New BIPA Ruling: Dismissal of Claims Against Samsung Over its Face App Data -
On July 24, 2024, a federal judge in Illinois dismissed the case GT v. Samsung Electronics America, Inc., in which a putative class of Samsung...more
8/19/2024
/ Biometric Information Privacy Act ,
Data Protection ,
Enforcement ,
European Commission ,
European Parliament ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Illinois ,
Information Commissioner's Office (ICO) ,
Informed Consent ,
Minor Children ,
Personal Information ,
Settlement ,
Social Media ,
State Data Privacy Laws ,
Tracking Systems ,
UK
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections -
On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
7/1/2024
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Multi-Factor Authentication ,
Personal Data ,
Securities and Exchange Commission (SEC) ,
Settlement ,
State Privacy Laws ,
UK GDPR ,
Vermont
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
European Data Protection Board Publishes Strategy for 2024-27 -
The European Data Protection Board (“EDPB” - the EU body tasked with promoting consistency and cooperation in enforcement of the GDPR) has outlined its...more
5/6/2024
/ Artificial Intelligence ,
Department of Health and Human Services (HHS) ,
Draft Guidance ,
Enforcement ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Machine Learning ,
Penalties ,
Personal Data ,
Reproductive Healthcare Issues ,
Transparency ,
UK
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Machine Learning ,
OMB ,
Online Safety for Children ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
UK ,
Voluntary Compliance
European Parliament Approves EU AI Act -
On March 13, 2024, the European Parliament approved the EU Artificial Intelligence Act (“AI Act”). A first of its kind legal framework for AI, the AI Act has extraterritorial effect,...more
3/29/2024
/ Appeals ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity Framework ,
Data Brokers ,
Data Collection ,
European Parliament ,
Federal Trade Commission (FTC) ,
Foreign Adversaries ,
General Data Protection Regulation (GDPR) ,
Popular ,
Sensitive Personal Information ,
Strategic Planning ,
Transparency
Biden Administration Issues Executive Order Restricting Bulk Transfers of U.S. Citizens' Personal Data to “Countries of Concern” -
On February 28, 2024, President Biden issued an Executive Order (“EO”) to address the...more
3/15/2024
/ Biden Administration ,
California ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Selling ,
Employee Monitoring ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
High-Risk Countries ,
NIST ,
Opt-Outs ,
Personal Data ,
Sensitive Personal Information ,
UK
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
FTC Announces Proposed Settlement with Data Aggregator over its Alleged Selling of Precise Location Data -
The Federal Trade Commission (“FTC”), on January 18, 2024, announced a proposed settlement with InMarket Media...more
FTC Settles with Rite Aid on its Use of AI and Processing of Biometric Information -
The Federal Trade Commission (“FTC”), on December 19, 2023, announced that it had reached a settlement with Rite Aid Corporation (“Rite...more
1/19/2024
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Brokers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Inventors ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-In ,
Patents ,
Rite Aid ,
Sensitive Personal Information ,
Settlement ,
UK
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
Clearview AI was issued with an enforcement action including a fine of around £7.5million and an order to delete certain data by the ICO for breaches of the UK GDPR in relation to its facial recognition data. The Tribunal...more
The UK has approved the UK-U.S. Data Bridge facilitating flows of personal data to U.S. entities that have self-certified to the EU-U.S. Data Privacy Framework (‘DPF’), provided that those entities extend their DPF...more
9/25/2023
/ Compliance ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Safe Harbors ,
Schrems I & Schrems II ,
UK ,
UK GDPR
FTC Settles with Experian for Alleged Customer Spamming -
On August 14, 2023, the Federal Trade Commission (“FTC”) announced a proposed settlement involving Experian Consumer Services (“Experian”). A federal court entered...more
9/1/2023
/ Artificial Intelligence ,
Biometric Information ,
CAN-SPAM Act ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity Summit ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Draft Guidance ,
Experian ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Opt-Outs ,
Penalties ,
Personal Data ,
Risk Assessment ,
Settlement ,
Spam ,
UK ,
UK GDPR
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
8/23/2023
/ Artificial Intelligence ,
Biometric Information ,
CNIL ,
Cryptocurrency ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
HMRC ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
EU institutions are aiming to reach an agreement on the final form AI Act through ongoing trilogue negotiations by the end of 2023.
The AI Act takes a risk-based approach and categorises AI systems into four risk levels:...more
On 10 July 2023, the European Commission announced a major development1 in EU-U.S. personal data transfer relations by adopting a long-anticipated adequacy decision2 for the EU-U.S. Data Privacy Framework (“DPF”). The...more
7/12/2023
/ Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Policies and Procedures ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Proposed EU-US Data Transfer Agreement Continues to Face Obstacles in Parliament -
As we reported in Issue 29 of Cyber Bits, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP...more
4/28/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
European Commission ,
European Parliament ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers
The Proposed EU-U.S. Data Privacy Framework Faces Potential Obstacles -
On February 14, 2023, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP Committee”) released a draft opinion...more
A key pillar of the EU’s overhaul of the digital economy, the Digital Services Act (“DSA”), aims to harmonise rules for online intermediaries. It includes numerous new obligations for those businesses in scope which scale up...more
FBI Seizes Hive Ransomware Servers—Blocks US$130 Million in Demanded Ransoms -
On January 26, Attorney General Merrick Garland announced that the Department of Justice dismantled the “Hive” ransomware group, which had...more
2/3/2023
/ Biden Administration ,
Big Tech ,
California Consumer Privacy Act (CCPA) ,
Cookie Banners ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Extortion ,
FBI ,
Investigations ,
New Legislation ,
New Regulations ,
Popular ,
Privacy Laws ,
Ransomware
SEC Division of Examinations Issues Risk Alert on Regulation S-ID and Identity Theft Prevention Programs -
On December 5, 2022, the Securities and Exchange Commission (“SEC”) Division of Examinations (“EXAMS”) issued a...more
12/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
American Civil Liberties Union (ACLU) ,
Artificial Intelligence ,
Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Investment Adviser ,
Minors ,
Online Safety for Children ,
Personal Data ,
Policies and Procedures ,
Proposed Legislation ,
Regulation S-ID ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
SolarWinds
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (“EO”).
The EO lays ground for the long-awaited successor to the EU-U.S. Privacy...more
10/12/2022
/ Biden Administration ,
Civil Liberties ,
Data Privacy ,
Data Transfers ,
Department of Justice (DOJ) ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Executive Orders ,
International Data Transfers ,
National Intelligence Agencies ,
Schrems I & Schrems II ,
Standard Contractual Clauses