Last year proved to be an incredibly active year for data privacy legislation, state and federal enforcement actions, and new compliance challenges introduced by emerging technology. Looking ahead to this year, there is no...more
In a settlement with Marriott International and its subsidiary Starwood hotels and Resorts Worldwide, the FTC will require Marriott to implement a new comprehensive data security program. The settlement stems from a series of...more
On Dec. 20, 2023, the Federal Trade Commission (FTC) published a Notice of Proposed Rulemaking (NPRM) to the Children’s Online Privacy Protection Act (COPPA). COPPA was enacted in 1998 and went into effect in 2000. Under...more
In 2023, use of generative artificial intelligence (Gen AI) tools such as ChatGPT went viral. Generative AI platforms can be utilized to create a host of efficiencies across businesses and professions such as drafting emails,...more
On Sept. 11, 2023, Delaware became the next state to enact a comprehensive consumer data privacy law as Gov. John Carney signed the Delaware Personal Data Privacy Act (DPDPA) which will go into effect on Jan. 1, 2025. The...more
On July 10, 2023, the European Commission adopted its adequacy decision on data transfers for the EU-U.S. (European Union/United States) Data Privacy Framework (DPF). The adequacy decision concluded that the United States...more
7/25/2023
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On June 5, 2023, the Nevada Legislature passed an amended version of Senate Bill 370 (SB 370 or the Act), which imposes new requirements on the collection, use and sale of consumer health data. The bill was signed on June 22,...more
On May 31, 2023, Amazon agreed to pay a $25 million civil penalty to settle Federal Trade Commission (FTC) charges that the company retained sensitive information collected from children using Alexa, in violation of the...more
On Dec. 19, 2022, Epic Games, the developer of popular video game Fortnite, agreed to pay more than $520 million to settle Federal Trade Commission (FTC) claims that alleged a violation of the Children’s Online Privacy...more
On Jan. 1, 2023, both the California Privacy Rights Act (CPRA) and Virginia Consumer Data Privacy Act (VCDPA) come into effect, introducing new and updated data privacy and security obligations to covered entities. As these...more
It is often questioned how someone’s career path, which began with asserting and defending patents in litigation, transforms to a career focused on cybersecurity and data privacy, as mine has in the last two decades of...more
Zoetop, the parent company behind online fashion retailers SHEIN and ROMWE, has been fined $1.9 million by New York State after it failed to properly inform customers of a data breach that affected millions of users. A...more
The cybersecurity and data privacy legal landscape continues its rapid evolution. Below is an outline of some of the most significant developments in the last quarter.
Federal Legislation:
In June, a bipartisan...more
On Aug. 20, 2021, the Standing Committee of China’s National’s People’s Congress, the top legislative body of the People’s Republic of China, adopted a national privacy law. The extensive law, named the Personal Information...more
On Nov. 17, 2020 the government of Canada introduced Bill C-11, also known as the Digital Charter Implementation Act, 2020 (the Act). The Act would create the Consumer Privacy Protection Act (CPPA), not to be confused with...more
After years of United States organizations—large and small—investing in and relying on the EU-U.S. Privacy Shield as the foundation for permissible data transfer between the EU and the U.S., with the stroke of a pen, or...more
With the outbreak of Coronavirus in the U.S., virtual meeting apps have seen an exponential increase in usage. From business meetings and remote real estate walk throughs, to online schooling to virtual happy hours—countless...more
The ink is still wet, and the dust has hardly settled after the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Yet starting in February, two class actions were filed by California residents...more
On the last day of its 2019 session, the California legislature passed six bills that amend and clarify key provisions of the California Consumer Privacy Act (the “CCPA”), the state’s landmark 2018 data privacy law. The CCPA,...more
12/5/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Newsom ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete