Topics Advertising & Marketing FTC Issues Final Rule on Reviews and TestimonialsNew York AG Issues Guidance on Website Privacy Controls Aerospace & Defense Key Takeaways from China’s Finalized Generative Artificial Intelligence MeasuresUK and G7 Privacy Authorities Warn of Privacy Risks Raised by Generative AI Airlines TSA Imposes New Cybersecurity Requirements for Rail and Air SectorsGDPR: Top 5 Post-Implementation Issues for Airlines Artificial Intelligence (AI) U.S. Tech Legislative, Regulatory & Litigation Update – Second Quarter 2024EU Artificial Intelligence Act Published Autonomous Vehicles U.S. Tech Legislative, Regulatory & Litigation Update – First Quarter 2024U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022 Big Data EHDS Series – 2: The European Health Data Space from the Health Data Holder’s PerspectiveData Act Becomes Law: What Next? Brexit Data Divergence: A Brexit Dividend?European Commission Adopts Final UK Adequacy Decisions California Consumer Privacy Act (CCPA) California Privacy Protection Agency Issues Enforcement Advisory on Data MinimizationCPPA Executive Director Remarks on Policy and Enforcement Priorities California Privacy Rights Act CPPA Releases Draft Rules on Cybersecurity Audits and Risk AssessmentsCalifornia Court Delays Enforcement of CPPA Regulations Canada IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT CompaniesCanadian Privacy Commissioner Releases Official Guidance as Data Breach Law Takes Effect Centre for Data Ethics and Innovation Centre for Data Ethics and Innovation Publishes Final Report on “Online Targeting” Children's Privacy State and Federal Developments in Minors’ Privacy in 2024New York Begins Rulemaking for Two Children’s Data Privacy Laws China China Eases Restrictions on Cross-Border Data FlowsChina Proposes Significant Changes to Cross-Border Transfer Rules Cloud Computing U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022European Commission Presents Strategies for Data and AI (Part 1 of 4) Colorado Privacy Act Colorado AG Files Final Rules Implementing CPAThe Colorado AG Posts Revised Draft Regulations Committee on Standards in Public Life UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Competition UK Regulators Target Dark PatternsFrom Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act Congress Congressional Review Act Threat Looms Over Biden Administration RulemakingsState, Federal, and Global Developments in Children's Privacy, Q1 2023 Consumer Protection CJEU Clarifies Online "Order Buttons" Must Indicate that the Consumer is Assuming an Obligation to PayUK Regulators Target Dark Patterns COVID-19 COVID-19: Legal Considerations and Best Practices for Employers Processing Vaccination DataCOVID-19 Vaccine Verification Frameworks: Emerging Standards Seek to Balance Privacy Concerns With Public Health Benefits Creditors FTC Announces Amended Rule on Identity Theft "Red Flags" Critical Infrastructure European Commission Publishes Guidance on NIS2: Interplay with Sector-Specific LawsInternational Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure Cross-Border Transfers EU Commission Announces New SCCs for International Transfers to Non-EU Controllers and Processors Subject to the GDPRChina Eases Restrictions on Cross-Border Data Flows Cybersecurity What to expect from the UK’s Cyber Security and Resilience Bill (and when)The Cyber Resilience Act is One Step Closer to Becoming Law Cybersecurity What to expect from the UK’s Cyber Security and Resilience Bill (and when)CISA and FBI Publish a Secure by Design Alert to Eliminate Cross-Site Scripting Vulnerabilities Dark Patterns UK Regulators Target Dark PatternsItalian Garante Fines Digital Marketing Company Over Use of Dark Patterns Data EU Data Act Regulates Business-to-Business Contracts Relating to Access and Use of DataICO Launches Consultation Series on Generative AI Data Breaches Rounding up Five Recent CJEU Cases on GDPR CompensationCJEU Advocate General Issues Opinion on Non-Material Damages for GDPR Breach Data Privacy Quantum Computing: Developments in the UK and USIllinois Enacts BIPA Amendment Limiting Violation Accrual Data Protection Officer EDPB 2023 Coordinated Enforcement Framework on DPOs: What Are the Key Takeaways for Organizations?Court of Justice of the EU Clarifies Rules on Data Protection Officers’ Dismissal and Conflicts of Interest Data Security What to expect from the UK’s Cyber Security and Resilience Bill (and when)Rounding up Five Recent CJEU Cases on GDPR Compensation Data Transfers EU Commission Announces New SCCs for International Transfers to Non-EU Controllers and Processors Subject to the GDPRBrazil Issues New Regulation on International Data Transfers Delaware Personal Data Privacy Act Delaware General Assembly Passes Personal Data Privacy Act Department of Commerce U.S. Government Issues White Paper on Privacy Safeguards Following Schrems IIPrivacy Shield Third Annual Review Department of Health and Human Services OCR Seeks Comments Related to Recognized Security Practices and Distribution of Civil Monetary Penalties under the HITECH ActFTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices Department of Justice UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act AgreementDOJ Proposes Legislation to Limit Section 230 Immunity Digital Health Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical DevicesQuantum Computing: Developments in the UK and US Digital Services Act Draft Delegated and Implementing Acts Pursuant to the Digital Services ActDigital Services Act’s Impact on Terms of Service Doxing FTC Settles with Broker Who Allegedly Disclosed Personal Information of Yelp Reviewers Electronic Surveillance and Law Enforcement Access UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act AgreementSupreme Court Holds FISA Does Not Displace the State Secrets Privilege EMEA Tech Regulation NIS2: Commission Publishes Long-Awaited Draft Implementing Regulation On Technical And Methodological Requirements And Significant IncidentsEU Parliament Adopts AI Act Emerging Technologies EU Parliament Adopts AI ActEU Parliament’s AI Act Proposals Introduce New Obligations for Foundation Models and Generative AI Entertainment EU and US Lawmakers Agree to Draft AI Code of ConductWhite House Issues Request for Comment on Use of Automated Tools with the Workforce ePrivacy Regulation Irish DPC Publishes Child-Facing Privacy Guides12 Eye-Catching Proposals In The UK Government’s Plan To Reform UK Data Protection Law Ethics The Council of Europe Publishes Feasibility Study on Developing a Legal Instrument for Ethical AIEuropean Commission Presents Strategies for Data and AI (Part 1 of 4) EU Adequacy Decision European Commission Retains Adequacy Decisions for Data Transfers to Eleven Countries EU Data Protection CNIL Opens Public Consultation on Its Standards for Processing Health DataNIS2 implementation enters the final stretch – six months to deadline EU-U.S. Data Privacy Framework European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework European Union CJEU Upholds Country-of-Origin Principle for Online Service Providers in the EUEU Supervisory Authorities Publish New Guidance on Cookies European Union The EU Considers Changing the EU AI Liability Directive into a Software Liability RegulationEU Commission Announces New SCCs for International Transfers to Non-EU Controllers and Processors Subject to the GDPR Federal Communications Commission FTC Announces Regulatory Priorities for Both Privacy and CompetitionSupreme Court Narrows Meaning of TCPA Autodialer Definition Federal Trade Commission Commissioner Remarks at FTC PrivacyCon 2024FTC Proposes to Rewrite Negative Option Rule with Expansive Notice of Proposed Rulemaking Financial Institutions New York Department of Financial Services Finalizes Second Amendment to Cybersecurity RegulationProposed Second Amendment to NYDFS Cybersecurity Regulations: Comments Due August 14 Financial Privacy SEC Adopts Amendments to Regulation S-PMcHenry Introduces Data Privacy Act of 2023 Financial Services Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact AssessmentUK and G7 Privacy Authorities Warn of Privacy Risks Raised by Generative AI Fintech Overlap Between the GDPR and PSD2 GDPR Rounding up Five Recent CJEU Cases on GDPR CompensationEDPB’s 2024 Coordinated Enforcement Action on the Access Right: What Can You Expect? GDPR Rights EDPB’s 2024 Coordinated Enforcement Action on the Access Right: What Can You Expect?CJEU Holds That GDPR Right of Access Overrules Local Laws Health Privacy HHS OCR Settles Ransomware Cybersecurity Investigation for $250,000Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical Devices India Five Key Themes from the FTC’s Data Portability WorkshopIndia Proposes Updated Personal Data Protection Bill International What to expect from the UK’s Cyber Security and Resilience Bill (and when)CJEU Upholds Country-of-Origin Principle for Online Service Providers in the EU Internet of Things (IoT) Data Act Becomes Law: What Next?EU cyber regulation wave quietly rolls on – Commission set to finalize new cyber standards Iowa Iowa Enacts Comprehensive Consumer Privacy Law Korea EU Digital Partnerships with Asia: A New Path Towards Enhanced Digital Collaboration and OpportunitiesEDPB Adopts Overall Favorable Opinion on European Commission’s Draft Adequacy Decision for South Korea Life science U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023The New Italian Sunshine Act Introduces Mandatory Individual Disclosure With Implied Consent Mechanism For Transfers Of Value life science Major Cyber-attack on Irish Health System Causes Commercial ConcernNew German Legislation Facilitates Scientific Research in the Health Sector Life Sciences & Digital Health Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical DevicesEHDS Series – 5: European Health Data Space Governance, Enforcement and Timelines Litigation Employers Beware: New Wave of Illinois Genetic Information Privacy Act LitigationNinth Circuit Holds COPPA Does Not Preempt Consistent State Law Claims Premised on COPPA Violations Litigation Rounding up Five Recent CJEU Cases on GDPR CompensationCJEU Decides the IAB Europe Case, Expanding the Concept of Controllership Marketing Schedule of Panelists for FTC's Upcoming Big Data & Discrimination WorkshopFTC to Examine Impact of "Big Data" on Low-Income and Underserved Communities Metaverse Regulating the Metaverse in Europe Middle East Top Five EMEA Technology Trends to Watch in 2023Saudi Arabia Issues New Personal Data Protection Law Mobile New York AG Issues Guidance on Website Privacy ControlsGerman court decides that GDPR consent can be tied to receiving advertising Mobile Online FTC Releases Online Tool to Help Health App Developers Identify Applicable LawsHHS Launches Portal Seeking Questions from Mobile Health Application Developers NHS UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Non-Personal Data European Parliament and Council Release Agreed Text on Data Act Online New York AG Issues Guidance on Website Privacy ControlsEDPB Publishes Draft Guidelines on the Targeting of Social Media Users Online Safety EU Legislative Update on the New Product Liability Directive Online Targeting CJEU Decides the IAB Europe Case, Expanding the Concept of ControllershipEDPB Issues Draft Guidelines on Technical Scope of ePrivacy Directive Rules for Storage and Access Policy and Legislation U.S. Senate Passes REPORT Act to Expand Scope of CSAM Reporting ObligationsUK Government Adopts a “Pro-Innovation” Approach to AI Regulation POPIA Final Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021Inside Privacy Audiocast: Episode 12 – Conversation with Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa Privacy & Data Security U.S. Senate Passes SHIELD Act to Criminalize Distribution of Private Intimate Images OnlineCNIL Opens Public Consultation on Its Standards for Processing Health Data Privacy and Data Security Illinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify IndividualsNebraska Enacts Nebraska Data Privacy Act Privacy Policies CCPA Consumer Request Metrics Reporting Due July 1, 20212021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington Public Sector OFAC Issues Updated Guidance on Ransomware PaymentsUK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Quantum Quantum Computing: Developments in the UK and USCISA, NSA, and NIST Urge Critical Infrastructure and Others to Prepare for Quantum Computing Cyber Threats Red Flags FTC Issues Revised Business Guide on Identity Theft Red Flags RuleSEC and CFTC Issue Final Identity Theft Rule Report UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Russia/Ukraine War International Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure Saudi Arabia Saudi Arabia Issues New Personal Data Protection LawInside Privacy Audiocast Episode 15: Data Privacy Developments in Saudi Arabia and the Middle East Smart Meters FTC Releases Agenda for November 19th "Internet of Things" WorkshopENISA Publishes New Guidelines for Smart Grid Cyber Security Social Media Utah Repeals and Replaces Social Media Regulation ActState, Federal, and Global Developments in Children's Privacy, Q1 2023 Sourcing GDPR Contracts and Liabilities Between Controllers and ProcessorsData Localization Requirements Through the Backdoor? Germany’s “Federal Cloud”, and New Criteria For the Use of Cloud Services by the German Federal Administration South Africa South Africa: Guidance on POPIA Exemptions and Registration of Information OfficersFinal Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021 Standards EU Legislative Update on the New Product Liability DirectiveCOVID-19 Cybersecurity Advice: FTC, NIST, and CISA Release Guidance on Secure Teleworking and Critical Infrastructure Jobs State Legislatures Oregon Legislature Passes Consumer Privacy ActIowa Enacts Comprehensive Consumer Privacy Law State Privacy Minnesota and Rhode Island Pass Comprehensive Privacy LegislationIllinois Enacts BIPA Amendment Limiting Violation Accrual Student Privacy Vermont Enacts Data Breach Notification and Student Privacy LegislationCalifornia Attorney General Issues Recommendations for Privacy in Ed Tech Surveillance President Biden Signs Executive Order to Implement EU-U.S. Data Privacy FrameworkSupreme Court Holds FISA Does Not Displace the State Secrets Privilege TCPA Maryland and Florida Update Their Telemarketing LawsWashington Enacts Update to State Telemarketing Law Technology U.S. Tech Legislative, Regulatory & Litigation Update – Second Quarter 2024U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023 Technology Transactions GDPR Contracts and Liabilities Between Controllers and ProcessorsCovington Attorneys Author Chapter on the Challenges of Managing Third-Party Outsourcing Risks Travel TSA Imposes New Cybersecurity Requirements for Rail and Air SectorsGDPR: Top 5 Post-Implementation Issues for Airlines U.S. Election 2020 Inside Privacy Audiocast: Episode 8 – The Impact of the U.S. Election on Privacy Laws in the U.S. U.S. Federal and State Legislative Initiatives Senate Judiciary Committee Holds Hearing on Children's Online SafetyColorado Attorney General Releases Draft CPA Rules U.S. National Cybersecurity Strategy CISA Publishes International Guidance on Implementing Security-by-Design and Security-by-Default Principles for Software Manufacturers and Customers UK Government Quantum Computing: Developments in the UK and USUK and G7 Privacy Authorities Warn of Privacy Risks Raised by Generative AI Uncategorized California Enacts Health AI Bill and Protections for Neural DataFTC Reaches Settlement with NGL Labs Over Children’s Privacy & AI United Kingdom What to expect from the UK’s Cyber Security and Resilience Bill (and when)UK ICO Launches a Consultation on “Consent or Pay” Business Models United Kingdom Changes to the UK investigatory powers regime receive royal assentICO Launches Consultation Series on Generative AI United States Quantum Computing: Developments in the UK and USU.S. Senate Passes SHIELD Act to Criminalize Distribution of Private Intimate Images Online White House White House Releases Blueprint for AI Bill of RightsIoT Update: President Trump Signs IoT Cybersecurity Act of 2020 into Law