Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance with eight underlying principles. The order, while directed to government agencies, will impact businesses as well. In particular,...more
The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more
11/28/2023
/ CNIL ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Marketing ,
Personal Data ,
Privacy Laws ,
Regulatory Violations
Beginning today, the UK adequacy decision for US data protection measures goes into effect. As a result, UK companies can transfer personal information to entities in the US that are participants in the EU-US Data Privacy...more
After some delay, Delaware’s governor has at last signed into law the thirteenth state comprehensive privacy law. This is the seventh law passed in 2023, joining Iowa, Indiana, Tennessee, Montana, Florida, and Oregon. The law...more
Oregon recently joined Vermont and California as the third state requiring data broker registration before collecting, selling, or licensing “brokered personal data.” Several types of entities are exempt from the law. These...more
8/16/2023
/ Customers ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Selling ,
Exemptions ,
Information Sharing ,
New Legislation ,
Oregon ,
Penalties ,
Personal Data ,
Personal Information ,
Subscribers ,
Third-Party
Iowa recently became the fifth state to offer businesses a safe harbor if they have a written cybersecurity program. Others are Connecticut (October 1, 2021), Ohio (effective November 2, 2018), Oregon (effective January 1,...more
The EU Commission adopted today an adequacy decision for the EU-US Data Privacy Framework. As we indicated last month, this has been an area closely watched by those transferring data from the EU to the US. The issue has been...more
When thinking about privacy notice obligations, companies often -incorrectly- leap to the wording in their privacy policies. The new comprehensive state privacy laws are a reminder that notice obligations are a bit broader...more
7/7/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
With a little less than a week before the next US state “comprehensive” privacy laws (Colorado and Connecticut) go into effect, many are reviewing existing practices. One that keeps coming up is the concept of “profiling.” As...more
6/27/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Texas has now become the 11th state, following Florida, to have a “comprehensive” privacy law. HB 4 was signed by the governor on June 18, 2023. This caps off a busy spring for state lawmakers not only in Texas, but Florida,...more
6/20/2023
/ Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Privacy Acts ,
Privacy Laws ,
Sensitive Personal Information ,
State and Local Government ,
State Privacy Laws ,
Texas
The process for data transfers from the EU to the US under Standard Contractual Clauses has been back in the news recently, leading many to ask: will the proposed EU-US Data Privacy Framework be approved by the Europeans...more
6/12/2023
/ Biden Administration ,
Cross-Border ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
International Data Transfers ,
National Security ,
Policies and Procedures ,
Privacy Laws ,
Safe Harbors
Montana now joins a growing list of states to have a comprehensive privacy law. The law was signed by the governor on May 19, 2023 and will go into effect October 24, 2024. This is before some Iowa (effective January 1, 2025)...more
EyeMed recently entered into a settlement with the Attorneys General of Oregon, New Jersey, Florida and Pennsylvania around a 2020 breach of an EyeMed email account that contained the data of more than 2 million individuals....more
5/18/2023
/ California ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Florida ,
New Jersey ,
Oregon ,
Pennsylvania ,
Privacy Laws ,
Settlement ,
State Privacy Laws
The Tennessee governor has signed Tennessee’s comprehensive privacy law, which as we have indicated will go into effect July 1, 2025. As initially proposed, the law would have been effective July 1, 2024, and would have...more
5/16/2023
/ Carve Out Provisions ,
Consumer Privacy Rights ,
Covered Entities ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws ,
Tennessee
With January well in the rear view mirror, companies are setting their privacy compliance sights on the next two laws to come into effect on July 1, 2023: Colorado and Connecticut. Knowing, of course, that Utah (December 31,...more
5/11/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Indiana has now become the seventh US state to enact a comprehensive privacy law after Senate Bill 5 (“SB5”) was signed by the governor on May 1, 2023. The new law will go into effect January 1, 2026, and is almost identical...more
As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their...more
The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily...more
The EU released its draft adequacy decision for the EU-US Data Privacy Framework, but all is not smooth sailing. As we wrote in October, the US developed the proposed new framework in response to the declared inadequacy of...more
The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security...more
The California governor recently signed into law the California Age-Appropriate Design Code Act, which will go into effect July 1, 2024. The law applies to “businesses” (as defined by CCPA) that provide online services or...more
Following -by a day- a privacy-related claim challenge brought against another advertiser, the National Advertising Division found that advertiser DuckDuckGo had sufficiently substantiated its privacy claims. These cases are...more
7/28/2022
/ Advertising ,
Customer Privacy ,
Data Collection ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Mobile Apps ,
NAD ,
Privacy Laws ,
Search Engines ,
Web Browsers
With six months before the first of the new US state general privacy laws go into effect, there are several steps companies can take now to begin to prepare. Unfortunately there are some parts of compliance that will be...more
As we pass the half-way mark of 2022, many are reflecting on their privacy compliance progress. One area that seems to be a constant battle is training. How much is needed? What kind of training? What are expectations from...more
In a recent letter to the UK law society, the UK Information Commissioner’s Office and the National Cyber Security Centre have provided lawyers with advice about ransomware payments...more