In a putative class action filed on June 28, 2023, in the Northern District of California, and in other similar cases, plaintiffs allege that OpenAI, Microsoft, and their respective affiliates violated the privacy rights of...more
7/18/2023
/ Artificial Intelligence ,
Business Model ,
Computer Fraud and Abuse Act (CFAA) ,
Copyright Infringement ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Getty Images ,
Intellectual Property Protection ,
Machine Learning ,
Open Source Software ,
Privacy Laws ,
Putative Class Actions ,
Software ,
User-Generated Content ,
Web Scraping
Colorado Department of Law Issues Draft CPA Revisions -
On December 22, the Colorado Department of Law issued updates to the draft Colorado Privacy Act (CPA) rules. These revisions build on written comments and feedback from...more
1/13/2023
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
COPPA ,
Data Security ,
Employee Definition ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
New Guidance ,
Penalties ,
Personal Data ,
Popular ,
Privacy Laws ,
Rulemaking Process ,
Standard Contractual Clauses ,
UK
Pandora’s Virtual Try-On Tool Leads to BIPA Class Complaint -
On November 15, 2022, a group of plaintiffs brought a purported class action against Pandora Jewelry LLC, claiming that its virtual try-on tool violates...more
12/12/2022
/ Biometric Information Privacy Act ,
Breach of Contract ,
Cease and Desist Orders ,
Class Action ,
Computer Fraud and Abuse Act (CFAA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
hiQ Labs Inc v LinkedIn Corp ,
LinkedIn ,
NIST ,
Personal Information ,
SCOTUS ,
Social Media ,
Twitter ,
Virtual Reality ,
Web Scraping
FTC Is Tracking Twitter Developments With “Deep Concern” -
Elon Musk’s recent purchase of Twitter has led to numerous resignations in the security department. Most recently, Twitter’s chief information security officer,...more
11/15/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Retention ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Personal Information ,
Risk Assessment ,
Twitter
California Privacy Protection Agency Releases Revised Regulations -
With the effective date less than three months away, and ahead of a Board Meeting on October 28 and 29, the California Privacy Protection Agency released...more
10/24/2022
/ Biometric Information Privacy Act ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
Internet of Things ,
Joe Biden ,
National Security ,
NIST ,
Online Safety for Children ,
PIPEDA ,
Popular ,
Privacy Framework ,
Privacy Laws ,
Ransomware ,
Schrems I & Schrems II ,
Sensitive Personal Information
CPPA Amends Draft CPRA Regulations & Announces Public Comment Dates -
The California Privacy Protection Agency (CPPA) has announced amendments to the California Privacy Rights Act proposed regulations, which primarily...more
7/13/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cookies ,
Data Breach ,
Data Brokers ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement ,
Federal Trade Commission (FTC) ,
FTC Act ,
General Data Protection Regulation (GDPR) ,
Metaverse ,
New Regulations ,
Privacy Laws ,
Rulemaking Process
Connecticut Passes the Fifth US State Consumer Privacy Law -
The Connecticut governor has formally signed and passed An Act Concerning Personal Data Privacy and Online Monitoring (CPDA), making this law the fifth US state...more
5/19/2022
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Blockchain ,
Brazil ,
CDPA ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Cookies ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Denmark ,
Department of Justice (DOJ) ,
European Parliament ,
France ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
NIST ,
PHMSA ,
Proposed Amendments ,
Risk Mitigation ,
SCOTUS ,
Supply Chain ,
Virginia
Colorado Attorney General Seeks Rulemaking Comments for the Colorado Privacy Act -
With the Notice of Proposed Rulemaking set for fall 2022, Colorado’s Attorney General office is currently inviting preliminary comments for...more
4/8/2022
/ Artificial Intelligence ,
Chile ,
China ,
CNIL ,
Colorado ,
Cyber Incident Reporting ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Risk Management ,
Rulemaking Process ,
Social Media ,
State Privacy Laws
The European Union (EU) and the United States (US) government have now reached an agreement in principle for a “Privacy Shield 2.0” to replace the original Privacy Shield Framework that was invalidated under the Schrems II...more
US News -
Utah Will Soon Publish US’s Latest Comprehensive State Privacy Law -
The Utah Consumer Privacy Act, also known as Senate Bill 227, recently cleared the Senate and the House. Though there are a few more steps...more
3/11/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Dismissals ,
Enforcement ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
India ,
New Legislation ,
Oman ,
Popular ,
Privacy Laws ,
Proposed Regulation ,
Settlement ,
State and Local Government ,
State Privacy Laws ,
Wiretapping ,
Workers Compensation Act
United Kingdom New Standard Contractual Clauses Submitted to Parliament -
The United Kingdom has finalized its new International Data Transfer Agreement and Addendum to the new EU standard contractual clauses. Subject to...more
2/17/2022
/ Brazil ,
California Consumer Privacy Act (CCPA) ,
Cookies ,
COPPA ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
NIST ,
Personal Data ,
Popular ,
Right of Access ,
Standard Contractual Clauses ,
UK
FTC Warns Companies to Remediate Log4j Security Vulnerability -
Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a...more
1/19/2022
/ Apple ,
Audits ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Defense (DOD) ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
GAO ,
General Data Protection Regulation (GDPR) ,
Opt-Outs
Best Practices for the Virginia Consumer Data Protection Act -
The Virginia Consumer Data Protection Act (VCDA) Working Group of the Joint Commission on Technology and Science released its final report on best practices...more
12/10/2021
/ CDPA ,
CNIL ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Monitoring ,
Enforcement Actions ,
ENISA ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Ransomware ,
UNESCO ,
Virginia
The EDPB releases guidelines to clarify a simple but surprisingly confusing question, "What is a data transfer under the GDPR?" In light of the new guidelines, businesses should review potential transfer activities and ensure...more
FCC Seeks Public Comment on the Current and Future Regulation of the “Internet of Things” -
The FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of...more
10/13/2021
/ Artificial Intelligence ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement Actions ,
FCC ,
General Data Protection Regulation (GDPR) ,
Hacking Back ,
Internet of Things ,
Malware ,
Mobile Apps ,
NIST ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-Outs ,
Popular ,
Public Comment ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Settlement ,
Software
US Department of Homeland Security Publishes Strategic Plan on Artificial Intelligence -
The Dep’t of Homeland (DHS) Security Science and Technology Directorate recently published its Artificial Intelligence & Machine...more
8/18/2021
/ Analytics ,
Artificial Intelligence ,
Biometric Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Homeland Security (DHS) ,
Department of Labor (DOL) ,
Employee Retirement Income Security Act (ERISA) ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Popular ,
Risk Mitigation ,
Wiretapping
The legislation updates the Children’s Online Privacy Protection Act (COPPA) by prohibiting internet companies from collecting personal information from anyone 13- to 15-years old without the user’s consent
Senators...more
6/9/2021
/ Biometric Information ,
Broker-Dealer ,
Cookie Banners ,
COPPA ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Collection ,
Data Protection ,
EU ,
European Commission ,
Executive Orders ,
Facial Recognition Technology ,
FBI ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Latin America ,
NGOs ,
Online Safety for Children ,
Personal Information ,
Popular ,
Proposed Legislation ,
Schrems I & Schrems II ,
Securities and Exchange Commission (SEC) ,
Standard Contractual Clauses ,
Suspicious Activity Reports (SARs)
California Can Enforce Net Neutrality Law After Court Victory -
California’s net neutrality law bars internet service providers from prioritizing, blocking, slowing down, or speeding up internet content. California’s law...more
4/13/2021
/ Adtech ,
California ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Data Brokers ,
Data Collection ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Injunctions ,
Internet Service Providers (ISPs) ,
Net Neutrality ,
Opt-Outs ,
Personal Data Protection Act 2012 (PDPA) ,
Proposed Legislation ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
UK
Tides of change in the digital advertising and regulatory landscape over the last few years have recently ushered in an increasingly likely future without third-party cookies.
Background – An Abbreviated History of Recent...more
According to the Council of the European Union, there are plans to move forward with replacing the Cookie Directive with the ePrivacy Regulation.
Background on the ePrivacy Directive -
While the General Data...more
The DCIA was introduced on November 17, 2020, to replace Canada’s current national privacy law for the private sector, the Personal Information Protection and Electronic Documents Act (PIPEDA).
PIPEDA came into force in...more
The CPRA, also referred to as CCPA 2.0, is a more robust version of the CCPA. The original drafter of the CCPA put CPRA on the ballot to amend and bolster key provisions in the CCPA....more
Delta Sues Software Provider Over Data Breach -
Delta Airlines sued its customer service chat provider, [24]7.ai Inc., in New York federal court accusing it of lax digital security practices that allowed a hacker to steal...more
9/12/2019
/ California Consumer Privacy Act (CCPA) ,
Canada ,
Consent Order ,
Data Breach ,
Delta Airlines ,
Email ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Popular ,
Settlement ,
Software ,
Statutory Violations ,
Swiss Privacy Shield ,
Third-Party Service Provider ,
UK Employment Appeal Tribunal ,
Video Recordings ,
WISP
Data protection authorities in the UK and France have released updated guidance for website operators that use cookies on their websites. This new guidance may mandate changes to existing cookie banners and provides further...more
7/22/2019
/ CNIL ,
Cookies ,
Data Protection Authority ,
e-Privacy Directive ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
Implied Consent ,
Prior Express Consent ,
Privacy Laws ,
UK ,
UK ICO ,
Website Owner Liability ,
Websites
Federal US News -
FTC Takes Action Against Companies Falsely Claiming Compliance With International Privacy Agreements -
The FTC reached a settlement with a background screening company over allegations it falsely claimed...more
7/16/2019
/ Accreditation ,
Advertising ,
Annual Reports ,
Asia Pacific ,
Automotive Industry ,
California Consumer Privacy Act (CCPA) ,
Code of Conduct ,
Consumer Information ,
Consumer Privacy Rights ,
Cookies ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
False Statements ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Internet Service Providers (ISPs) ,
Legal Representatives ,
New Rules ,
NIST ,
Popular ,
Prior Express Consent ,
Privacy Laws ,
Private Right of Action ,
Proposed Legislation ,
Right of Access ,
Right to Be Forgotten ,
Right to Control ,
Settlement ,
State Legislatures ,
Targeted Digital Advertising ,
Third-Party Service Provider ,
UK ,
UK ICO