On June 20, 2025, the New York Child Data Protection Act (CDPA) took effect, ushering in some of the most comprehensive child and teen privacy protections in the United States. The law applies to operators of websites, apps,...more
6/24/2025
/ Advertising ,
Behavioral Advertising ,
Child Protection Laws ,
Congressional Committees ,
Connected Items ,
COPPA ,
Data Collection ,
Data Protection ,
Data Selling ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Minors ,
Mobile Apps ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
State Privacy Laws ,
Website Design ,
Websites
Life sciences companies have long been outside the scope of US national security regulations and benefited from significant exemptions under US privacy laws. ...more
4/15/2025
/ CFIUS ,
China ,
Clinical Trials ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Foreign Investment ,
Life Sciences ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
4/7/2025
/ China ,
Corporate Counsel ,
Cuba ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Foreign Investment ,
International Data Transfers ,
Iran ,
New Rules ,
North Korea ,
Personal Data ,
Personal Information ,
Regulatory Requirements ,
Russia ,
Sensitive Personal Information ,
Third-Party Risk ,
Third-Party Service Provider ,
Venezuela
Over the past decade, the hospitality industry has rapidly adopted intensive technologies to meet the rising expectations of guests, personalize each guest’s experience, and cultivate and enhance customer loyalty. Access to...more
9/25/2024
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Security ,
Data-Sharing ,
Hospitality Industry ,
Hotel Management Agreements ,
Hotels ,
Notice Requirements ,
Opt-Outs ,
Personal Data
Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town....more
On March 31, 2024, the Washington My Health My Data Act (MHMDA), a comprehensive consumer health privacy law, will come into force. Small businesses – defined as those processing consumer health data of fewer than 100,000...more
3/29/2024
/ Advertising ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Exemptions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice Requirements ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Popular ,
Small Business ,
State Privacy Laws ,
Wellness Programs
On October 30, 2023, President Biden issued an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The EO establishes sweeping directives and priorities for federal...more
11/1/2023
/ Artificial Intelligence ,
Biden Administration ,
Civil Rights Act ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Federal Procurement Systems ,
Intellectual Property Protection ,
Legislative Agendas ,
National Security ,
NIST ,
Popular ,
Proposed Legislation ,
Public Agencies ,
Regulatory Agenda ,
Semiconductors ,
Technology Sector
As the life sciences, medtech, and diagnostic industries continue to expand and grow increasingly complex, so does the legal, regulatory, and compliance landscape. To help companies and investors navigate the many evolving...more
10/2/2023
/ Biologics ,
Clinical Trials ,
Compliance ,
Diagnostic Tests ,
Draft Guidance ,
EU ,
European Medicines Agency (EMA) ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Food and Drug Administration (FDA) ,
Life Sciences ,
Manufacturers ,
Marketing ,
Medical Devices ,
Medicines and Healthcare Products Regulatory Agency (MHRA) ,
PDUFA ,
Pharmaceutical Industry ,
Prescription Drugs ,
Proposed Legislation ,
Public Consultations ,
Regulatory Oversight ,
Regulatory Requirements ,
UK
The European Data Protection Board (EDPB) recently published Minutes of its last plenary meeting held in September, which sheds light on how the EDPB plans to address the biggest open issue of the new Standard Contractual...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
8/27/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Transfers ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Impact Assessments ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Risks of non-compliance with the GDPR keep increasing with data protection authorities (DPAs) now ordering suspension of transfers of personal data to the U.S. In March, the Bavarian DPA found there was an unlawful transfer...more
On 21 April 2021, the European Commission unveiled a proposal for an EU Artificial Intelligence Regulation (“Proposal”). The Proposal recognizes that AI offers significant benefits and opportunities for the EU market, but...more
4/27/2021
/ Artificial Intelligence ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Distributors ,
EU ,
European Commission ,
Fines ,
Importers ,
Member State ,
Proposed Regulation ,
Recordkeeping Requirements ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the...more
On 15 January, 2021, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) adopted a joint opinion (“Joint Opinion”) on the draft new sets of Standard Contractual Clauses (“New...more
1/28/2021
/ Data Protection ,
EDPS ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On December 15, 2020, Ireland’s Data Protection Commission (“DPC”) announced its decision to fine Twitter International Company (“Twitter”) €450,000 for failing to notify the DPC promptly of a data breach affecting EU...more
1/20/2021
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Commissioner ,
Data Security ,
EU ,
Failure to Notify ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Twitter
On September 8, 2020, the Swiss Federal Data Protection and Information Commissioner (FDPIC) announced that it no longer considers the Swiss-U.S. Privacy Shield (Swiss Shield) to provide adequate protections for transfers of...more
In This Issue. The Office of the Comptroller of the Currency (OCC) proposed a rule that would establish that a national bank or federal savings association is the “true lender” of a loan if, as of the date of origination, the...more
7/23/2020
/ Banking Sector ,
Board of Directors ,
Board of Governors ,
Comment Period ,
Consumer Complaint Database ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Digital Assets ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
FDIC ,
Federal Reserve ,
Federal Savings Associations ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Interim Final Rules (IFR) ,
International Data Transfers ,
Lenders ,
Loan Agreements ,
Main Street Lending Programs ,
Nonprofits ,
OCC ,
Paycheck Protection Program (PPP) ,
Personal Data ,
Proposed Rules ,
Public Comment ,
Regulation Z ,
Request For Information
Today (July 16) Europe’s highest court, the Court of Justice of the European Union (CJEU), in the case of Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II) invalidated the EU–U.S. Privacy...more
7/17/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Standard Contractual Clauses
The world is facing a significant public health crisis that requires a strong response and common approach. Governments and scientists around the world are relying on automated data processing and digital technologies as part...more
The Advocate General has issued an Opinion which states that the European Commission’s decision, enforcing the Standard Contractual Clauses (SCCs), is valid....more
On January 21, 2019, France’s data protection regulator (CNIL) imposed a €50 million fine on Google for violating core provisions of the European Union General Data Protection Regulation (GDPR). The action was initiated by...more
On November 16, 2018, the European Data Protection Board (Board) (comprised of EU member state data protection authorities), published draft guidelines on the territorial scope of the GDPR (Guidelines).The Guidelines provide...more
The clock is ticking and in less than a year the European Union (EU) General Data Protection Regulation (GDPR) will be in full force. Companies should be getting ready now in order to avoid hefty fines for violations (up to...more
7/27/2017
/ Benchmarking ,
Corporate Counsel ,
Data Breach ,
Data Mapping ,
Data Processing Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Popular ,
Privacy Notice Rule ,
Third-Party ,
Transparency ,
Young Lawyers