Key Points - Colorado’s new AI law creates new obligations for developers and deployers of high-risk artificial intelligence (AI) systems. Similar to the EU AI Act, the law is risk-based and defines a “high-risk” AI system as...more
5/28/2024
/ Algorithms ,
Artificial Intelligence ,
Colorado ,
Consumer Protection Laws ,
Disclosure Requirements ,
Documentation ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
Proposed Legislation ,
Risk Assessment ,
Risk Management ,
Transparency ,
Watershed
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
5/14/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
On January 16, 2024, New Jersey became the first state to enact a comprehensive data privacy law in the new year, with Gov. Phil Murphy (D-NJ) signing the New Jersey Privacy Act (NJPA) (SB 332) into law. The New Jersey law...more
2/14/2024
/ Confidential Information ,
Consent ,
Data Collection ,
Data Protection ,
Data Security ,
DPPA ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
New Jersey ,
Opt-In ,
Opt-Outs ,
Sensitive Personal Information ,
State Privacy Laws ,
Subcontractors
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
The European Commission recently published two highly anticipated draft documents to facilitate data transfers. The first was the new, updated and modernised standard contractual clauses (“New SCCs”) for the transfer of...more
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On July 16, 2020, the Grand Chamber of the Court of Justice of the European Union (CJEU) in Luxembourg handed down its highly anticipated judgment in a case brought by privacy activist Max Schrems (C-311/18, Data Protection...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
Medical device and diagnostics companies and laboratories should anticipate significant legal, regulatory and market changes in 2020 that will have a lasting impact on the industry. From revisions to how the government...more
1/8/2020
/ Acquisitions ,
Artificial Intelligence ,
Biotechnology ,
Centers for Medicare & Medicaid Services (CMS) ,
CFIUS ,
Department of Health and Human Services (HHS) ,
Digital Health ,
EU ,
Export Controls ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Innovation ,
Life Sciences ,
Machine Learning ,
Medical Devices ,
Mergers ,
Office of Foreign Assets Control (OFAC) ,
Patent-Eligible Subject Matter ,
Pharmaceutical Industry ,
Popular ,
Section 101 ,
USPTO
We reported in July 2019 that the Court of Justice of the European Union (CJEU) heard a case brought by privacy-rights activist Max Schrems, challenging the validity of Standard Contractual Clauses (SCCs), which are widely...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Subjects Rights ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
National Security ,
Personal Data ,
Privacy Laws ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
8/6/2019
/ Cookies ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
Data Use Policies ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular
On 9 July 2019, the Court of Justice of the European Union (CJEU) in Luxembourg heard a case brought by privacy-rights activist Max Schrems (C-311/18, Data Protection Commissioner v Facebook Ireland Limited, Maximilliam...more
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing
The EU General Data Protection Regulation (GDPR), which revised and sought to ensure greater harmonization of the European Union’s data protection framework, took effect in May 2018. Among the changes it introduced was the...more
2/21/2019
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Goods or Services ,
International Data Transfers ,
Proposed Guidance
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information