The Delaware Personal Data Privacy Act (DPDPA) takes effect January 1, 2025. Delaware generally followed the Connecticut model, but has some unique terms. We provide a non-exhaustive list of some of Delaware’s requirements...more
If you are not paying for a service on the Internet, you are the product being sold to paying customers. But if you are paying for the service, can you be the product too? Of course....more
4/22/2022
/ Amazon ,
Credit Karma ,
Data Collection ,
Data-Sharing ,
E-Commerce ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
H&R Block ,
Internet ,
Internet Marketing ,
Personal Data ,
Privacy Laws ,
Subscription Services ,
TurboTax
Four years after GDPR was implemented, we are seeing the pillars of the internet business destroyed. Given two new EU decisions affecting the practical management of data, all companies collecting consumer data in the EU are...more
The smart house is upon us. One may be surrounding you now, with internet-enabled security systems, doorbells, air conditioner, refrigerator, mattress, windows, music speakers, and children’s toys. ...more
US policy makers struggle with the tension between protecting personal privacy and enabling law enforcement surveillance. We know that both are important, but at a certain point, prioritizing one priority shortchanges the...more
2/4/2022
/ Analytics ,
Biometric Information ,
EU ,
European Data Protection Board (EDPB) ,
Europol ,
Facial Recognition Technology ,
Law Enforcement ,
Personal Data ,
Privacy Concerns ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws ,
Surveillance
Companies collecting consumer DNA for non-medical purposes seem to be playing fast and loose with their customers’ data, according to a well-regarded consumer watchdog. This category of private money makers, which could...more
1/19/2022
/ Consent ,
Consumer Privacy Rights ,
Consumer Reports ,
Data Collection ,
Data-Sharing ,
DNA ,
Genetic Materials ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Prior Express Consent ,
Privacy Laws ,
Third-Party Service Provider
Why don’t our new privacy laws really protect our privacy? Are we going about this the wrong way?
The topic was raised in the recent Capital Forum of state and federal enforcement agencies by FTC Chair Lena Kahn, who...more
12/15/2021
/ Analytics ,
Artificial Intelligence ,
Big Tech ,
Data Privacy ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
Mobile Devices ,
Notice and Comment ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Regulatory Oversight ,
Sensitive Personal Information ,
Smart Devices ,
Surveillance
Florida and California join a growing minority of states enacting laws protecting a person’s genetic information (Nevada and Alaska also have laws). Florida’s new genetic privacy law, known as Protecting DNA Privacy Act, went...more
Most biometric readings require your presence in the same space as the measuring tools. Facial recognition, retinal capture, fingerprints or hand geometry, even biomarked scents are measured in close physical proximity. The...more
Hell hath no fury like a bureaucracy scorned. Do you know a person who insists on having his own way all the time and who wants to control your relationships with others? I hope not, but many of us do....more
Just when you thought it was safe to send your data across the water, the distinctive dorsal fin of Schrems II breaks the surface.
The EU, who can barely be convinced that the UK’s data privacy law is “adequate” despite...more
The movement to localize some or all of internet data has grown over the past five years as countries introduce new laws restricting data flows, and others try to boost local businesses by placing burdens on international...more
2/23/2021
/ Algorithms ,
Authoritarian Regimes ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Localization Law ,
EU-US Privacy Shield ,
Foreign Relations ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Schrems I & Schrems II ,
Surveillance ,
Technology Sector
This may be the year when the limitation of biometric capture goes national. Right now, companies using biometrics are driven by one state law, but others could soon join....more
Your body may be a wonderland or a wasteland, but it is a goldmine of data. Collectors of information have noticed.
In our midwinter exploration of the economic and legal foundations of data regulation, we next turn to a...more
Last week I jumped from the starting point of the newest U.S. anti-trust action against Google into a discussion about the legal and economic status of data. I would like to carry the discussion of data further....more
Meet the Euro-crats who think that the European Union needs to behave more like Russia and China.
More like Nigeria, Kazakhstan, and Indonesia.
These leaders are pushing not just to punish U.S. firms for successfully...more
Definitions are important.
How we define words sets the context for how we regulate them. In the U.S., the definitions of legally defended private information are changing, affecting the entire scope of information...more
Some companies don’t seem to care about privacy compliance. They may not have the money to build a compliance regime. They may not believe in the laws or believe that the laws would ever be applied to them. They may just not...more
The world just received the newest pronouncement from the EU Court of Justice, in a decision known as Schrems II, and the legal opinion extends the data war declared on the United States in the first Schrems decision....more
8/12/2020
/ Contract Terms ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
International Data Transfers ,
National Security ,
Personal Data ,
Standard Contractual Clauses ,
UK Brexit
Since its conception, people have worried that an artificial intelligence would turn against humanity and threaten our lives. While this may be a result to be feared several years in the future, right now the more pressing...more
8/6/2020
/ Algorithms ,
Artificial Intelligence ,
Authoritarian Regimes ,
Biometric Information ,
Facial Recognition Technology ,
Foreign Relations ,
Minorities ,
Personal Data ,
Political Parties ,
Prison ,
Privacy Concerns ,
Surveillance ,
Technology Sector
If a picture of your face is used for a purpose that doesn’t identify you, is your privacy violated?
If the publicly available picture was used just to show a face, distinguished from some faces, similar to others, and fed...more
7/22/2020
/ Alphabet Company ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Facial Recognition Technology ,
Machine Learning ,
Microsoft ,
Name and Likeness ,
Personal Data ,
Public Information ,
State Privacy Laws
If your company holds or collects data in the US, the UK and elsewhere in the EU, you should be mapping out how data flows through those jurisdictions in anticipation of the UK “crashing out” of the European Union in October,...more
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can...more
8/2/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance. California’s new privacy law goes into effect January 1, 2020. Consumer lawsuits are expected to follow shortly after implementation. CCPA can...more
According to the highest court in the state, Georgia state government does not have an inherent obligation to protect citizens’ personal or sensitive data like social security numbers or status on the unemployment rolls. This...more