The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft....more
Regulations impacting children’s use of social media continues to be a space in motion the past few months. There have been developments at both the state level, as well as with the FTC. And there is no sign of slowing down....more
11/7/2024
/ COPPA ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
First Amendment ,
Florida ,
Legislative Agendas ,
Online Safety for Children ,
Parental Consent ,
Privacy Laws ,
Regulatory Agenda ,
Social Media ,
State Legislatures ,
State Privacy Laws
The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like. First, some background: an EU law that...more
11/1/2024
/ Accessibility Rules ,
Data Collection ,
Data Privacy ,
Data Protection ,
e-Privacy Directive ,
Electronically Stored Information ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
New Guidance ,
Privacy Laws ,
Technology ,
Tracking Systems
The dust is beginning to settle from the raft of AI-related bills Governor Newsom signed last month in California. (See for example, our post about neural data.) Most of the provisions will not go into effect for another few...more
10/30/2024
/ Artificial Intelligence ,
California ,
Data Security ,
Disclosure ,
Entertainment Industry ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
Privacy Laws ,
Robocalling ,
State and Local Government ,
State Privacy Laws ,
Transparency
The New York Department of Financial Services has modified its cybersecurity requirements for regulated entities. These requirements are in addition to those included in the regulations as last updated in November of last...more
10/29/2024
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Security ,
Financial Services Industry ,
Incident Response Plans ,
New York ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws
The FTC’s staff report summarizes how it views the operations of social media and video streaming companies. Of particular interest is the insight it gives into potential enforcement focus in the coming months, and into 2025....more
California’s governor has signed an amendment to CCPA, the state’s well-known privacy law. While California was the first to pass a “comprehensive” privacy law, it is the second -with this new amendment- to include “neural...more
Those tracking CIPA litigation are familiar with the recent decision holding in favor of a company whose site had an online chat operated by a vendor. The court in that case held (1) that the company had not violated the...more
California has been active in the kids space. First, the Ninth Circuit’s recently ruled on the California’s Age-Appropriate Design Code Act. Second, the governor has just signed a new law aimed at social media sites....more
Malaysia is in the process of updating its Personal Data Protection Act to align more closely with laws in other jurisdictions. The law was originally passed in 2010 and then modified this year. As part of the modification...more
2024 seems like it is flying by. For those keeping track of US state “comprehensive” privacy laws you know that October 1 – a week away – brings the effective date of the Montana privacy law. The “big sky” state will join...more
9/24/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Montana ,
New Legislation ,
New Regulations ,
Privacy Laws ,
Regulatory Agenda ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Wondering what the requirements are for transferring personal information out of Brazil? Under the country’s Data Protection Law, extra-territorial transfers of personal information are regulated in much the same way as in EU...more
Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on...more
Verkada, a manufacturer and retailer of security cameras, has settled FTC accusations of lax security measures. The company sells its products to businesses, including schools and medical facilities. It markets its products...more
The New York Attorney General’s office and the UK Information Commissioner’s Office were busy last month when it came to children’s privacy. Both sought input from the public about regulating children’s online privacy,...more
A biotech company recently settled with three AGs over allegations that it had failed to protect consumer information. According to the AGs of Connecticut, New York and New Jersey, this led to a 2023 data incident. The...more
8/28/2024
/ Data Breach ,
Data Protection ,
Data Security ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
New York ,
Policies and Procedures ,
Privacy Laws ,
Settlement ,
State Attorneys General ,
State Privacy Laws
Illinois recently updated its employment law, the Illinois Human Rights Act to prohibit discriminatory uses of AI. Artificial intelligence as defined by the amendment will cover generative artificial intelligence, not just...more
New York Attorney General Letitia James recently released guidance for businesses and consumers about website tracking technologies. The consumer guide provided examples of common cookies, tracking technologies, and how...more
8/23/2024
/ Consumer Protection Laws ,
Cookies ,
Data Privacy ,
Data Protection ,
Data Security ,
Internet Privacy ,
New Guidance ,
New York ,
Privacy Laws ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices ,
Web Tracking ,
Websites
The Children’s Advertising Review Unit recently settled with KidGeni – a generative art platform intended for children- for allegedly violating both CARU’s guidelines and COPPA. According to CARU, which is a self-regulatory...more
8/19/2024
/ Artificial Intelligence ,
CARU ,
Class Action ,
COPPA ,
Data Collection ,
Enforcement ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Online Platforms ,
Parental Consent ,
Personal Information ,
Privacy Laws
As we enter the end of the summer, the AI regulatory steam is not slowing down. Colorado is now the first US state to have a comprehensive AI law (going into effect February 1, 2026), and the EU published its sweeping AI law...more
8/14/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Colorado ,
Computer Programmers ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Non-Discrimination Rules ,
Popular ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
Software Developers
The amendment to the Colorado Privacy Act, expanding the scope of sensitive data, goes into effect August 6, 2024. The law will now include as sensitive information biological data that is used for identification purposes....more
TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the...more
8/2/2024
/ Cell Phones ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
FCC ,
Information Security ,
Privacy Laws ,
Settlement ,
Telecommunications ,
TracFone Wireless ,
Wireless Devices ,
Wireless Industry
In its ongoing concern with “dark patterns,” the FTC recently announced results of two reviews of sites and apps purportedly engaging in the practice. As a reminder, the FTC views as “dark patterns” practices or web designs...more
Indiana recently amended its breach notification law to include as personal information age verification information collected by adult websites. At the same time, the state passed a new law for adult websites...more
In what may become an annual tradition, Pennsylvania has amended its breach notification law. The new provisions will take effect on September 26, 2024. As a reminder, Pennsylvania changed its law last year to expand the...more