The FTC recently requested public comment “to better understand how technology platforms deny or degrade (such as by ‘demonetizing’ and ‘shadow banning’) users’ access to services based on the content of the users’ speech or...more
Texas Attorney (“AG”) General Ken Paxton announced a first-for-Texas settlement against a generative AI company using patient data and providing products to healthcare facilities....more
Governor Polis, Attorney General Weiser, and Colorado State Senator Rodriguez have announced plans to engage in a process to amend the Colorado AI Act....more
On May 17, 2024, Colorado Governor Jared Polis signed the Colorado Artificial Intelligence (AI) Act (CAIA), the first broadly scoped U.S. AI law. Similar to the EU AI Act, the CAIA takes a risk-based approach and focuses on...more
On May 14, 2024, the Federal Trade Commission (“FTC”) sent automakers a clear message: connected cars, and the data collection, use, and sharing activities surrounding the technology, are on its radar. In doing so, the FTC...more
Maryland’s legislature passed consumer privacy bill SB 541 (the Maryland Online Data Privacy Act (MODPA)), putting it on track to become the nation’s 15th comprehensive state privacy law (if you count the Florida Digital Bill...more
The New Jersey Senate and Assembly passed consumer privacy bill S332/A1971. The bill now goes to Governor Phil Murphy for his signature. If signed, the law will become the 13th state to pass a broadly applicable privacy bill....more
The California Privacy Protection Agency’s proposal of new regulations for automated decisionmaking technology marks a significant step to govern how businesses may leverage those automated tools. The new framework focuses on...more
The National Telecommunications and Information Administration (NTIA) published a request for comment (RFC) seeking input on a broad series of questions regarding children’s online health and safety. The questions address:...more
On Friday, February 24, the Colorado Secretary of State published “final” rules for the Colorado Privacy Act. While these rules are similar to “Version 3” of the draft rules, published by the Attorney General’s Office in...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
On August 24, 2022, the California Attorney General’s Office (“AG”) issued a press release regarding a settlement with Sephora, Inc. over allegations that the company violated the California Consumer Privacy Act (“CCPA”) and...more
8/29/2022
/ Adtech ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Privacy ,
Enforcement Actions ,
Fines ,
Personal Information ,
Retail Tracking ,
Sephora ,
State Privacy Laws ,
Statutory Violations
The California Senate Appropriations Committee has advanced the California Age-Appropriate Design Code Act, AB 2273, which could significantly impact many online service providers. Modeled on the UK’s Age Appropriate Design...more
The FTC has issued a long-anticipated Advanced Notice of Proposed Rulemaking (ANPR) regarding commercial surveillance and data security practices. The FTC invites public comment on a wide range of issues (through more than 95...more
The California Privacy Rights Act (CPRA) introduces a new concept, “sharing,” that provides California residents with the right to opt-out of certain disclosures of personal information for behavioral advertising. In this...more
The California Privacy Protection Agency has released draft privacy regulations as part of its efforts to implement the California Privacy Rights Act. We describe five key observations in this client alert....more
On 2 December 2021, the United States Transportation Security Administration (TSA) released two Security Directives applicable to the rail industry that will require certain owners and operators to implement new cybersecurity...more
On June 2 and 3, the U.S. National Institute of Standards and Technology (NIST) held a workshop focused on the President’s recent Executive Order on Improving the Nation’s Cybersecurity (Order) during which government...more
As we have previously highlighted, the California Privacy Rights Act (CPRA) creates a new category of personal information, called “sensitive personal information.” While the CPRA’s predecessor, the California Consumer...more
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
California’s “Genetic Information Privacy Act” (SB 980), vetoed on September 25, 2020 by Governor Gavin Newsom, would have established obligations for direct-to-consumer (“DTC”) genetic testing companies and others that...more
9/29/2020
/ Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Diagnostic Tests ,
Direct to Consumer Sales ,
DNA ,
Genetic Materials ,
Genetic Testing ,
Governor Newsom ,
Governor Vetoes ,
Human Genes ,
Infectious Diseases ,
Legislative Agendas ,
Life Sciences ,
Pharmaceutical Industry ,
State and Local Government