The enforcement marks a step-up in scrutiny and enforcement as new amendments to the CCPA are set to come into force Jan. 1, 2023 and as enforcement moves from the CA Attorney General to the new California Privacy Protection...more
The bill, still awaiting likely signature from Gov. Newsom, will go into effect July 1, 2024 and apply to any business offering online services or products to children.
The California Age-Appropriate Design Code Act...more
9/7/2022
/ Children's Online Games ,
COPPA ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement ,
Governor Newsom ,
Minors ,
Online Platforms ,
Penalties ,
Pending Legislation ,
Social Networks ,
Websites
Specifically, the group is alleging that websites are commonly using deceptive cookie banners that do not adhere to the GDPR’s express consent requirements.
In early August, the European Union data protection advocacy...more
While progress has been made in finalizing the text - language around state law preemption and the creation of a small business exception - passage remains unlikely as key-Democrats continue to withhold support and mid-term...more
The transfer mechanisms drive home China’s focus on data localization, as the measures all set forth cumbersome procedures and requirements, including security assessments and required contractual considerations. Despite...more
The proposed law - which is broadly applicable to most entities doing business in the United States - is the first real indication of bipartisan movement on data protection at the federal-level.
The House Committee on...more
7/6/2022
/ Consumer Privacy Rights ,
Covered Entities ,
Data Protection ,
Digital Services ,
Duty of Loyalty ,
EU ,
Federal Data Privacy ,
FTC Act ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Private Right of Action ,
Proposed Legislation ,
Sensitive Personal Information ,
Stored Communications Act
Beginning next summer, business that meet certain thresholds must comply with the Connecticut law, including several - now common place - individual privacy rights and a requirement to obtain opt-in consent before processing...more
The proposed Digital Services Act will require online services (including social media platforms, search engines, and marketplaces) to implement policies and procedures aimed at increasing transparency and combatting illegal...more
5/6/2022
/ Anti-Competitive ,
Competition ,
Compliance ,
Compliance Dates ,
Digital Media ,
Digital Services ,
EU ,
European Parliament ,
Internet Retailers ,
Member State ,
Monopolization ,
Online Marketplace ,
Online Platforms ,
Pending Legislation ,
Social Media ,
Transparency
Entities facing significant legal risk, no matter the circumstances, if they make ransom payments to attackers connected to, or originating from Russia.
As the Russian invasion of Ukraine continues, the U.S. government...more
4/27/2022
/ Cyber Attacks ,
Cyber Crimes ,
Economic Sanctions ,
FinCEN ,
Foreign Relations ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Russia ,
Ukraine
The Executive Order calls for exploring a U.S. Central Bank Digital Currency and regulatory measures that protect consumers, businesses, and global financial stability.
On March 9, 2022, President Biden signed a sweeping...more
While the announcement is short on details, once in place, U.S.-based. entities will be able to use the new agreement to comply with the GDPR’s cross-border data transfer requirements.
On March 25, the U.S. and E.U....more
4/6/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Intergovernmental Agreements ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The new law will require critical infrastructure entities to report certain covered cybersecurity incidents to government agencies within 72 hours; ransomware payments within 24 hours.
On March 15, President Biden signed...more
The amended law comes into effect in April and covers new categories of personal information, including personal-related information and sensitive personal information.
In June 2021, Japan enacted an amendment to its privacy...more
The new mechanisms, which are likely to pass Parliament, will become effective on March 21, 2022 and will require businesses and organizations to review existing and new contracts.
The Information Commissioner’s Office...more
Beginning in January 2023, three new state privacy laws (and their applicable regulations) come into effect. They largely follow in the footsteps of the California Consumer Privacy Act that took effect in 2018. The new laws...more
Beginning in January 2023, three new state privacy laws (and their applicable regulations) come into effect. Additionally, several other countries have taken steps to implement or shore up their own privacy and data...more
More, possibly similar decisions are expected in the coming months, throwing cross-Atlantic data transfers and trade into doubt as diplomats seek a Privacy Shield replacement.
In late December, the Austrian Data...more
2/3/2022
/ Analytics ,
Austria ,
Binding Corporate Rules ,
Cookies ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
FISA ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The brief FTC note indicates the agency will look to combat poor security practices, protect against the misuse of personal information, and discrimination arising from algorithmic decision-making.
Last month, the...more
1/21/2022
/ Algorithms ,
Congressional Committees ,
Consent ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Personal Information ,
Privacy Concerns ,
Proposed Rules ,
Rulemaking Process ,
Unfair or Deceptive Trade Practices
Banking organizations must notify the appropriate agency within 36 hours of certain computer-security incidents; and banking service providers must notify affected banking organizations as soon as possible in the event of an...more
12/22/2021
/ Banking Sector ,
CFTC ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
FDIC ,
Federal Reserve ,
Financial Services Industry ,
Notice Requirements ,
OCC ,
Popular ,
Securities and Exchange Commission (SEC)
Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach.
In early November, pension funds and...more
12/7/2021
/ Board of Directors ,
Breach of Duty ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Duty of Care ,
Duty of Loyalty ,
False Claims Act (FCA) ,
Federal Contractors ,
Fiduciary Duty ,
Good Faith ,
Home Depot ,
Institutional Investors ,
Marriott ,
Material Misstatements ,
Pension Funds ,
Popular ,
Security Breach ,
Shareholder Litigation ,
Shareholders ,
SolarWinds ,
Yahoo!
As drafted the new measures specify security assessment and contract requirements but leave ample room for Chinese authorities to heavily restrict cross-border data transfers.
At the end of October, China’s top privacy...more
The updated rule also includes new exemptions, expands the definition of “financial institution,” and creates new accountability requirements.
On October 27th the Federal Trade Commission (“FTC”) adopted and published...more
11/11/2021
/ Customer Information ,
Cybersecurity ,
Data Security ,
Equifax ,
Exemptions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Regulatory Requirements ,
Safeguards Rule