When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
On 6 June 2024, the Italian supervisory authority ('Garante') published its opinion that the Wikimedia Foundation, Inc ('Wikimedia'), a US-based non-profit which hosts the free-to-use encyclopaedia website Wikipedia, was not...more
On 25 March 2024, the UK Office of Communications (Ofcom) published its research and advice to the Secretary of State (SoS) on the threshold conditions that it considers appropriate to determine whether a service falls into...more
When the UK Online Safety Act (the "Act") became law on 26 October 2023, it had established one of the most comprehensive online safety regulatory frameworks in the world. The Act's intention is to make the use of online...more
It has been some time already since the EU Digital Services Act (Regulation 2022/2065, DSA) was published, and since then, the discussions about Very Large Online Platforms (VLOPs) and Very Large Online Search Engines...more
On 16 November 2022, EU Regulation 2022/2065, better known as the Digital Services Act (“DSA”), came into force. The DSA is a key development in the use of online services in the European Union (“EU”), with an impact on...more
Following -by a day- a privacy-related claim challenge brought against another advertiser, the National Advertising Division found that advertiser DuckDuckGo had sufficiently substantiated its privacy claims. These cases are...more
EU Institutions Reach Political Agreement on the Digital Services Act - On April 23, 2022, European legislators achieved political agreement on the Digital Services Act (“DSA”). Together with the recently agreed Digital...more
CYBERSECURITY - FTC Warns Companies of Enforcement for Failing to Patch Log4j Vulnerability - In what I would describe as an unusual but interesting move by the Federal Trade Commission (FTC), on January 4, 2022, it...more
In Reference re Subsection 18.3(1) of the Federal Courts Act (the Reference), the Federal Court of Canada held that the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA) applies to internet...more
The latest lame-duck Covid relief package proposal would trim about 150 billion dollars (and a number of key sticking points, including funds “to bolster state and local governments, and a temporary coronavirus liability...more
Governments are starting to catch up with online businesses. Multinational clients that provide online advertising services, sell consumer data, or run online intermediary platforms should prepare themselves for the imminent...more
We routinely hear from United States citizens who want advice on how to remove photographs, newspaper articles, videos or personal information about themselves from the internet. Originally published by the European...more
On September 24, 2019, the highest court of the European Union (EU), the Court of Justice of the EU (CJEU), attempted to limit the territorial scope and authority of EU data protection authorities in its recent decision...more
*Trigger Warning*: This article includes mentions of suicide. It could be the start of a Law & Order episode. In August, a pedestrian in Manhattan’s East Village noted a driver sitting inside a parked car. The driver was...more
On January 10, 2019, Advocate General Szpunar issued his much awaited opinion in the Google case that was referred to the European Court of Justice by the French “Conseil d’Etat”, the highest administrative court of the...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
The Vermont Attorney General (AG) recently announced that it has settled with SAManage USA, a business support services company, for failing to timely notify 660 Vermont residents that their names and Social Security numbers...more
The recognition by the European Union of a “Right to be Forgotten” has caused much controversy, but seemingly progress is being made. The Right, which entitles Europeans to petition data controllers to prevent harmful...more
On July 13, 2015, the Russian President signed Federal Law No. 264-FZ (the Law), which introduced a range of amendments into Russian legislation (the Amendments). In particular, the principle of the “right to be forgotten”, a...more
On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting...more
On June 12, 2015 the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL) issued a notice ordering Google to draw all the consequences of the CJEU May 13, 2014 ruling and to apply...more
The U.K. Information Commissioner issued an order to Google this week requiring it to remove nine search results of an individual’s minor criminal offense that was committed close to ten years ago. This is reported to be the...more
On July 14, 2015, Vladimir Putin, the president of the Russian Federation, has signed the law on implementation of the “right to be forgotten” (the Law). The Law comes into force on January 1, 2016....more
One, of course, recalls the May 13, 2014 decision of the Court of Justice of the European Union (CJEU) on the “right to be forgotten”. As a result, the French Data Protection Authority (CNIL – Commission Nationale de...more
Forget me not. Twitter launched just eight years ago with this tweet from company co-founder, Jack Dorsey: (Please see photo below.) (Not nearly as dramatic as “Mr. Watson—come here—I want to see you”— but I digress.) ...more