With the new year just around the corner and eight new privacy laws coming online next year, December is an excellent time for companies to assess their data collection and processing practices, and take stock of any changes...more
On July 29, 2024, the FTC’s revised Health Breach Notification Rule (HBNR) takes effect. The Rule requires vendors of personal health records (PHRs) and related entities not covered by HIPAA to notify individuals, the FTC,...more
U.S. privacy developments are moving quickly, but health data privacy is racing forward. Companies that come into contact with consumers’ health data need to track and respond to a variety of developments. Most notably, these...more
Google updated its privacy terms earlier this month, shifting away from offering many of its advertising services on a “service provider” basis. With the change, Google states that its Customer Match, Audience Partner API,...more
On August 11, the FTC finally launched its “commercial surveillance and data security” rulemaking after many months of hype and speculation about the FTC’s ability to address consumer privacy through its “Mag-Moss” rulemaking...more
On Friday May 27, 2022, the California Privacy Protection Agency (CPPA) Board announced its next public meeting will be on June 8, 2022. The announcement simply stated the date of the meeting, that there are “some discussion...more
As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
9/30/2021
/ Data Controller ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In an aggressive expansion of its security and privacy enforcement programs, on September 15, 2021, the FTC issued what it characterized as a “Policy Statement” reinterpreting an old rule about personal health records....more
The Colorado Legislature recently passed the Colorado Privacy Act (“ColoPA”), joining Virginia and California as states with comprehensive privacy legislation. Assuming Colorado Governor Jared Polis signs the bill (SB 21-190)...more
Seven months after being called upon by members of Congress to investigate Zoom’s data security practices, a divided FTC announced on November 9 a settlement with the videoconferencing platform....more
The FTC’s most recent COPPA enforcement action, announced on June 4 with app developer HyperBeard, provides evidence of an ongoing debate within the Commission about privacy harm and the role of monetary relief in the...more
FTC Bureau of Consumer Protection Director Andrew Smith this week published some helpful pointers for companies that are developing or using AI to support consumer-facing services. These pointers are drawn from past FTC...more
On Wednesday, the California Attorney General (AG) released a third draft of proposed CCPA regulations for public comment. The draft contains a series of technical corrections, along with a handful of substantive incremental...more
3/12/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
Privacy Laws ,
Proposed Regulation
Regulatory interest in Internet of Things (“IoT”) devices is growing, partly in response to concerns about device security. In January, for example, California’s IoT Law (SB 327) went into effect. This law requires...more