On June 20, 2025, the New York Child Data Protection Act (CDPA) took effect, ushering in some of the most comprehensive child and teen privacy protections in the United States. The law applies to operators of websites, apps,...more
6/24/2025
/ Advertising ,
Behavioral Advertising ,
Child Protection Laws ,
Congressional Committees ,
Connected Items ,
COPPA ,
Data Collection ,
Data Protection ,
Data Selling ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Minors ,
Mobile Apps ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
State Privacy Laws ,
Website Design ,
Websites
Life sciences companies have long been outside the scope of US national security regulations and benefited from significant exemptions under US privacy laws. ...more
4/15/2025
/ CFIUS ,
China ,
Clinical Trials ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Foreign Investment ,
Life Sciences ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
4/7/2025
/ China ,
Corporate Counsel ,
Cuba ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Foreign Investment ,
International Data Transfers ,
Iran ,
New Rules ,
North Korea ,
Personal Data ,
Personal Information ,
Regulatory Requirements ,
Russia ,
Sensitive Personal Information ,
Third-Party Risk ,
Third-Party Service Provider ,
Venezuela
Over the past decade, the hospitality industry has rapidly adopted intensive technologies to meet the rising expectations of guests, personalize each guest’s experience, and cultivate and enhance customer loyalty. Access to...more
9/25/2024
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Security ,
Data-Sharing ,
Hospitality Industry ,
Hotel Management Agreements ,
Hotels ,
Notice Requirements ,
Opt-Outs ,
Personal Data
Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town....more
On March 31, 2024, the Washington My Health My Data Act (MHMDA), a comprehensive consumer health privacy law, will come into force. Small businesses – defined as those processing consumer health data of fewer than 100,000...more
3/29/2024
/ Advertising ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Exemptions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice Requirements ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Popular ,
Small Business ,
State Privacy Laws ,
Wellness Programs
In a sweeping, coordinated effort across federal agencies, the US government has taken a giant leap forward to prevent access to data that could be exploited to the detriment of national security. On February 28, 2024,...more
3/8/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Bureau of Industry and Security (BIS) ,
CFIUS ,
China ,
Covered Person ,
Covered Transactions ,
Cuba ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
Iran ,
North Korea ,
Office of Foreign Assets Control (OFAC) ,
Personal Data ,
Prohibited Transactions ,
Russia ,
Sensitive Personal Information ,
Venezuela
On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-US Data Privacy Framework (“DPF”), the revamped transatlantic framework designed to support transfers of personal data from the EU to...more
7/19/2023
/ Adequacy Requirement ,
Binding Corporate Rules ,
Certification Requirements ,
Data Privacy ,
EU ,
Executive Orders ,
Framework Agreement ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Standard Contractual Clauses ,
Switzerland ,
UK
Generative AI models access vast pools of information from a wide variety of sources, including information users add in prompts. This can include private or sensitive information, which may be used without consent and may be...more
On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal...more
The metaverse will bring many benefits, but it is also likely to multiply and compound privacy issues, particularly given its global nature.
With the advent of the commercial internet in the 1990s, organizations were...more
10/19/2022
/ Artificial Intelligence ,
Augmented Reality ,
Biometric Information ,
Blockchain ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
Internet ,
Metaverse ,
Personal Data ,
Popular ,
Privacy Concerns ,
State Privacy Laws ,
Tracking Systems ,
Virtual Reality
On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence...more
10/10/2022
/ Administrative Review Board ,
Biden Administration ,
Civil Liberties ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance
On 25 March 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the U.S. and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for...more
3/30/2022
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses