On the heels of the formation of the House Privacy Working Group, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (PA-13), Vice Chairman of the House...more
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and use of Generative AI....more
2/18/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Hawaii ,
Information Security ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
1/17/2025
/ CNIL ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws ,
Privacy Policy
U.S. companies thinking about falling back on “disproportionate” effort for access requests under the new U.S. privacy laws because they require compiling too many documents should think again.
The Berlin Administrative...more
The European Parliament has voted against a U.S. adequacy decision under the proposed EU-U.S. Data Privacy Framework.
Why?
•Bulk collection: The framework still allows for bulk collection of personal data in certain cases...more
“The times they are a-changin’,” Bob Dylan sang almost 60 years ago. And when it comes to consumers’ reasonable expectations of privacy, they are still a-changin.
I recently participated in a panel hosted by Usercentrics...more
Please take note!
1.SchremsII and cross border transfers: Risk based, wherefore art thou? With the Google Analytics, Google Fonts, Amazon AWS, Google Workspace other cases, the SchremsII and DPA guidance is piling up....more
9/30/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Cookies ,
Cross Border Privacy Rules (CBPR) ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
International Data Transfers ,
Privacy Laws ,
Schrems I & Schrems II
The FTC launched a detailed notice of proposed rulemaking on August 11, 2022 regarding commercial surveillance and data security. The commission also released a fact sheet on commercial surveillance....more
The proposed American Data Privacy and Protection Act is getting a facelift.
Here are some key changes:
Disclosure and consent:
•Disclosure for getting affirmative consent can be procured either through the primary...more
A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe.
According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer...more
U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.
Some of the bill’s key differentiators from CCPA, CDPA and CPA:...more
I had the pleasure of speaking during the Restaurant Technology Network Town Hall about a variety of privacy issues confronting restaurants and food delivery apps, including CCPA, CPRA, CDPA and CPA...more
While presenting this week at the DRI Cybersecurity and Data Privacy Virtual Seminar, I outlined many of the issues currently impacting data security around the world.
Here are some key points:.....more
10/27/2021
/ Cookies ,
Data Privacy ,
Data Security ,
Do Not Sell ,
EU ,
European Commission ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Internet Service Providers (ISPs) ,
Web Tracking ,
WhatsApp
The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de...more
Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a...more
The UK’s Information Commissioner’s Office (ICO) is taking on cookie banners.
The office will call on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups in favor of...more
“Contrary to popular belief, data security begins with the Board of Directors, not the IT Department. A corporate board that prioritizes data security can set the tone throughout an organization by instilling a culture of...more
The Federal Trade Commission (FTC) recently entered into an enforcement action with an analytics company for breaching the FTC's Safeguards Rule issued pursuant to the Gramm-Leach-Bliley Act (GLBA) by failing to properly vet...more
North Dakota, Utah, Washington State. .. all three have recently introduced new pieces of data privacy legislation.
UTAH-
Utah State Rep. Walt Brooks, has introduced House Bill 80, which creates an “affirmative defense”...more
The White House recently issued guidance to government agencies for the regulation of artificial intelligence applications.
Key data protection takeaways:
•Transparency is essential. Disclosures should be written in a format...more
The Consumer Privacy Protection Act (CPPA) is coming! The Canadian government has submitted a bill for the amendment of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the enactment of a new,...more
The Gibraltar Regulatory Authority has issued helpful guidance on data protection considerations for the use of video conferencing applications (VCAs).
Key recommendations:
1.Consider the implications of VCAs and their...more
The U.S. Consumer Financial Protection Bureau (CFPB) is issuing an Advanced Notice of Proposed Rulemaking to solicit comments and information that will assist the development of proposed regulations under Section 1033 of the...more
“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote for Daniel Solove’s Privacy+Security Academy...more
Massachusetts Attorney General Maura Healey announced the creation of the Data Privacy and Security Division within her office to protect consumers from the surge of threats to the privacy and security of their data in an...more