Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town....more
On March 31, 2024, the Washington My Health My Data Act (MHMDA), a comprehensive consumer health privacy law, will come into force. Small businesses – defined as those processing consumer health data of fewer than 100,000...more
3/29/2024
/ Advertising ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Exemptions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice Requirements ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Popular ,
Small Business ,
State Privacy Laws ,
Wellness Programs
In a sweeping, coordinated effort across federal agencies, the US government has taken a giant leap forward to prevent access to data that could be exploited to the detriment of national security. On February 28, 2024,...more
3/8/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Bureau of Industry and Security (BIS) ,
CFIUS ,
China ,
Covered Person ,
Covered Transactions ,
Cuba ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
Iran ,
North Korea ,
Office of Foreign Assets Control (OFAC) ,
Personal Data ,
Prohibited Transactions ,
Russia ,
Sensitive Personal Information ,
Venezuela
GPT-4, the “engine” behind ChatGPT, just passed—well, really, aced— the Uniform Bar Exam. It scored in the 90th percentile (i.e., it did better than 90% of test takers), and, while the threshold to pass the bar varies based...more
On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal...more
On 13 April 2021, the British Virgin Islands (“BVI” or “Virgin Islands”) became the latest jurisdiction to enact a comprehensive information privacy law when the territory published the Data Protection Act, 2021 (the “DPA...more
5/5/2021
/ British Virgin Islands ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Data Retention ,
Data Security ,
Data Subjects Rights ,
Data Transfers ,
Notice Requirements ,
Personal Data ,
Privacy Laws ,
Private Right of Action
On 21 April 2021, the European Commission unveiled a proposal for an EU Artificial Intelligence Regulation (“Proposal”). The Proposal recognizes that AI offers significant benefits and opportunities for the EU market, but...more
4/27/2021
/ Artificial Intelligence ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Distributors ,
EU ,
European Commission ,
Fines ,
Importers ,
Member State ,
Proposed Regulation ,
Recordkeeping Requirements ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
Corporate Social Responsibility (“CSR”) and Environmental, Social, and Governance (“ESG”) practices have increasingly become priorities for many organizations as they assess their obligations to their employees, customers,...more
4/21/2021
/ Best Practices ,
Business Strategies ,
Consumer Privacy Rights ,
Corporate Social Responsibility ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Environmental Social & Governance (ESG) ,
Information Governance ,
Policies and Procedures
On March 31, 2021, New York became the 16th state in the U.S. (with New Mexico poised to become the 17th any day now) to legalize the recreational use of cannabis by people 21 years old or older, paving the way for the...more
4/13/2021
/ Advertising ,
B2C ,
Controlled Substances ,
Controlled Substances Act ,
Decriminalization of Marijuana ,
Dispensaries ,
Marijuana ,
Marijuana Related Businesses ,
Marketing ,
Schedule I Drugs ,
Telecommunications ,
Text Messages
On March 2, 2021, Virginia enacted the Consumer Data Protection Act (“VCDPA”). The VCDPA will become effective January 1, 2023. The VCDPA shares its roots with the California Consumer Protection Act (“CCPA”) and the recently...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Data Security ,
Data Sellers ,
Data-Sharing ,
Enforcement Actions ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
NEW YORK STATE LEGISLATURE PROPOSES BIOMETRIC PRIVACY ACT -
On January 6, 2021, the New York state legislature proposed the Biometric Privacy Act (AB 27) to regulate the collection of biometric information by companies...more
The world is facing a significant public health crisis that requires a strong response and common approach. Governments and scientists around the world are relying on automated data processing and digital technologies as part...more
On June 28, California enacted AB 375, the California Consumer Privacy Act (CCPA). The CCPA grants expansive consumer privacy protections including data privacy rights similar to those provided by the EU General Data...more
On July 12, 2016, the European Commission formally adopted the Privacy Shield, a new transatlantic framework for the transfer of personal data from the European Union (EU) and certain countries of the European Economic Area...more
8/11/2016
/ Consent ,
Data Processors ,
Data Protection Authority ,
Department of Transportation (DOT) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Self-Certification ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The European Commission released its long-awaited draft adequacy decision for the EU-U.S. Privacy Shield, a major step towards the formal approval of the program that is to replace the invalidated Safe Harbors program. The...more
On Feb. 2, the European Commission and the United States announced an agreement on a new framework for transatlantic data flows. The EU-US Privacy Shield will replace the Safe Harbor framework that was invalidated by the...more
2/4/2016
/ Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The European Union’s highest court has, effective immediately, invalidated the US-EU Safe Harbor program relied upon by many companies as the basis for lawfully transferring and processing personal information from the EU to...more
10/8/2015
/ Anonymization ,
Binding Corporate Rules ,
Data Controller ,
Data Localization Law ,
Data Privacy ,
Data Processors ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Germany ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Prior Express Consent ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
Recent amendments to California’s Online Privacy Protection Act may have implications for all commercial online operators given the geographically limitless scope of the Internet. The amendments, effective Jan. 1, 2014,...more