Topics Advertising & Marketing Italian DPA Publishes Guidelines on Email Tracking PixelsThree notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the future Aerospace & Defense Trump Administration Issues AI Action Plan and Series of AI Executive OrdersKey Takeaways from China’s Finalized Generative Artificial Intelligence Measures Airlines TSA Imposes New Cybersecurity Requirements for Rail and Air SectorsGDPR: Top 5 Post-Implementation Issues for Airlines Algorithmic Management European Parliament Committee Recommends Commission to Propose EU Directive on Algorithmic Management Artificial Intelligence (AI) EU AI Act Update: Timeline Relief, Targeted Simplification, and New ProhibitionsMaryland Enacts Law on Personalized Food Pricing Asia Singapore Issues Governance and Security Guidance for Agentic AI Automated Decision-Making UK ICO Consults on Draft Automated Decision-Making Guidance and Sets Expectations for ADM in Recruitment Autonomous Vehicles Trump Administration Issues AI Action Plan and Series of AI Executive OrdersU.S. Tech Legislative, Regulatory & Litigation Update – First Quarter 2024 Big Data EHDS Series – 2: The European Health Data Space from the Health Data Holder’s PerspectiveData Act Becomes Law: What Next? Brexit Data Divergence: A Brexit Dividend?European Commission Adopts Final UK Adequacy Decisions California Consumer Privacy Act (CCPA) California Privacy Agency Fines Tractor Supply $1.35 Million Over CCPA ViolationsNavigating California’s New and Emerging AI Employment Regulations California Privacy Rights Act CPPA Releases Draft Rules on Cybersecurity Audits and Risk AssessmentsCalifornia Court Delays Enforcement of CPPA Regulations Canada IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT CompaniesCanadian Privacy Commissioner Releases Official Guidance as Data Breach Law Takes Effect Centre for Data Ethics and Innovation Centre for Data Ethics and Innovation Publishes Final Report on “Online Targeting” Children's Privacy Ofcom and ICO Issue Joint Statement on Age AssuranceUK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AI China China’s DPO Reporting Requirement Now in EffectChina Releases New Labeling Requirements for AI-Generated Content Cloud Computing U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022European Commission Presents Strategies for Data and AI (Part 1 of 4) Colorado Privacy Act Colorado AG Files Final Rules Implementing CPAThe Colorado AG Posts Revised Draft Regulations Committee on Standards in Public Life UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Competition UK Regulators Target Dark PatternsFrom Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act Congress U.S. Congress Passes Bill Establishing Notice and Takedown Regime for Publication of Nonconsensual Intimate Visual DepictionsSenate Judiciary Subcommittee Holds Hearing on the STOP CSAM Act Consumer Protection Maryland Enacts Law on Personalized Food PricingDC AG Sues Multifamily Landlord Over Alleged Deceptive Rental Fee Advertising COVID-19 COVID-19: Legal Considerations and Best Practices for Employers Processing Vaccination DataCOVID-19 Vaccine Verification Frameworks: Emerging Standards Seek to Balance Privacy Concerns With Public Health Benefits Creditors FTC Announces Amended Rule on Identity Theft "Red Flags" Critical Infrastructure CJEU Advocate-General indicates that communications network operators can lawfully be required to remove Chinese components, and that compensation is not requiredCISA Announces Town Halls to Gather Input on CIRCIA Proposed Rule Cross-Border Transfers Roundup of Cross-Border Data Transfer DevelopmentsEU and Brazil Adopt Mutual Adequacy Decision Cybersecurity European Commission Proposes Targeted Amendments to NIS2 to Simplify Compliance and Align With Proposed Cybersecurity Act 2CISA Releases AI Data Security Guidance Cybersecurity CJEU Advocate-General indicates that communications network operators can lawfully be required to remove Chinese components, and that compensation is not requiredCISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams Dark Patterns UK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AIUK Regulators Target Dark Patterns Data Italian DPA Publishes Guidelines on Email Tracking PixelsThree notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the future Data Breaches European Commission Proposes Revisions to GDPR and Other Digital Rules Under Digital Omnibus PackageICO Fines Capita £14 Million Over 2023 Data Breach Data Privacy Italian DPA Publishes Guidelines on Email Tracking PixelsThree notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the future Data Protection Officer EDPB 2023 Coordinated Enforcement Framework on DPOs: What Are the Key Takeaways for Organizations?Court of Justice of the EU Clarifies Rules on Data Protection Officers’ Dismissal and Conflicts of Interest Data Security Seven Major Changes in the European Commission’s Proposal for an EU Digital Networks ActEuropean Commission Proposes Cybersecurity Act 2: New EU Supply Chain Rules and Certification Reforms Data Transfers Roundup of Cross-Border Data Transfer DevelopmentsCommission Collects Feedback to Simplify Rules on Data, Cybersecurity and Artificial Intelligence in Upcoming Digital Omnibus Delaware Personal Data Privacy Act Delaware General Assembly Passes Personal Data Privacy Act Department of Commerce U.S. Government Issues White Paper on Privacy Safeguards Following Schrems IIPrivacy Shield Third Annual Review Department of Health and Human Services OCR Seeks Comments Related to Recognized Security Practices and Distribution of Civil Monetary Penalties under the HITECH ActFTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices Department of Justice UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act AgreementDOJ Proposes Legislation to Limit Section 230 Immunity Digital Health New German Guidelines on GDPR Requirements for International Transfers of Health Data in Medical ResearchEuropean Health Data Space Published Digital Services Act European Commission Makes New Announcements on the Protection of Minors Under the Digital Services ActEuropean Commission Publishes Draft Guidelines on the Protection of Minors under the DSA Doxing FTC Settles with Broker Who Allegedly Disclosed Personal Information of Yelp Reviewers Electronic Communications Networks and Services Italian DPA Publishes Guidelines on Email Tracking PixelsCJEU Advocate-General indicates that communications network operators can lawfully be required to remove Chinese components, and that compensation is not required Electronic Surveillance and Law Enforcement Access UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act AgreementSupreme Court Holds FISA Does Not Displace the State Secrets Privilege EMEA Tech Regulation Three notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the futureCJEU Advocate-General indicates that communications network operators can lawfully be required to remove Chinese components, and that compensation is not required Emerging Technologies State Lawmakers Introduce New Wave of Personalized Algorithmic Pricing BillsUNESCO Adopts First Global Framework on Neurotechnology Ethics Entertainment UK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AIEU and US Lawmakers Agree to Draft AI Code of Conduct ePrivacy Regulation Italian DPA Publishes Guidelines on Email Tracking PixelsThree notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the future Ethics Kenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in AfricaThe Council of Europe Publishes Feasibility Study on Developing a Legal Instrument for Ethical AI EU Adequacy Decision Roundup of Cross-Border Data Transfer DevelopmentsEuropean Commission Retains Adequacy Decisions for Data Transfers to Eleven Countries EU Data Protection Italian DPA Publishes Guidelines on Email Tracking PixelsOfcom and ICO Issue Joint Statement on Age Assurance EU-U.S. Data Privacy Framework Roundup of Cross-Border Data Transfer DevelopmentsEuropean Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework European Union Italian DPA Fines Bank over the Transfer of Customer Data in the Context of a Corporate TransactionEuropean Commission Proposes Revisions to GDPR and Other Digital Rules Under Digital Omnibus Package European Union EU AI Act Update: Timeline Relief, Targeted Simplification, and New ProhibitionsEU Sets the Clock on Age Verification: Rollout Urged by End‑2026 Federal Communications Commission FTC Announces Regulatory Priorities for Both Privacy and CompetitionSupreme Court Narrows Meaning of TCPA Autodialer Definition Federal Trade Commission FTC Sweep on “Made in the USA” ClaimsFTC Alleges OkCupid Data Sharing Amounted to a Deceptive Practice Financial Institutions New York Department of Financial Services Finalizes Second Amendment to Cybersecurity RegulationProposed Second Amendment to NYDFS Cybersecurity Regulations: Comments Due August 14 Financial Privacy SEC Adopts Amendments to Regulation S-PMcHenry Introduces Data Privacy Act of 2023 Financial Services CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade SecretsDutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment Fintech Overlap Between the GDPR and PSD2 GDPR Italian DPA Publishes Guidelines on Email Tracking PixelsOfcom and ICO Issue Joint Statement on Age Assurance GDPR Rights EU Court Defines Limits to the GDPR Right of AccessCJEU Rules on Right of Rectification of Gender Identity Health Privacy New EDPB Guidelines on the Use of Personal Data in Scientific ResearchUtah and South Dakota Enact Genetic Privacy Laws as Other States Advance Bills India Five Key Themes from the FTC’s Data Portability WorkshopIndia Proposes Updated Personal Data Protection Bill Insider Threats CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams International Italian DPA Fines Bank over the Transfer of Customer Data in the Context of a Corporate TransactionUK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AI Internet of Things (IoT) NIST Report and Recommendations on Fostering Development of the Internet of ThingsData Act Becomes Law: What Next? Iowa Iowa Enacts Comprehensive Consumer Privacy Law Korea EU Digital Partnerships with Asia: A New Path Towards Enhanced Digital Collaboration and OpportunitiesEDPB Adopts Overall Favorable Opinion on European Commission’s Draft Adequacy Decision for South Korea Liability EU Member States Begin Rolling Out New Product Liability RulesEuropean Parliament Study Recommends Strict Liability Regime for High-Risk AI Systems Life science The UK’s new Data Legislation – What does it mean for the Life Science sector?U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023 life science Major Cyber-attack on Irish Health System Causes Commercial ConcernNew German Legislation Facilitates Scientific Research in the Health Sector Life Sciences & Digital Health UNESCO Adopts First Global Framework on Neurotechnology EthicsEU Biotech Act Suggests Clarifying Data Protection Rules For Clinical Trials Litigation Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPAImplied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim Litigation EU Court Defines Limits to the GDPR Right of AccessBelgian High Court Confirms Full Judicial Review of Supervisory Authority Decisions Litigation Third Circuit Affirms Dismissal of CIPA and CMIA ClaimsCourt Applies Popa to Dismiss CIPA Pen Register Claim for Lack of Article III Standing Marketing Schedule of Panelists for FTC's Upcoming Big Data & Discrimination WorkshopFTC to Examine Impact of "Big Data" on Low-Income and Underserved Communities Metaverse Regulating the Metaverse in Europe Middle East Top Five EMEA Technology Trends to Watch in 2023Saudi Arabia Issues New Personal Data Protection Law Minors EU Sets the Clock on Age Verification: Rollout Urged by End‑2026 Mobile New York AG Issues Guidance on Website Privacy ControlsGerman court decides that GDPR consent can be tied to receiving advertising Mobile Online FTC Releases Online Tool to Help Health App Developers Identify Applicable LawsHHS Launches Portal Seeking Questions from Mobile Health Application Developers NHS UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Non-Personal Data European Parliament and Council Release Agreed Text on Data Act Online State Legislatures Advance Surveillance Pricing RegulationsNew York AG Issues Guidance on Website Privacy Controls Online Safety Ofcom and ICO Issue Joint Statement on Age AssuranceUK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AI Online Targeting Italian DPA Publishes Guidelines on Email Tracking PixelsThree notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the future Policy and Legislation State Lawmakers Introduce New Wave of Personalized Algorithmic Pricing BillsEuropean Data Protection Authorities Issue Joint Opinion on the Digital Omnibus on AI POPIA South Africa Introduces Mandatory e-Portal Reporting for Data BreachesFinal Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021 Privacy & Data Security Three notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the futureCNIL Publishes Recommendation on Email Tracking Pixels Privacy and Data Security Roundup of Cross-Border Data Transfer DevelopmentsIllinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify Individuals Privacy Policies Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping ClaimCCPA Consumer Request Metrics Reporting Due July 1, 2021 Public Sector OFAC Issues Updated Guidance on Ransomware PaymentsUK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Quantum Quantum Computing: Developments in the UK and USCISA, NSA, and NIST Urge Critical Infrastructure and Others to Prepare for Quantum Computing Cyber Threats Red Flags FTC Issues Revised Business Guide on Identity Theft Red Flags RuleSEC and CFTC Issue Final Identity Theft Rule Report UK Government’s Advisory Committee Publishes Report on Public Sector Use of AI Russia/Ukraine War International Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure Saudi Arabia Saudi Arabia Issues New Personal Data Protection LawInside Privacy Audiocast Episode 15: Data Privacy Developments in Saudi Arabia and the Middle East Smart Meters FTC Releases Agenda for November 19th "Internet of Things" WorkshopENISA Publishes New Guidelines for Smart Grid Cyber Security Social Media UK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AIUtah Repeals and Replaces Social Media Regulation Act Sourcing GDPR Contracts and Liabilities Between Controllers and ProcessorsData Localization Requirements Through the Backdoor? Germany’s “Federal Cloud”, and New Criteria For the Use of Cloud Services by the German Federal Administration South Africa South Africa: Guidance on POPIA Exemptions and Registration of Information OfficersFinal Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021 Standards NIST Publishes Updated Incident Response Recommendations and ConsiderationsEU Legislative Update on the New Product Liability Directive State Legislatures State Lawmakers Introduce New Wave of Personalized Algorithmic Pricing BillsTexas Enacts AI Consumer Protection Law State Privacy Alabama Enacts Comprehensive Privacy LawSeventh Circuit Holds that BIPA Amendment Applies Retroactively Student Privacy Vermont Enacts Data Breach Notification and Student Privacy LegislationCalifornia Attorney General Issues Recommendations for Privacy in Ed Tech Surveillance State Lawmakers Introduce New Wave of Personalized Algorithmic Pricing BillsState Legislatures Advance Surveillance Pricing Regulations TCPA Maryland and Florida Update Their Telemarketing LawsWashington Enacts Update to State Telemarketing Law Technology Three notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the futureState Lawmakers Introduce New Wave of Personalized Algorithmic Pricing Bills Technology Transactions GDPR Contracts and Liabilities Between Controllers and ProcessorsCovington Attorneys Author Chapter on the Challenges of Managing Third-Party Outsourcing Risks Travel TSA Imposes New Cybersecurity Requirements for Rail and Air SectorsGDPR: Top 5 Post-Implementation Issues for Airlines U.S. Election 2020 Inside Privacy Audiocast: Episode 8 – The Impact of the U.S. Election on Privacy Laws in the U.S. U.S. Federal and State Legislative Initiatives U.S. Senate Introduces Genomic Data Protection ActFederal Congressional Comprehensive Data Privacy Working Group Issues Request for Information U.S. National Cybersecurity Strategy White House Releases New National Cyber Strategy and Executive OrderCISA Publishes International Guidance on Implementing Security-by-Design and Security-by-Default Principles for Software Manufacturers and Customers UK Government UK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AIFive major changes to the regulation of cybersecurity in the UK under the Cyber Security and Resilience Bill Uncategorized Ofcom and ICO Issue Joint Statement on Age AssuranceEU Court Defines Limits to the GDPR Right of Access United Kingdom UK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AIRoundup of Cross-Border Data Transfer Developments United Kingdom Three notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the futureUK ICO Consults on Draft Automated Decision-Making Guidance and Sets Expectations for ADM in Recruitment United States FTC Sweep on “Made in the USA” ClaimsFTC Alleges OkCupid Data Sharing Amounted to a Deceptive Practice White House Trump Administration Issues AI Action Plan and Series of AI Executive OrdersWhite House Issues New Cybersecurity Executive Order
