On March 22, 2024, the Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flow (the “Regulations”), effective immediately. The Regulations supplement China data...more
The White House announced that President Biden will sign an executive order designed to protect sensitive data of U.S. persons from exploitation by identified countries of concern. This executive order is expected to be...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
On November 21, 2023, the Colorado Attorney General (the “AG”) published a shortlist of potential universal opt-out mechanisms (“UOOMs”) that the AG is considering recognizing as binding under the Colorado Privacy Act (the...more
In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally...more
On July 20, 2023, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (“HHS”), and the Federal Trade Commission (“FTC”) published a joint letter sent to approximately 130 hospital systems...more
Corporate legal departments are increasingly receiving requests from business clients to use ChatGPT or similar “generative AI” tools in their operations. These requests can be urgent, with business clients demanding...more
Artificial intelligence (AI) is expanding into more industries (often in surprising ways) and has inevitably caught the attention of federal and state regulators. Our Privacy, Cyber & Data Strategy Team summarizes the...more
12/12/2022
/ Algorithms ,
Artificial Intelligence ,
Corporate Counsel ,
Data Processors ,
Data Protection ,
Federal Trade Commission (FTC) ,
FinTech ,
Health Technology ,
Machine Learning ,
Medical Devices ,
NIST ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Risk Assessment ,
Technology Sector
Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an increasingly relevant target for cyberattacks....more
Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests...more
The European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard...more
Since the California Consumer Privacy Act (CCPA) entered into force on January 1, 2020, many companies have been closely following the development of CCPA Regulations by the California Attorney General’s Office (AG’s Office)....more
At approximately 6:00 p.m. today, March 11, 2020, California Attorney General Xavier Becerra announced a second round of modifications to the draft regulations his office is preparing for the California Consumer Privacy Act...more
3/12/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Proposed Regulation
California Attorney General Xavier Becerra has released updated regulations to the California Consumer Privacy Act (CCPA) that contain a number of material modifications to the initial CCPA regulations released in October...more
2/14/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Right to Delete
Our Privacy & Data Security Team summarizes the portions of California’s proposed regulations for the California Consumer Privacy Act (CCPA) that are likely of material interest to companies across industries and highlights...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Right to Delete
On July 29, 2019, the European Court of Justice (“ECJ”) issued its decision in the case of FashionID GmbH & Co. KG v. Verbraucherzentrale NRW. The ECJ found that websites that integrate Facebook plugins are jointly...more
As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL...more
Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or...more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to...more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to...more
5/29/2018
/ Article 29 Working Party (WP29) ,
Austria ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Young Lawyers
On February 16, 2018, the Brussels Court of First Instance rendered a judgment in proceedings brought by the Belgian Privacy Commission’s against Facebook. The case forms one part of two-tiered litigation brought by the...more
In just under 100 days, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of their...more
In less than 100 days, the General Data Protection Regulation (GDPR) will go into effect. This means that as of May 25, 2018, each national Supervisory Authority will have the authority to apply and enforce the GDPR....more
About this time last January, the European Parliament released its proposal for a new ePrivacy Regulation. The intent of the ePrivacy Regulation is to replace the current ePrivacy regime – which consists of an ePrivacy...more
Last year, Germany became the first EU member state to pass legislation implementing the EU’s General Data Protection Regulation (GDPR). For companies, national GDPR implementing legislation can be significant....more