The Commonwealth of Pennsylvania is re-joining the U.S. state privacy law race.
State Rep. Edward Neilson recently proposed H.B 78, which features all the normal trappings of a state privacy law with a very low...more
For the second installment of this series on the new California Consumer Privacy Act (CCPA) Regs, we are looking at consumer request processes.
One major eye opener: Tracker opt-outs must be immediate and you may not be...more
5/8/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Data Requests ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Disclosure Requirements ,
New Regulations ,
Opt-Outs ,
Privacy Laws
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
The office of the Oregon Attorney General recently releases a six-month enforcement report regarding the Oregon’s Consumer Privacy Act (OCPA). What are we discussing with our clients?...more
3/12/2025
/ Compliance ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Nonprofits ,
Oregon ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
Is the EU AI Act a Jenga piece that can easily be removed from the regulatory tower? Here are some key points from the “AI Regulation – a critical comment” workshop at the Alpine Privacy Days Conference, courtesy of Florent...more
On the heels of the formation of the House Privacy Working Group, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (PA-13), Vice Chairman of the House...more
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and use of Generative AI....more
2/18/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Hawaii ,
Information Security ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
The European Commission recently issued a formula for identifying Artificial Intelligence Systems:
Machine-based system-
Designed to operate with varying levels of autonomy-
•Some degree of independence of actions from...more
2/10/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Machine Learning ,
Regulatory Agenda ,
Technology ,
Technology Sector
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
1/31/2025
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gambling ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
UK ,
UK GDPR
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
1/17/2025
/ CNIL ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws ,
Privacy Policy
There is more to learn from the European Data Protection Board’s recent opinion on AI models. I previously reviewed the EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
The European Data Protection Board recently issued an opinion on AI models, shedding light on what the consequences could be for the unlawful processing of personal data in the development phase of an AI model on the...more
To paraphrase Animal Farm, all pixels are not created equal, but some pixels are more privacy invasive than others. Here are some recent points I made during a presentation to some of my firm’s litigators:...more
The California Privacy Protection Agency is going after data brokers.
The CPPA board voted earlier this month to adopt new regulations regarding data broker registration requirements. If approved, the regulations will...more
Sixteen data protection authorities recently confirmed that controllers must protect their properties from web scraping. And that includes web scraping for the purpose of training AI....more
The United Kingdom’s Information Commissioner’s Office recently issued a report on Quantum technologies and data protection. What are we discussing with clients?...more
There have been some highly publicized privacy statement revisions. Here are some lessons we are discussing with clients:
•Regulators are putting a high value on transparency and they are looking specifically at privacy...more
Transparency might be the most important food group in data privacy compliance, especially with the Federal Trade Commission, Office of the New York State Attorney General and California Privacy Protection Agency focusing...more
What can U.S.-based and multi-national companies learn from the 290 million euro fine Autoriteit Persoonsgegevens, the Dutch Data Protection Authority, issued against Uber in connection with the processing of Dutch driver...more
What is profiling and what are our clients doing about it in the US and abroad?
Personal information:
•This is the analysis of information about/regarding a person.
•The definition is broad, so if it’s attributable to a...more
The United Kingdom’s Information Commissioner’s Office has issued guidance on the accuracy of artificial intelligence Some key points:
•For generative AI models, both developers and deployers must consider the impact that...more
India enacted its new Digital Personal Data Protection Act last year. Here are some key takeaways regarding the law, courtesy of Sajai Singh, a partner at J. Sagar Associates in India. Singh spoke recently at Alpine Privacy...more
The White House recently issued an executive order that restricts cross-border transfers of personal data from the United States to “countries of concern.” President Biden also urged Congress to pass comprehensive privacy...more
2/29/2024
/ Biden Administration ,
Cybersecurity ,
Data Protection ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Department of Veterans Affairs ,
Executive Orders ,
Sensitive Personal Information ,
US Department of State
The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.
This is helpful not only for GDPR, but also for understanding and implementing consent under the...more
The Federal Trade Commission recently published a blog post regarding the privacy of DNA. What do you need to know?
•Protecting biometric information – including genetic data – is a top FTC priority. (See FTC Biometric...more