This year has brought significant movement and trends in minors’ privacy legislation on both the state and federal levels. We recap the notable developments below.Continue Reading State and Federal Developments in Minors’ Privacy in 2024
Diana Lee
Diana Lee is an associate in the technology regulatory group. She counsels clients on a range of regulatory and litigation matters involving electronic surveillance, government demands for data, national security, and data privacy and cybersecurity issues, with a particular focus on cross-border and multi-jurisdictional concerns.
Before rejoining the firm, Diana clerked for the Honorable Victor A. Bolden on the U.S. District Court for the District of Connecticut.
Diana is a member of the Bars of New York and the District of Columbia.
U.S. Senate Passes SHIELD Act to Criminalize Distribution of Private Intimate Images Online
On July 10, 2024, the U.S. Senate passed the Stopping Harmful Image Exploitation and Limiting Distribution (“SHIELD”) Act, which would criminalize the distribution of private sexually explicit or nude images online. Continue Reading U.S. Senate Passes SHIELD Act to Criminalize Distribution of Private Intimate Images Online
U.S. Senate Passes REPORT Act to Expand Scope of CSAM Reporting Obligations
On December 14, 2023, the U.S. Senate passed the Revising Existing Procedures on Reporting via Technology (“REPORT”) Act (S. 474), which, among other provisions, would impose new obligations on providers to report additional categories of online child sexual abuse material (“CSAM”) under 18 U.S.C. § 2258A. Continue Reading U.S. Senate Passes REPORT Act to Expand Scope of CSAM Reporting Obligations
European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework
On July 10, 2023, the European Commission adopted its adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). The decision, which took effect on the day of its adoption, concludes that the United States ensures an adequate level of protection for personal data transferred from the EEA to companies certified to the DPF. This blog post summarizes the key findings of the decision, what organizations wishing to certify to the DPF need to do and the process for certifying, as well as the impact on other transfer mechanisms such as the standard contractual clauses (“SCCs”), and on transfers from the UK and Switzerland.Continue Reading European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework
State, Federal, and Global Developments in Children’s Privacy, Q1 2023
This year has been off to a busy start with respect to children’s and minors’ privacy legislation efforts. We wanted to take a moment to recap the latest developments across the board.
The most notable trend of the year thus far has been the widespread introduction of Age Appropriate Design Codes. Ten states have thus…
EDPB Releases its Opinion on the Proposed EU-U.S. Data Privacy Framework
On February 28, 2023, the European Data Protection Board (“EDPB”) released its non-binding opinion on the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). The adequacy decision, once formally adopted, will establish a new legal basis by which organizations in the EU (as well as the three EEA states of Iceland, Liechtenstein, and Norway) may lawfully transfer personal data to the U.S., provided that the recipient in the U.S. certifies to and abides by the terms of the DPF (see our previous blogpost here).
The Commission sought the EDPB’s opinion pursuant to Article 71(1)(s) of the GDPR. The EDPB welcomes the fact that elements of the DPF represent a substantial improvement over the Privacy Shield, which was annulled by the EU Court of Justice (“CJEU”) in Schrems II (see our previous blogpost here). Nonetheless, the EDPB notes some concerns and seeks clarification on certain aspects of the DPF from the Commission. For example, the EDPB welcomes the establishment of a specific mechanism by which non-U.S. persons may seek redress for certain U.S. government surveillance of their personal data, but calls on the Commission to closely monitor the implementation of this mechanism in practice.Continue Reading EDPB Releases its Opinion on the Proposed EU-U.S. Data Privacy Framework
European Commission Releases Draft Adequacy Decision on the EU-U.S. Data Privacy Framework
On December 13, 2022, the European Commission released its draft adequacy decision on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), which, once formally adopted, would recognize that the United States ensures an adequate level of protection for personal data transferred from the EU to organizations certified under the EU-U.S. DPF. The draft decision follows the issuance of Executive Order 14086 on Enhancing Safeguards for U.S. Signals Intelligence Activities (“EO 14086”) by President Biden on October 7, 2022 (see our previous blog post here), and the political agreement reached between the EU and the U.S. in March 2022 (see our previous blog post here).
As many had expected, the draft adequacy decision assesses the limitations and safeguards relating to the collection and subsequent use of personal data transferred to controllers and processors in the United States by U.S. public authorities. In particular, the draft decision assesses whether the conditions under which the U.S. government may access data transferred to the United States fulfill the “essential equivalence” test pursuant to Article 45(1) of the GDPR, as interpreted by the Court of Justice of the European Union (“CJEU”) in Schrems II (see our previous blog post here). Continue Reading European Commission Releases Draft Adequacy Decision on the EU-U.S. Data Privacy Framework
President Biden Signs Executive Order to Implement EU-U.S. Data Privacy Framework
On October 7, 2022, President Biden signed an Executive Order directing the steps that the United States will take to implement its commitments under the new EU-U.S. Data Privacy Framework. The framework was announced by the U.S. and the EU Commission in March 2022, after reaching a political agreement in principle (see our blog post…