The European Union (EU) adopted Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (the “DORA Regulation”) in January 2023.
The DORA Regulation seeks to establish a harmonised digital...more
Growing regulatory action to combat so-called “dark patterns” used in web design to influence consumer choice has resulted in hundreds of millions of dollars in fines, and promises to continue to be an area of enforcement in...more
The National Institute for Standards and Technology (NIST) recently unveiled the first version of its Artificial Intelligence Risk Management Framework (AI RMF 1.0, or “Framework”). This highly anticipated and detailed...more
On February 10, 2023, the California Privacy Protection Agency (CPPA) issued an invitation for public commentary on the topics that will be included in their future rulemaking: cybersecurity audits, risk assessments and...more
On February 1, 2023, the Federal Trade Commission (FTC) announced that it had taken enforcement action against prescription drug discount company GoodRx, which agreed to injunctive relief and to pay a $1.5 million civil...more
Key Points -
The 9th Circuit, disagreeing again with the 2nd, 3rd, 5th, 6th, and 11th Circuits, reaffirmed that claims under Section 14(e) of the Exchange Act do not require a showing of scienter.
In the 9th...more
On Tuesday, December 13, the European Commission initiated its long-awaited process towards the adoption of an adequacy decision for the European Union (EU)-U.S. Data Privacy Framework (EU-U.S. DPF), which aims to address the...more
Over the last several years, the class action bar has targeted companies in a wave of putative class actions under state “right of publicity” statutes. Although they vary some around the edges, these statutes generally seek...more
Key Points -
Over the last several years, the class action bar has targeted companies in a wave of putative class actions under state “right of publicity” statutes. Although they vary some around the edges, these statutes...more
On November 3, 2022, the California Privacy Protection Agency (CPPA) officially published modifications to the proposed regulations implementing the Consumer Privacy Rights Act (CPRA). These modified proposed regulations...more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
11/3/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular
Issued by the White House Office of Science and Technology Policy (OSTP) on October 4, 2022, the “Blueprint for an AI Bill of Rights” is the Biden-Harris administration’s seminal work on its vision for the future of...more
Key Points -
President Biden has signed the long-awaited executive order implementing U.S. commitments to the new successor agreement to the Privacy Shield, the EU-U.S. Data Privacy Framework—a historic step in respect of...more
10/20/2022
/ Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
International Data Transfers
Key Points -
This September, California Gov. Gavin Newsom signed AB 587 into law, establishing new transparency requirements for social media companies. The new requirements include publicly posting and submitting to the...more
On August 29, 2022, the California Senate passed the landmark Assembly Bill 2273, which would enact the California Age-Appropriate Design Code Act (the “Act”). If signed into law by Governor Newsom, the Act could have...more
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under...more
Key Points -
As part of the antitrust agencies’ public commitment to investigate and prosecute competitive harm in labor markets, the DOJ Antitrust Division fined three major U.S. poultry processors and a data consulting...more
8/22/2022
/ Antitrust Division ,
Antitrust Violations ,
Data Privacy ,
Department of Justice (DOJ) ,
Employer Liability Issues ,
Hart-Scott-Rodino Act ,
Poultry ,
Sherman Act ,
State Data Privacy Laws ,
Wage and Hour ,
Wage-Fixing
The UK government has recently published a Policy Paper setting out its early proposals for what the UK’s regulatory framework in respect of artificial intelligence (AI) might look like (the “Framework”). This follows the...more
On Tuesday, the Department of Justice (DOJ) released its Comprehensive Cyber Review report (the “Review”) summarizing its review of the Department’s cyber-related activities and its recommendations around the Department’s...more
Key Points -
The European Parliament has reached agreement on new legislation to require certain providers of online services to comply with new obligations in order to ensure online safety and to prevent the spread of...more
Companies are now on the clock for comments on the new proposed California Privacy Rights Act (CPRA) regulations. On July 8, 2022, the California Privacy Protection Agency (CPPA) filed a Notice of Proposed Action, triggering...more
The Equal Employment Opportunity Commission (EEOC) recently released guidance to help private sector employers avoid disability discrimination when using algorithms to assess employees and applicants. The guidance explains...more
6/27/2022
/ Algorithms ,
Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Civil Rights Act ,
Disability ,
Disability Discrimination ,
Employer Liability Issues ,
Employment Litigation ,
Equal Employment Opportunity Commission (EEOC) ,
New Guidance ,
Reasonable Accommodation ,
Title VII
Key Points -
Three of the four bipartisan leaders of the House and Senate committees with jurisdiction over data privacy have struck a deal on a comprehensive federal bill, the American Data Privacy and Protection Act,...more
The Connecticut Data Privacy Act (CTDPA), which will go into effect July 1, 2023, is now the fifth and latest comprehensive state consumer privacy law, giving companies doing business in the state less than two years to...more
The Federal Trade Commission (FTC) reached a settlement with weight loss company WW International (formerly known as Weight Watchers) requiring the company to pay a $1.5 million penalty, delete the personal information of...more