On June 2, the New Jersey Division of Consumer Affairs (Division) published proposed regulations to implement the New Jersey Data Privacy Act (NJDPA). Of note, these rules were proposed months after the NJDPA went into effect...more
Following the Federal Trade Commission’s decision in December 2023 to ban Rite Aid from using AI facial recognition, it has become crystal clear that U.S. regulators expect a risk assessment when a retailer uses facial...more
On 20 March 2025, the Nigeria Data Protection Commission (Commission), issued the General Application and Implementation Directive (GAID). The GAID serves as a regulatory framework for implementing the Nigeria Data...more
Malaysia’s newly released Cross Border Personal Data Transfer Guidelines mark a groundbreaking shift in its data protection regulatory landscape, requiring data controllers to conduct Transfer Impact Assessments and implement...more
Are you using artificial intelligence in your business operations? Do you have AI embedded in the goods and services you offer customers? The regulatory framework applicable to AI continues to develop, including across US...more
Privacy pros are passionate about doing good work, in every sense of the word. Yes, we care about managing privacy as thoroughly and efficiently as possible (and not getting fined). But we are all in this line of work for a...more
On March 13, 2025, the U.S. District Court for the Northern District of California granted a preliminary injunction preventing the California Attorney General (AG) from enforcing the California Age-Appropriate Design Code Act...more
With eight states rolling out new privacy laws in 2025 and many more already on the books, businesses have never faced a more fragmented regulatory landscape. These laws will expand consumer rights, impose stricter data...more
As of this writing, the CAM4 security incident remains the largest data breach in history. The attack on the website exposed nearly 11 billion records, including users' names, email addresses, sexual orientations, chat...more
As January 2025 privacy strategy planning ramps up this fall, our Privacy, Security, & Artificial Intelligence team has put together a planning alert for 2024–2025. In this installment, we review the following nine state...more
On August 16, 2024, the U.S. Court of Appeals for the Ninth Circuit issued an opinion partially upholding—and partially vacating—the District Court for the Northern District of California’s preliminary injunction preventing...more
Minnesota has become the 18th state to enact a comprehensive consumer privacy law. On May 24, Gov. Tim Walz (D) signed the Minnesota Consumer Data Privacy Act into law to provide privacy rights to Minnesotans and to impose...more
On May 9, the Governor of Maryland approved SB 571 (the “Act) to provide consumer online protections for children. The Act will afford protections from online products aimed at children or that are likely accessed by...more
On May 9, Maryland became the second state to enact an (AADC), the Maryland Kids Code, alongside the Maryland Online Data Privacy Act (MODPA) — Maryland’s first comprehensive data privacy bill. Maryland’s AADC follows...more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
Last month, Nebraska passed the Nebraska Data Privacy Act (NDPA), making it the latest state to enact comprehensive privacy legislation. Nebraska joins California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana,...more
Kentucky - On April 4, 2024, Kentucky joined the growing number of states to enact data privacy legislation, becoming the third state to do so in 2024 and the fifteenth state overall at the time of enactment....more
Avoid confusion between these two important privacy assessments and learn which is best for protecting your data. Keeping data and customer personal information (PI) secure is becoming more difficult by the day....more
A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with...more
Startups face unique challenges that can impact their success and sustainability. Obstacles such as financial constraints (inadequate funding or limited cash flow) and resource constraints often result in small teams having...more
Keypoint: A California federal district court granted NetChoice’s motion for preliminary injunction, finding that the California Age-Appropriate Design Code Act likely violates the First Amendment. On September 18, 2023, the...more
With the continuing onslaught of state privacy laws, it’s easy to become overwhelmed by the number of new legal obligations while also trying to stay focused on identifying and mitigating the most pressing legal and business...more
The protection of children's online privacy has emerged as one of the most important data privacy issues in the United States. With the existing U.S. framework for protecting children's online privacy widely criticized as...more
The very definition of generative AI suggests the creation of new content based on a program training on existing data, a recipe that necessarily raises potential U.S. and EU data privacy issues, not to mention related...more
Much like the beginning of 2023, when two new state data privacy acts went into effect, the midpoint of 2023 will feature two more state data privacy acts coming onto the books. On July 1, 2023, the Colorado Privacy Act...more