The Food and Drug Administration recently sought comments on the role of transparency for artificial intelligence and machine learning-enabled medical devices. The FDA invited comments in follow up to a recent workshop on the...more
11/23/2021
/ Artificial Intelligence ,
Digital Health ,
EU ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Life Sciences ,
Machine Learning ,
Medical Devices ,
Patients ,
Popular ,
Privacy Laws ,
Transparency
The Office of the Australian Information Commissioner issued a determination earlier this fall about 7-Eleven’s use of “faceprints.” The OAIC found the convenience store improperly collected faceprint information without...more
The SEC’s enforcement action with a leading seller of market data (App Annie Inc.) signals its concern with misleading data use representations. While the data at issue was not “personally identifiable” information, but...more
The Chinese agency charged with implementing and enforcing the new Personal Information Protection Law has issued draft measures for cross-border data transfers. Comments are due by November 28. As we detailed previously, the...more
The Federal Trade Commission recently issued a new enforcement policy statement about “dark patterns:” programs that attempt to “trap” consumers into service contracts. These programs usually take the form of negative option...more
California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The...more
10/18/2021
/ Amended Legislation ,
Biometric Information ,
California ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Healthcare ,
Personal Information ,
Privacy Laws
New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information...more
9/29/2021
/ Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
New York ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
Restaurant Industry ,
State and Local Government
The FTC recently settled with a surveillance app operator over allegations that the company facilitated the secret harvesting of personal information. According to the FTC, the main users of Support King, LLC’s “SpyFone” app...more
Baltimore recently prohibited several uses of “face surveillance” technology. Under the new law companies cannot use systems that identify or verify individuals based on their face. The law also prohibits saving information...more
Companies are struggling to understand how to comply with rapidly changing and sometimes conflicting privacy obligations. For entities outside of the US seeking to do business in the States, approaching and understanding the...more
The SEC recently announced a settlement with Pearson plc where the company has agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber incident. According to the order, Pearson made misleading...more
The California attorney general has created a tool for consumers to report situations where companies sell information but do not have an opt-out of sale link on their website. The release of the tool came at the same time as...more
Colorado recently joined Virginia and California in passing a more comprehensive privacy law. The Colorado Privacy Act (CPA) will go into effect July 1, 2023. This is six months after Virginia’s law (CDPA) and California’s...more
7/14/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Consumer Privacy Rights ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Liability ,
New Legislation ,
Privacy Laws ,
State and Local Government
Providing business teams with advice for sending text messages can be nothing short of frustrating. For businesses used to sending email marketing, the laws for texting are unexpected. Unlike the CAN-SPAM Act, TCPA requires...more
5/5/2021
/ Advertising ,
ATDS ,
Auto-Dialed Calls ,
CAN-SPAM Act ,
Consent ,
Email ,
Facebook Inc v Duguid ,
Marketing ,
Privacy Laws ,
TCPA ,
Telecommunications ,
Telemarketing ,
Text Messages
The new acting FTC chair, Rebecca Kelly Slaughter, recently signaled that the FTC may increase enforcement and penalties in the privacy and data security realm. Slaughter pointed to several areas of focus for the FTC this...more
Virginia is now the second state, after California, to pass a comprehensive privacy law. The Consumer Data Protection Act (“CDPA”) will come into effect January 1, 2023 (the same time as the modification to California’s...more
Artificial intelligence continues to be a focus and concern for businesses, regulators, and lawmakers alike. As we recently wrote, there was much activity and focus on artificial intelligence and the impact on privacy laws....more
One of the methods US and EU companies rely on most frequently for the transfer of personal data from the EU to the US are standard contractual clauses. For the method to be acceptable as a valid basis for transfer of...more
12/1/2020
/ Consumer Privacy Rights ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Laws ,
SCC ,
Standard Contractual Clauses
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would...more
As we wrote previously, kids are spending more of their days online and are using online platforms for virtual learning and entertainment. Much of this environment is funded through online advertising. All companies thus need...more
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would...more
The EDPB has provided input about consent in its recent FAQs responding to the Schrems II invalidation of Privacy Shield. As we wrote about previously in this series, Schrems II impacted how companies transfer data from the...more
8/3/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
As companies brace for the impact of COVID-19, the last thing on everyone’s mind may be proactive privacy compliance obligations. Certainly, companies may be thinking about privacy obligations that relate specifically to...more
As we get settled into the reality of living with both CCPA and GDPR, companies are looking for new approaches for keeping their privacy houses in order. CCPA reminds us that there is no end to new legislation: proposals are...more
Many organizations are currently focused on updating their privacy policy to include content required by CCPA. While making those edits, now is a good time to take a step back and think more broadly about privacy program and...more