On January 16, 2025, the Federal Trade Commission (FTC) published its Final Rule officially adopting updates to the Children’s Online Privacy Protection Act (COPPA). For a comprehensive overview of these changes, be sure to...more
The U.S. Department of Justice (DOJ) has issued a final rule that significantly restricts the transfer of bulk sensitive personal data and government-related data to certain foreign entities deemed countries of concern....more
Overview -
In 2024, lawsuits targeting companies for their use of commonly deployed digital tracking technologies, such as pixels, and session replay tools proliferated. Frequently used on apps and websites, tracking...more
As state-level privacy laws continue to expand in the absence of federal legislation, businesses must prepare to meet a growing patchwork of requirements or risk penalties and reputational harm. In 2025, eight additional...more
With increasing scrutiny on how companies handle personal data of children under 18, several new laws are reshaping the legal landscape. Even companies that may not intend to direct their services to children still need to be...more
Companies frequently wish to record telephone conversations related to their operations, customers, or business transactions. In response, the U.S. Congress and most state legislatures have enacted statutes and regulations...more
Companies frequently wish to record telephone conversations related to their operations, customers, or business transactions. In response, the U.S. Congress and most state legislatures have enacted statutes and regulations...more
General Background -
On May 17, 2024, Governor Jared Polis of Colorado enacted the Colorado Artificial Intelligence (AI) Act (CAIA), marking a significant milestone as what its sponsor calls a “chassis,” an initial...more
In an era where digital privacy is increasingly under threat, the recent deepfake incident involving the globally renowned artist, Taylor Swift, has catapulted the issue of nonconsensual pornography to center stage. This...more
The California Privacy Protection Agency (the “Agency”) may start enforcing privacy regulations according to a recent decision from the California Third District Court of Appeal. The privacy regulations at issue stem from the...more
The Colorado Department of Law has published its Universal Opt-Out Shortlist under the Colorado Privacy Act (“CPA”). This is eagerly awaited guidance for organizations who are subject to the CPA as the guidance provides...more
On December 8, 2023, the EU announced that Parliament and Council negotiators “had reached a provisional agreement on the Artificial Intelligence Act.” Negotiators had been under pressure to resolve differences to maintain...more
Privacy impact assessments (PIAs) and/or data protection impact assessments (DPIAs) have formed the practical basis for evaluating initiatives involving personal data in order to comply with various legal requirements for...more
With the passage of numerous comprehensive state laws, many U.S. companies are now subject to a formal requirement to complete a Privacy Impact Assessment (“PIA”). While the various state and international PIA requirements...more
On October 30, 2023, the Biden-Harris Administration issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (the “EO”) in an effort to advance American leadership and...more
Generative artificial intelligence (“GenAI”) and GenAI tools like ChatGPT have a significant opportunity to revolutionize how many organizations do business. GenAI tools allow users to brainstorm ideas, quickly generate...more
In March of this year, we wrote about “secondary use” consent requirements under the CCPA and Colorado’s CPA. Since that post, the number of U.S. state privacy laws has roughly doubled. Determining consent requirements under...more
Kilpatrick Townsend’s Meghan Farmer, Alex Borovsky, Jennie Cunningham, and Zain Haq recently presented “Navigating the New Data Privacy Landscape” at an event sponsored by the Association of Corporate Counsel Nation Capital...more
Kilpatrick Townsend’s Meghan Farmer, Alex Borovsky, Jennie Cunningham, and Zain Haq recently presented “Navigating the New Data Privacy Landscape” at an event sponsored by the Association of Corporate Counsel Nation Capital...more
While there is no comprehensive, federal United States law governing privacy, there are several major state laws that are currently in place. To help our clients assess their compliance posture, we have published a quick,...more
3/16/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
The Argentine Data Protection Authority recently issued a new regulation approving two sets of model contractual clauses (controller-to-controller and controller-to-processor) for the international transfer of personal data....more
As 2016 has come to a close, now is a good time to take stock of new disclosure obligations for website privacy policies introduced over the course of the year. It is likely that if your company’s privacy policy has not been...more
Yesterday the European Commission released a draft “adequacy decision” on the protection provided by the EU-U.S. Privacy Shield together with the texts that will constitute the EU-U.S. Privacy Shield framework. Once adopted...more
3/1/2016
/ Complaint Procedures ,
Contract Terms ,
Corporate Counsel ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Popular ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework ,
Young Lawyers