Topics Advertising & Marketing Watchdog to Investigate Mobile Payment Provider Over Its Use of Purchase History for Targeted AdvertisingFTC Issues Final “Click-to-Cancel” Rule Aerospace & Defense Key Takeaways from China’s Finalized Generative Artificial Intelligence MeasuresUK and G7 Privacy Authorities Warn of Privacy Risks Raised by Generative AI Airlines TSA Imposes New Cybersecurity Requirements for Rail and Air SectorsGDPR: Top 5 Post-Implementation Issues for Airlines Artificial Intelligence (AI) EU’s Community of Practice Publishes Updated AI Model Contractual ClausesKenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in Africa Autonomous Vehicles U.S. Tech Legislative, Regulatory & Litigation Update – First Quarter 2024U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022 Big Data EHDS Series – 2: The European Health Data Space from the Health Data Holder’s PerspectiveData Act Becomes Law: What Next? Brexit Data Divergence: A Brexit Dividend?European Commission Adopts Final UK Adequacy Decisions California Consumer Privacy Act (CCPA) Honda Settles CPPA Allegations Regarding California Consumer Privacy Act ViolationsCalifornia Privacy Protection Agency Issues Enforcement Advisory on Data Minimization California Privacy Rights Act CPPA Releases Draft Rules on Cybersecurity Audits and Risk AssessmentsCalifornia Court Delays Enforcement of CPPA Regulations Canada IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT CompaniesCanadian Privacy Commissioner Releases Official Guidance as Data Breach Law Takes Effect Centre for Data Ethics and Innovation Centre for Data Ethics and Innovation Publishes Final Report on “Online Targeting” Children's Privacy District Court Enjoins Enforcement of the California Age-Appropriate Design Code ActState and Federal Developments in Minors’ Privacy in 2024 China China Releases New Labeling Requirements for AI-Generated ContentChina Eases Restrictions on Cross-Border Data Flows Cloud Computing U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022European Commission Presents Strategies for Data and AI (Part 1 of 4) Colorado Privacy Act Colorado AG Files Final Rules Implementing CPAThe Colorado AG Posts Revised Draft Regulations Committee on Standards in Public Life UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Competition UK Regulators Target Dark PatternsFrom Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act Congress Senate Judiciary Subcommittee Holds Hearing on the STOP CSAM ActBiden Administration Rulemakings at Risk for Congressional Review Act Cancellation in New Congress Consumer Protection Digital Fairness Act Series – Topic 1: Influencer MarketingCJEU Rules on Fairness of Remuneration Clause in Sports Contract COVID-19 COVID-19: Legal Considerations and Best Practices for Employers Processing Vaccination DataCOVID-19 Vaccine Verification Frameworks: Emerging Standards Seek to Balance Privacy Concerns With Public Health Benefits Creditors FTC Announces Amended Rule on Identity Theft "Red Flags" Critical Infrastructure European Commission Publishes Guidance on NIS2: Interplay with Sector-Specific LawsInternational Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure Cross-Border Transfers Finnish Supervisory Authority Investigates Health Data Transfers to ChinaEDPB adopts draft guidelines on requirements when responding to requests from non-EU public authorities Cybersecurity NIS2 Deadline TodayWhat to expect from the UK’s Cyber Security and Resilience Bill (and when) Cybersecurity European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare ProvidersNew York Adopts Amendment to the State Data Breach Notification Law Dark Patterns UK Regulators Target Dark PatternsItalian Garante Fines Digital Marketing Company Over Use of Dark Patterns Data CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade SecretsEU Data Act Regulates Business-to-Business Contracts Relating to Access and Use of Data Data Breaches South Africa Introduces Mandatory e-Portal Reporting for Data BreachesRounding up Five Recent CJEU Cases on GDPR Compensation Data Privacy Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping ClaimAnother California Court Rejects Privacy Claims Targeting Online Chat Feature Data Protection Officer EDPB 2023 Coordinated Enforcement Framework on DPOs: What Are the Key Takeaways for Organizations?Court of Justice of the EU Clarifies Rules on Data Protection Officers’ Dismissal and Conflicts of Interest Data Security South Africa Introduces Mandatory e-Portal Reporting for Data BreachesNIS2 Deadline Today Data Transfers Finnish Supervisory Authority Investigates Health Data Transfers to ChinaEU Commission Announces New SCCs for International Transfers to Non-EU Controllers and Processors Subject to the GDPR Delaware Personal Data Privacy Act Delaware General Assembly Passes Personal Data Privacy Act Department of Commerce U.S. Government Issues White Paper on Privacy Safeguards Following Schrems IIPrivacy Shield Third Annual Review Department of Health and Human Services OCR Seeks Comments Related to Recognized Security Practices and Distribution of Civil Monetary Penalties under the HITECH ActFTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices Department of Justice UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act AgreementDOJ Proposes Legislation to Limit Section 230 Immunity Digital Health European Health Data Space PublishedGermany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical Devices Digital Services Act Draft Delegated and Implementing Acts Pursuant to the Digital Services ActDigital Services Act’s Impact on Terms of Service Doxing FTC Settles with Broker Who Allegedly Disclosed Personal Information of Yelp Reviewers Electronic Surveillance and Law Enforcement Access UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act AgreementSupreme Court Holds FISA Does Not Displace the State Secrets Privilege EMEA Tech Regulation French CNIL Issues Draft Guidance On The Use of Location Data From Connected VehiclesNIS2: Commission Publishes Long-Awaited Draft Implementing Regulation On Technical And Methodological Requirements And Significant Incidents Emerging Technologies EU Parliament Adopts AI ActEU Parliament’s AI Act Proposals Introduce New Obligations for Foundation Models and Generative AI Entertainment EU and US Lawmakers Agree to Draft AI Code of ConductWhite House Issues Request for Comment on Use of Automated Tools with the Workforce ePrivacy Regulation Irish DPC Publishes Child-Facing Privacy Guides12 Eye-Catching Proposals In The UK Government’s Plan To Reform UK Data Protection Law Ethics Kenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in AfricaThe Council of Europe Publishes Feasibility Study on Developing a Legal Instrument for Ethical AI EU Adequacy Decision European Commission Retains Adequacy Decisions for Data Transfers to Eleven Countries EU Data Protection French CNIL Issues Draft Guidance On The Use of Location Data From Connected VehiclesCJEU Advocate General Supports Pragmatic Definition of Personal Data EU-U.S. Data Privacy Framework European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework European Union CJEU Upholds Country-of-Origin Principle for Online Service Providers in the EUEU Supervisory Authorities Publish New Guidance on Cookies European Union French CNIL Issues Draft Guidance On The Use of Location Data From Connected VehiclesDigital Fairness Act Series – Topic 1: Influencer Marketing Federal Communications Commission FTC Announces Regulatory Priorities for Both Privacy and CompetitionSupreme Court Narrows Meaning of TCPA Autodialer Definition Federal Trade Commission Commissioner Remarks at FTC PrivacyCon 2024FTC Proposes to Rewrite Negative Option Rule with Expansive Notice of Proposed Rulemaking Financial Institutions New York Department of Financial Services Finalizes Second Amendment to Cybersecurity RegulationProposed Second Amendment to NYDFS Cybersecurity Regulations: Comments Due August 14 Financial Privacy SEC Adopts Amendments to Regulation S-PMcHenry Introduces Data Privacy Act of 2023 Financial Services CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade SecretsDutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment Fintech Overlap Between the GDPR and PSD2 GDPR German SA Checks Whether Online Retailers Allow Consumers to Make Purchases Without Creating an AccountCJEU Rules on Right of Rectification of Gender Identity GDPR Rights CJEU Rules on Right of Rectification of Gender IdentityEDPB Launches Coordinated Enforcement on the Right to Erasure Health Privacy European Health Data Space PublishedNew York Legislature Passes Health Privacy Act India Five Key Themes from the FTC’s Data Portability WorkshopIndia Proposes Updated Personal Data Protection Bill International Japan Plans to Adopt AI-Friendly LegislationChina Releases New Labeling Requirements for AI-Generated Content Internet of Things (IoT) NIST Report and Recommendations on Fostering Development of the Internet of ThingsData Act Becomes Law: What Next? Iowa Iowa Enacts Comprehensive Consumer Privacy Law Korea EU Digital Partnerships with Asia: A New Path Towards Enhanced Digital Collaboration and OpportunitiesEDPB Adopts Overall Favorable Opinion on European Commission’s Draft Adequacy Decision for South Korea Life science U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023The New Italian Sunshine Act Introduces Mandatory Individual Disclosure With Implied Consent Mechanism For Transfers Of Value life science Major Cyber-attack on Irish Health System Causes Commercial ConcernNew German Legislation Facilitates Scientific Research in the Health Sector Life Sciences & Digital Health Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical DevicesEHDS Series – 5: European Health Data Space Governance, Enforcement and Timelines Litigation Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping ClaimAnother California Court Rejects Privacy Claims Targeting Online Chat Feature Litigation Rounding up Five Recent CJEU Cases on GDPR CompensationCJEU Decides the IAB Europe Case, Expanding the Concept of Controllership Marketing Schedule of Panelists for FTC's Upcoming Big Data & Discrimination WorkshopFTC to Examine Impact of "Big Data" on Low-Income and Underserved Communities Metaverse Regulating the Metaverse in Europe Middle East Top Five EMEA Technology Trends to Watch in 2023Saudi Arabia Issues New Personal Data Protection Law Mobile New York AG Issues Guidance on Website Privacy ControlsGerman court decides that GDPR consent can be tied to receiving advertising Mobile Online FTC Releases Online Tool to Help Health App Developers Identify Applicable LawsHHS Launches Portal Seeking Questions from Mobile Health Application Developers NHS UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Non-Personal Data European Parliament and Council Release Agreed Text on Data Act Online New York AG Issues Guidance on Website Privacy ControlsEDPB Publishes Draft Guidelines on the Targeting of Social Media Users Online Safety EU Legislative Update on the New Product Liability Directive Online Targeting ICO announces its online tracking strategy for 2025CJEU Decides the IAB Europe Case, Expanding the Concept of Controllership Policy and Legislation U.S. Senate Passes REPORT Act to Expand Scope of CSAM Reporting ObligationsUK Government Adopts a “Pro-Innovation” Approach to AI Regulation POPIA South Africa Introduces Mandatory e-Portal Reporting for Data BreachesFinal Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021 Privacy & Data Security Recording of Customer Service Call “Not Private or Personal Enough” to Confer Article III StandingNinth Circuit Affirms Dismissal of CIPA and Wiretap Act Claims Against Celebrity Platform Privacy and Data Security Illinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify IndividualsNebraska Enacts Nebraska Data Privacy Act Privacy Policies Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping ClaimCCPA Consumer Request Metrics Reporting Due July 1, 2021 Public Sector OFAC Issues Updated Guidance on Ransomware PaymentsUK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Quantum Quantum Computing: Developments in the UK and USCISA, NSA, and NIST Urge Critical Infrastructure and Others to Prepare for Quantum Computing Cyber Threats Red Flags FTC Issues Revised Business Guide on Identity Theft Red Flags RuleSEC and CFTC Issue Final Identity Theft Rule Report UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Russia/Ukraine War International Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure Saudi Arabia Saudi Arabia Issues New Personal Data Protection LawInside Privacy Audiocast Episode 15: Data Privacy Developments in Saudi Arabia and the Middle East Smart Meters FTC Releases Agenda for November 19th "Internet of Things" WorkshopENISA Publishes New Guidelines for Smart Grid Cyber Security Social Media Utah Repeals and Replaces Social Media Regulation ActState, Federal, and Global Developments in Children's Privacy, Q1 2023 Sourcing GDPR Contracts and Liabilities Between Controllers and ProcessorsData Localization Requirements Through the Backdoor? Germany’s “Federal Cloud”, and New Criteria For the Use of Cloud Services by the German Federal Administration South Africa South Africa: Guidance on POPIA Exemptions and Registration of Information OfficersFinal Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021 Standards EU Legislative Update on the New Product Liability DirectiveCOVID-19 Cybersecurity Advice: FTC, NIST, and CISA Release Guidance on Secure Teleworking and Critical Infrastructure Jobs State Legislatures Utah Enacts App Store Accountability ActOregon Legislature Passes Consumer Privacy Act State Privacy Utah Enacts App Store Accountability ActState Attorneys General Issue Guidance On Privacy & Artificial Intelligence Student Privacy Vermont Enacts Data Breach Notification and Student Privacy LegislationCalifornia Attorney General Issues Recommendations for Privacy in Ed Tech Surveillance President Biden Signs Executive Order to Implement EU-U.S. Data Privacy FrameworkSupreme Court Holds FISA Does Not Displace the State Secrets Privilege TCPA Maryland and Florida Update Their Telemarketing LawsWashington Enacts Update to State Telemarketing Law Technology Another California Court Rejects Privacy Claims Targeting Online Chat FeatureWebsite Wiretapping Litigation: Recent Decisions and Developments Technology Transactions GDPR Contracts and Liabilities Between Controllers and ProcessorsCovington Attorneys Author Chapter on the Challenges of Managing Third-Party Outsourcing Risks Travel TSA Imposes New Cybersecurity Requirements for Rail and Air SectorsGDPR: Top 5 Post-Implementation Issues for Airlines U.S. Election 2020 Inside Privacy Audiocast: Episode 8 – The Impact of the U.S. Election on Privacy Laws in the U.S. U.S. Federal and State Legislative Initiatives U.S. Senate Introduces Genomic Data Protection ActFederal Congressional Comprehensive Data Privacy Working Group Issues Request for Information U.S. National Cybersecurity Strategy CISA Publishes International Guidance on Implementing Security-by-Design and Security-by-Default Principles for Software Manufacturers and Customers UK Government Quantum Computing: Developments in the UK and USUK and G7 Privacy Authorities Warn of Privacy Risks Raised by Generative AI Uncategorized South Africa Introduces Mandatory e-Portal Reporting for Data BreachesEuropean Health Data Space Published United Kingdom What to expect from the UK’s Cyber Security and Resilience Bill (and when)UK ICO Launches a Consultation on “Consent or Pay” Business Models United Kingdom ICO announces its online tracking strategy for 2025ICO Audit on AI Recruitment Tools United States Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping ClaimAnother California Court Rejects Privacy Claims Targeting Online Chat Feature White House White House Releases Blueprint for AI Bill of RightsIoT Update: President Trump Signs IoT Cybersecurity Act of 2020 into Law
