Archives: Data

Subscribe to Data RSS Feed

Florida Legislature Considering Comprehensive Privacy Law

Florida may be next state to join the growing number of states with a consumer privacy law, as both chambers of Florida’s legislature are currently considering comprehensive state privacy legislation.  Both HB 969 and SB 1734 resemble the California Consumer Privacy Act (“CCPA”), though they contain some notable differences.  Florida Governor Ron DeSantis expressed support … Continue Reading

SMARTWATCH Act and AHRQ’s Inquiry

Two recent actions by lawmakers are intended to address certain uses of technology in health. First, two Senators have introduced a bipartisan bill related to the collection and use of identifiable health data from wearable health trackers.  Second, following an appeal from Democratic lawmakers, the Agency for Healthcare Research and Quality (“AHRQ”) plans to review … Continue Reading

Inside Privacy Audiocast: Episode 9 – China’s Approach to Data Protection

On the ninth episode of our Inside Privacy Audiocast, we peer through the looking glass at China’s approach to data protection and the latest developments in its emerging data protection and cybersecurity regime. Dan Cooper, Yan Luo and Zhijing Yu discuss the variety of legal instruments in China’s quickly-evolving data protection and cybersecurity regulatory landscape, and how these … Continue Reading

California Attorney General Releases Fourth Set of Proposed Modifications to California Consumer Privacy Act Regulations

Yesterday, the California Attorney General (“AG”) proposed a fourth set of modifications to the California Consumer Privacy Act regulations. These modifications build on the third set of proposed regulations released by the AG in October, which we discussed here. Interested parties have until December 28 to submit comments in response.… Continue Reading

The European Commission publishes a proposal for a Regulation on European Data Governance (the Data Governance Act)

On 25 November 2020, the European Commission published a proposal for a Regulation on European Data Governance (“Data Governance Act”).  The proposed Act aims to facilitate data sharing across the EU and between sectors, and is one of the deliverables included in the European Strategy for Data, adopted in February 2020.  (See our previous blog … Continue Reading

EDPB adopts recommendations on international data transfers following Schrems II decision

On 11 November 2020, the European Data Protection Board (“EDPB”) issued two draft recommendations relating to the rules on how organizations may lawfully transfer personal data from the EU to countries outside the EU (“third countries”).  These draft recommendations, which are non-final and open for public consultation until 30 November 2020, follow the EU Court … Continue Reading

Coordinated OFAC and FinCEN Guidance on Ransomware Attacks Underscores the Regulatory Risk and Complexity of Paying a Ransom

Consistent with the U.S. Department of the Treasury’s ongoing focus on cyber-enabled financial crime, on October 1, 2020, two components of the Treasury Department’s Office of Terrorism and Financial Intelligence issued guidance on ransomware-related payments.  One, an advisory issued by the Office of Foreign Assets Control (“OFAC”), describes the significant U.S. sanctions risks of facilitating … Continue Reading

AI Update: EU High-Level Working Group Publishes Self Assessment for Trustworthy AI

On July 17, 2020, the High-Level Expert Group on Artificial Intelligence set up by the European Commission (“AI HLEG”) published The Assessment List for Trustworthy Artificial Intelligence (“Assessment List”). The purpose of the Assessment List is to help companies identify the risks of AI systems they develop, deploy or procure, and implement appropriate measures to … Continue Reading

China Issued the Draft Data Security Law

On July 2, 2020, the Standing Committee of the National People’s Congress of China (“NPC”) released the draft Data Security Law (“Draft Law”) for public comment.  The release of the Draft Law marks a step forward in establishing a regulatory framework for the protection of broadly defined “data security” in China, with a particular focus … Continue Reading

China Issued the Commercial Encryption Product Certification Catalogue and Certification

On May 11, 2020, the State Cryptography Administration (“SCA”) and the State Administration for Market Regulation jointly issued the Commercial Encryption Product Certification Catalogue (First Batch) (“Product Catalogue”) and the Commercial Encryption Product Certification Measures (“Certification Measures”) (the announcement is available here), taking effect immediately.   Prior to the adoption of the Encryption Law (see … Continue Reading

European Commission’s plans on data and Europe’s digital future (Part 3 of 4)

On 19 February 2020, the new European Commission published two Communications relating to its five-year digital strategy: one on shaping Europe’s digital future, and one on its European strategy for data (the Commission also published a white paper proposing its strategy on AI; see our previous blogs here and here).  In both Communications, the Commission … Continue Reading

Centre for Data Ethics and Innovation Publishes Final Report on “Online Targeting”

On February 4, 2020, the United Kingdom’s Centre for Data Ethics and Innovation (“DEI”) published its final report on “online targeting” (the “Report”), examining practices used to monitor a person’s online behaviour and subsequently customize their experience.  In October 2018, the UK government appointed the DEI, an expert committee that advises the UK government on … Continue Reading
LexBlog