EU’s Highest Court Rules on Automated Decision-Making -
The Court of Justice of the EU (“CJEU”) recently issued a significant ruling regarding the scope of data subjects’ right of access under the GDPR in relation to...more
4/11/2025
/ Algorithms ,
Artificial Intelligence ,
Biometric Information Privacy Act ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Transparency ,
UK ,
Wiretapping
Warby Parker Fined $1.5 Million Following HHS Investigation of Credential Stuffing Security Breach -
On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a...more
3/14/2025
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Personal Data ,
Popular ,
Reporting Requirements ,
UK
English High Court Rules that "Relatively High" Consent to Cookies and Profiling is Required Where Individual is Vulnerable -
In a dispute between an individual claimant who was a recovering gambling addict and two...more
2/28/2025
/ Artificial Intelligence ,
Compliance ,
Consent ,
Cookies ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
EU ,
Gambling ,
OECD ,
Personal Data ,
Privacy Laws ,
UK
UK Data Regulator Expands Cookie Compliance Review Across the UK’s Top 1,000 Websites -
The UK Information Commissioner's Office (“ICO”) has announced an expanded review of advertising cookie practices to encompass the...more
2/17/2025
/ California Privacy Protection Agency (CPPA) ,
Compliance ,
Consent ,
Cookies ,
COPPA ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
Privacy Laws ,
Settlement ,
UK GDPR ,
Web Tracking
UK Data Regulator Responds to Google’s Policy Shift on Fingerprinting -
Google announced that starting February 16, 2025, its platform program policies will change to remove the prohibition in its current policies against...more
1/31/2025
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Digital Operational Resilience Act (DORA) ,
EU ,
Federal Trade Commission (FTC) ,
Fingerprints ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Privacy Concerns ,
Privacy Laws ,
Transparency ,
UK
DOJ Final Rule: New US Restrictions on Nearly All Foreign Access to Personal Data -
The National Security Division of the United States Department of Justice has issued a sweeping final rule that would prevent access to...more
1/17/2025
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EU ,
European Data Protection Board (EDPB) ,
Final Rules ,
Foreign Governments ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
National Security ,
OCR ,
Personal Data ,
Sensitive Personal Information ,
UK
Illinois Courts Split over Whether Biometric Privacy Law Amendment Applies Retroactively -
Two federal judges in the Northern District of Illinois have taken conflicting views on the issue of whether the Illinois...more
12/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Privacy Protection Agency (CPPA) ,
Code of Conduct ,
Data Protection ,
Enforcement Actions ,
Failure To Disclose ,
Federal Trade Commission (FTC) ,
FTC Act ,
IL Supreme Court ,
Opt-Outs ,
Penalties ,
Privacy Laws ,
Proposed Amendments ,
Retroactive Application ,
Settlement ,
UK GDPR
New BIPA Ruling: Dismissal of Claims Against Samsung Over its Face App Data -
On July 24, 2024, a federal judge in Illinois dismissed the case GT v. Samsung Electronics America, Inc., in which a putative class of Samsung...more
8/19/2024
/ Biometric Information Privacy Act ,
Data Protection ,
Enforcement ,
European Commission ,
European Parliament ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Illinois ,
Information Commissioner's Office (ICO) ,
Informed Consent ,
Minor Children ,
Personal Information ,
Settlement ,
Social Media ,
State Data Privacy Laws ,
Tracking Systems ,
UK
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections -
On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
7/1/2024
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Multi-Factor Authentication ,
Personal Data ,
Securities and Exchange Commission (SEC) ,
Settlement ,
State Privacy Laws ,
UK GDPR ,
Vermont
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
Biden Administration Issues Executive Order Restricting Bulk Transfers of U.S. Citizens' Personal Data to “Countries of Concern” -
On February 28, 2024, President Biden issued an Executive Order (“EO”) to address the...more
3/15/2024
/ Biden Administration ,
California ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Selling ,
Employee Monitoring ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
High-Risk Countries ,
NIST ,
Opt-Outs ,
Personal Data ,
Sensitive Personal Information ,
UK
FTC Announces Proposed Settlement with Data Aggregator over its Alleged Selling of Precise Location Data -
The Federal Trade Commission (“FTC”), on January 18, 2024, announced a proposed settlement with InMarket Media...more
FTC Settles with Experian for Alleged Customer Spamming -
On August 14, 2023, the Federal Trade Commission (“FTC”) announced a proposed settlement involving Experian Consumer Services (“Experian”). A federal court entered...more
9/1/2023
/ Artificial Intelligence ,
Biometric Information ,
CAN-SPAM Act ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity Summit ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Draft Guidance ,
Experian ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Opt-Outs ,
Penalties ,
Personal Data ,
Risk Assessment ,
Settlement ,
Spam ,
UK ,
UK GDPR
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
8/23/2023
/ Artificial Intelligence ,
Biometric Information ,
CNIL ,
Cryptocurrency ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
HMRC ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
Proposed EU-US Data Transfer Agreement Continues to Face Obstacles in Parliament -
As we reported in Issue 29 of Cyber Bits, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP...more
4/28/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
European Commission ,
European Parliament ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers
FBI Seizes Hive Ransomware Servers—Blocks US$130 Million in Demanded Ransoms -
On January 26, Attorney General Merrick Garland announced that the Department of Justice dismantled the “Hive” ransomware group, which had...more
2/3/2023
/ Biden Administration ,
Big Tech ,
California Consumer Privacy Act (CCPA) ,
Cookie Banners ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Extortion ,
FBI ,
Investigations ,
New Legislation ,
New Regulations ,
Popular ,
Privacy Laws ,
Ransomware
On February 2, 2022, the Belgian Data Protection Authority (“DPA”) issued a decision finding that the Interactive Advertising Bureau ("IAB”) Europe’s Transparency and Consent Framework (“TCF”) violates key provisions of the...more
2/7/2022
/ Belgium ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
International Data Transfers ,
Marketing ,
Personal Data ,
Statutory Violations
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
On November 19 the European Data Protection Board (EDPB) published draft guidelines on the interplay between Article 3 of the GDPR (which establishes the GDPR’s territorial scope), and the GDPR’s international transfer...more
11/30/2021
/ Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
We are delighted by the positive feedback we have received on our first two issues of Dechert Cyber Bits. Thank you for taking the time to send us your comments. In this issue of Cyber Bits, we discuss key developments from...more
11/19/2021
/ Class Action ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Ransomware ,
Vulnerability Assessments
Introduction -
The European Commission (EC) on April 21, 2021, proposed a regulation establishing a framework and rules (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems. ...more
11/16/2021
/ Algorithms ,
Artificial Intelligence ,
Assessment ,
Biometric Information ,
Critical Infrastructure Sectors ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The EU-UK Trade and Cooperation Agreement provided breathing room for businesses engaging in data transfers from the EU to the UK in the form of a ‘bridging period’ of up to six months where such transfers can continue...more
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
11/17/2020
/ Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Agenda ,
Rulemaking Process ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more