court of Justice of the EU (“CJEU”) recently issued a significant ruling regarding the scope of data subjects’ right of access under the GDPR in relation to...more
4/11/2025
/ Algorithms ,
Artificial Intelligence ,
Biometric Information Privacy Act ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Transparency ,
UK ,
Wiretapping
Warby Parker Fined $1.5 Million Following HHS Investigation of Credential Stuffing Security Breach -
On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a...more
3/14/2025
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Personal Data ,
Popular ,
Reporting Requirements ,
UK
English High Court Rules that "Relatively High" Consent to Cookies and Profiling is Required Where Individual is Vulnerable -
In a dispute between an individual claimant who was a recovering gambling addict and two...more
2/28/2025
/ Artificial Intelligence ,
Compliance ,
Consent ,
Cookies ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
EU ,
Gambling ,
OECD ,
Personal Data ,
Privacy Laws ,
UK
UK Data Regulator Responds to Google’s Policy Shift on Fingerprinting -
Google announced that starting February 16, 2025, its platform program policies will change to remove the prohibition in its current policies against...more
1/31/2025
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Digital Operational Resilience Act (DORA) ,
EU ,
Federal Trade Commission (FTC) ,
Fingerprints ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Privacy Concerns ,
Privacy Laws ,
Transparency ,
UK
DOJ Final Rule: New US Restrictions on Nearly All Foreign Access to Personal Data -
The National Security Division of the United States Department of Justice has issued a sweeping final rule that would prevent access to...more
1/17/2025
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EU ,
European Data Protection Board (EDPB) ,
Final Rules ,
Foreign Governments ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
National Security ,
OCR ,
Personal Data ,
Sensitive Personal Information ,
UK
Illinois Courts Split over Whether Biometric Privacy Law Amendment Applies Retroactively -
Two federal judges in the Northern District of Illinois have taken conflicting views on the issue of whether the Illinois...more
12/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Privacy Protection Agency (CPPA) ,
Code of Conduct ,
Data Protection ,
Enforcement Actions ,
Failure To Disclose ,
Federal Trade Commission (FTC) ,
FTC Act ,
IL Supreme Court ,
Opt-Outs ,
Penalties ,
Privacy Laws ,
Proposed Amendments ,
Retroactive Application ,
Settlement ,
UK GDPR
FTC Settles Allegations of Over Inflated Reviews with AI-Enabled Review Platform Sitejabber -
On November 6, 2024, the Federal Trade Commission (“FTC”) announced a proposed settlement with GGL Projects, Inc., doing...more
11/22/2024
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Financial Protection Bureau (CFPB) ,
Department of Labor (DOL) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Information Commissioner's Office (ICO) ,
Investigations ,
Opt-Outs ,
Surveillance ,
UK ,
Web Scraping
Four Companies Settle SEC Allegations for “Misleading Cyber Disclosures” Regarding SolarWinds -
On October 22, 2024, the Securities and Exchange Commission (“SEC”) announced settlements with four companies for alleged...more
11/8/2024
/ Artificial Intelligence ,
Consumer Financial Protection Bureau (CFPB) ,
Covered Entities ,
Cybersecurity ,
Disclosure Requirements ,
European Commission ,
Final Rules ,
Notice of Proposed Rulemaking (NOPR) ,
NYDFS ,
Public Disclosure ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act of 1934 ,
Settlement ,
Social Engineering ,
Social Networks ,
SolarWinds ,
UK
FTC and DOJ Reach US$2.95 Million Settlement with Verkada for Alleged Violations of the FTC Act and CAN-SPAM Act -
On August 30, 2024, the Federal Trade Commission (“FTC”) announced a proposed order with Verkada Inc....more
9/27/2024
/ Amicus Briefs ,
Arbitration Agreements ,
Artificial Intelligence ,
CAN-SPAM Act ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Ethics ,
EU ,
European Commission ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Human Rights ,
Online Reviews ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Standard Contractual Clauses ,
UK ,
Web Tracking
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
European Data Protection Board Publishes Strategy for 2024-27 -
The European Data Protection Board (“EDPB” - the EU body tasked with promoting consistency and cooperation in enforcement of the GDPR) has outlined its...more
5/6/2024
/ Artificial Intelligence ,
Department of Health and Human Services (HHS) ,
Draft Guidance ,
Enforcement ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Machine Learning ,
Penalties ,
Personal Data ,
Reproductive Healthcare Issues ,
Transparency ,
UK
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Machine Learning ,
OMB ,
Online Safety for Children ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
UK ,
Voluntary Compliance
European Parliament Approves EU AI Act -
On March 13, 2024, the European Parliament approved the EU Artificial Intelligence Act (“AI Act”). A first of its kind legal framework for AI, the AI Act has extraterritorial effect,...more
3/29/2024
/ Appeals ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity Framework ,
Data Brokers ,
Data Collection ,
European Parliament ,
Federal Trade Commission (FTC) ,
Foreign Adversaries ,
General Data Protection Regulation (GDPR) ,
Popular ,
Sensitive Personal Information ,
Strategic Planning ,
Transparency
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
FTC Announces Proposed Settlement with Data Aggregator over its Alleged Selling of Precise Location Data -
The Federal Trade Commission (“FTC”), on January 18, 2024, announced a proposed settlement with InMarket Media...more
FTC Settles with Rite Aid on its Use of AI and Processing of Biometric Information -
The Federal Trade Commission (“FTC”), on December 19, 2023, announced that it had reached a settlement with Rite Aid Corporation (“Rite...more
1/19/2024
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Brokers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Inventors ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-In ,
Patents ,
Rite Aid ,
Sensitive Personal Information ,
Settlement ,
UK
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
FTC Settles with Experian for Alleged Customer Spamming -
On August 14, 2023, the Federal Trade Commission (“FTC”) announced a proposed settlement involving Experian Consumer Services (“Experian”). A federal court entered...more
9/1/2023
/ Artificial Intelligence ,
Biometric Information ,
CAN-SPAM Act ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity Summit ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Draft Guidance ,
Experian ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Opt-Outs ,
Penalties ,
Personal Data ,
Risk Assessment ,
Settlement ,
Spam ,
UK ,
UK GDPR
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
8/23/2023
/ Artificial Intelligence ,
Biometric Information ,
CNIL ,
Cryptocurrency ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
HMRC ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
EU institutions are aiming to reach an agreement on the final form AI Act through ongoing trilogue negotiations by the end of 2023.
The AI Act takes a risk-based approach and categorises AI systems into four risk levels:...more
Proposed EU-US Data Transfer Agreement Continues to Face Obstacles in Parliament -
As we reported in Issue 29 of Cyber Bits, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP...more
4/28/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
European Commission ,
European Parliament ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers
SEC Division of Examinations Issues Risk Alert on Regulation S-ID and Identity Theft Prevention Programs -
On December 5, 2022, the Securities and Exchange Commission (“SEC”) Division of Examinations (“EXAMS”) issued a...more
12/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
American Civil Liberties Union (ACLU) ,
Artificial Intelligence ,
Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Investment Adviser ,
Minors ,
Online Safety for Children ,
Personal Data ,
Policies and Procedures ,
Proposed Legislation ,
Regulation S-ID ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
SolarWinds
This OnPoint summarises and draws together the proposals forming part of the EU’s strategies for data, digital and artificial intelligence. This is the first in a series of Dechert OnPoints that will cover these proposals in...more
8/11/2022
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Digital Marketplace ,
Digital Services ,
EU ,
European Digital Strategy ,
Innovative Technology ,
Internet ,
Online Advertisements ,
Popular
Clearview AI Settles Biometric Data Privacy Suit with ACLU -
On May 9, 2022, Clearview AI, Inc. (“Clearview”) and the American Civil Liberties Union (“ACLU”) announced an agreement to settle a lawsuit involving Clearview...more
5/27/2022
/ American Civil Liberties Union (ACLU) ,
Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Biden Administration ,
Biometric Information ,
Clearview AI ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
Malware ,
Managed Service Providers (MSPs) ,
Popular ,
Regulatory Reform