Oregon’s Attorney General released a new report this month, summarizing the outcomes since Oregon’s “comprehensive” privacy law took effect six months ago. A six-month report isn’t new: Connecticut released a six month report...more
Many expect that deal activity will increase in 2025. As we approach the end of the first quarter, it is helpful to keep in mind privacy and data security issues that can potentially derail a deal. We discussed this in a...more
Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more
Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other...more
At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
1/29/2025
/ Artificial Intelligence ,
Bots ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Italy ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
It is hard to believe that another year is upon us! As we have done in years past (including 2023, 2022, 2021, 2020, 2019 and 2018), we have created a comprehensive resource of all our www.eyeonprivacy.com posts from 2024. As...more
1/22/2025
/ Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Online Safety for Children ,
Privacy Laws ,
Regulatory Agenda ,
Risk Management ,
Social Media ,
State Privacy Laws ,
Technology Sector ,
UK
The Colorado AG’s office adopted draft amendments to the Colorado Privacy Act rules last month. The adopted draft reflected input from the public to AG’s September 2024 version and addresses three key issues. First, on...more
In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more
The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft....more
The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like. First, some background: an EU law that...more
11/1/2024
/ Accessibility Rules ,
Data Collection ,
Data Privacy ,
Data Protection ,
e-Privacy Directive ,
Electronically Stored Information ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
New Guidance ,
Privacy Laws ,
Technology ,
Tracking Systems
California’s governor has signed an amendment to CCPA, the state’s well-known privacy law. While California was the first to pass a “comprehensive” privacy law, it is the second -with this new amendment- to include “neural...more
California has been active in the kids space. First, the Ninth Circuit’s recently ruled on the California’s Age-Appropriate Design Code Act. Second, the governor has just signed a new law aimed at social media sites....more
Malaysia is in the process of updating its Personal Data Protection Act to align more closely with laws in other jurisdictions. The law was originally passed in 2010 and then modified this year. As part of the modification...more
2024 seems like it is flying by. For those keeping track of US state “comprehensive” privacy laws you know that October 1 – a week away – brings the effective date of the Montana privacy law. The “big sky” state will join...more
9/24/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Montana ,
New Legislation ,
New Regulations ,
Privacy Laws ,
Regulatory Agenda ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Wondering what the requirements are for transferring personal information out of Brazil? Under the country’s Data Protection Law, extra-territorial transfers of personal information are regulated in much the same way as in EU...more
Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on...more
Verkada, a manufacturer and retailer of security cameras, has settled FTC accusations of lax security measures. The company sells its products to businesses, including schools and medical facilities. It markets its products...more
A biotech company recently settled with three AGs over allegations that it had failed to protect consumer information. According to the AGs of Connecticut, New York and New Jersey, this led to a 2023 data incident. The...more
8/28/2024
/ Data Breach ,
Data Protection ,
Data Security ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
New York ,
Policies and Procedures ,
Privacy Laws ,
Settlement ,
State Attorneys General ,
State Privacy Laws
New York Attorney General Letitia James recently released guidance for businesses and consumers about website tracking technologies. The consumer guide provided examples of common cookies, tracking technologies, and how...more
8/23/2024
/ Consumer Protection Laws ,
Cookies ,
Data Privacy ,
Data Protection ,
Data Security ,
Internet Privacy ,
New Guidance ,
New York ,
Privacy Laws ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices ,
Web Tracking ,
Websites
The amendment to the Colorado Privacy Act, expanding the scope of sensitive data, goes into effect August 6, 2024. The law will now include as sensitive information biological data that is used for identification purposes....more
TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the...more
8/2/2024
/ Cell Phones ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
FCC ,
Information Security ,
Privacy Laws ,
Settlement ,
Telecommunications ,
TracFone Wireless ,
Wireless Devices ,
Wireless Industry
In its ongoing concern with “dark patterns,” the FTC recently announced results of two reviews of sites and apps purportedly engaging in the practice. As a reminder, the FTC views as “dark patterns” practices or web designs...more
Minnesota’s governor has now signed into law that state’s comprehensive privacy law. For those keeping count – that is number 19 of state “comprehensive” privacy laws, with six in 2024 alone. The Minnesota law will go into...more
6/10/2024
/ Consumer Privacy Rights ,
Data Collection ,
Data Protection ,
Legislative Agendas ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Popular ,
Privacy Laws ,
Recordkeeping Requirements ,
Regulatory Requirements ,
Sensitive Business Information ,
State Privacy Laws
Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a...more
5/30/2024
/ Artificial Intelligence ,
Connected Cars ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
Social Media ,
State and Local Government ,
State Privacy Laws ,
Transportation Industry ,
Web Tracking
Maryland’s new comprehensive data privacy law, the Maryland Online Data Privacy Act, was recently signed into law by Governor Moore. This brings the total number of state “comprehensive” privacy laws to 18, five of which have...more
5/21/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Legislatures ,
State Privacy Laws