On 21 May 2024 the Council of the European Union (EU) announced the final approval of the landmark EU Artificial Intelligence Act (AI Act or Act). As previously highlighted (see our December 2023 alert), the AI Act is a first...more
5/24/2024
/ Artificial Intelligence ,
Data Collection ,
Enforcement ,
Ethics ,
EU ,
Facial Recognition Technology ,
Final Rules ,
Information Governance ,
OECD ,
Penalties ,
Risk Management ,
Sensitive Personal Information ,
Supply Chain ,
Transparency
On January 16, 2024, New Jersey became the first state to enact a comprehensive data privacy law in the new year, with Gov. Phil Murphy (D-NJ) signing the New Jersey Privacy Act (NJPA) (SB 332) into law. The New Jersey law...more
2/14/2024
/ Confidential Information ,
Consent ,
Data Collection ,
Data Protection ,
Data Security ,
DPPA ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
New Jersey ,
Opt-In ,
Opt-Outs ,
Sensitive Personal Information ,
State Privacy Laws ,
Subcontractors
On October 30, 2023, the Biden administration released a far-reaching executive order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The EO issues directives related to the use...more
12/4/2023
/ Artificial Intelligence ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Executive Orders ,
Legislative Agendas ,
Machine Learning ,
National Security ,
New Legislation ,
NIST ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
As state-level data protection legislation steadily expands, one of the country’s early comprehensive privacy laws to be enacted, the Connecticut Data Privacy Act (CTDPA), will take effect on July 1, 2023. The CTDPA imposes...more
The Illinois Supreme Court issued a pair of decisions related to the Illinois Biometric Information Privacy Act (BIPA) that continue to ratchet up compliance pressure on businesses. On February 17, 2023, the Illinois Supreme...more
On August 29, 2022, the California Senate passed the landmark Assembly Bill 2273, which would enact the California Age-Appropriate Design Code Act (the “Act”). If signed into law by Governor Newsom, the Act could have...more
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under...more
Companies are now on the clock for comments on the new proposed California Privacy Rights Act (CPRA) regulations. On July 8, 2022, the California Privacy Protection Agency (CPPA) filed a Notice of Proposed Action, triggering...more
The Connecticut Data Privacy Act (CTDPA), which will go into effect July 1, 2023, is now the fifth and latest comprehensive state consumer privacy law, giving companies doing business in the state less than two years to...more
The Federal Trade Commission (FTC) reached a settlement with weight loss company WW International (formerly known as Weight Watchers) requiring the company to pay a $1.5 million penalty, delete the personal information of...more
With the recent signing of the Utah Consumer Privacy Act (UCPA) by Gov. Spencer J. Cox on March 24, 2022, Utah has become the fourth state to enact a comprehensive law addressing consumer data privacy, joining California,...more
Colorado requires businesses to take reasonable steps to protect consumer data under both the Colorado Consumer Protection Act and its landmark new data privacy law, the Colorado Privacy Act (CPA). The CPA comes into force on...more
On February 17, 2022, the California Privacy Protection Agency (CPPA) Board held its first Board meeting of 2022. Notably, CPPA Executive Director Ashkan Soltani delivered an update on the CPPA’s rulemaking activities and...more
On January 28, 2022, the California Attorney General (AG) announced an “investigative sweep” of businesses operating loyalty programs in the state, which it launched by sending multiple businesses notice of noncompliance with...more
Public comments to recently published regulations governing compliance with the California Privacy Rights Act (CPRA) show that stakeholders sharply disagree on multiple areas of the CPRA. Seventy submissions totaling nearly...more
A number of important new privacy law developments arrived in the month of August, chiefly enactment of the new Illinois Protecting Household Privacy Act, which restricts law enforcement access to data collected from the home...more
On August 20, 2021, the 30th session of the Standing Committee of the 13th National People’s Congress (NPC) adopted China’s new PRC Personal Information Protection Law (PIPL), which will take effect on November 1, 2021. The...more
8/27/2021
/ China ,
Criminal Liability ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Use Policies ,
International Data Transfers ,
National Security ,
Personal Information
With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
In this episode, Akin Gump cybersecurity, privacy and data protection practice co-heads Natasha Kohne and Michelle Reed, and counsel Molly Whitman discuss the firm’s new 2020 CCPA Litigation Annual Report and its...more
4/7/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Defense Strategies ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On March 2, 2021, the Governor of Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, which goes into effect on January 1, 2023. The law applies only to businesses with large amounts of consumer data...more
In an unusual departure from prior settlements, the Federal Trade Commission (FTC) has required a company to delete the facial recognition algorithm that was allegedly developed using improperly obtained user consent....more
In August, Viacom and a number of other app developers and ad-tech companies reached a settlement with parents who had alleged that the companies were illegally selling children’s personal information for behavioral...more
12/7/2020
/ Advertising ,
App Developers ,
Behavioral Advertising ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Settlement Agreements ,
State Law Claims ,
State Privacy Laws ,
Unfair Competition Law (UCL)
Voters in Massachusetts overwhelmingly approved a ballot initiative that gives independent mechanics greater access to vehicle data, a move that vehicle manufacturers have foreshadowed could have significant cyber and privacy...more
11/18/2020
/ Auto Repair Regulations ,
Automotive Industry ,
Ballot Measures ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Motor Vehicles ,
Popular ,
Right to Repair ,
Telematics
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
The California Attorney General surprised companies by issuing new guidance for the California Consumer Privacy Act (CCPA) compliance, reflecting likely compliance missteps by companies. On Tuesday October 12, 2020, the...more
10/16/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
State Attorneys General