On March 13, 2024, Governor Spencer Cox signed Utah’s Social Media Amendments, SB 194 and HB 464. Utah was the first state last year to pass laws strictly limiting minors’ use of social media. These laws were challenged in two lawsuits: one brought by social media users and another brought by NetChoice, a trade association representing internet companies.Continue Reading Utah Passes New Versions of Social Media Laws for Minors in Response to Challenges
OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities
On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technology by covered entities regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates (together, “regulated entities”). While the updated guidance from OCR seems intended to clarify, and even narrow, the circumstances under which regulated entities’ use of websites and mobile app tracking technologies constitutes a disclosure of Protected Health Information (PHI), it fails to provide clarity on the exact scope, rendering compliance challenging. We summarize the updates to the guidance below and analyze briefly how these updates may impact the use of tracking technologies on unauthenticated and authenticated webpages, and what companies may explore in terms of compliance.Continue Reading OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities
EU Court of Justice Landmark Ruling on Digital Advertising and GDPR Compliance
On March 7, 2024, the European Court of Justice (CJEU) issued a landmark ruling on digital advertising and the concepts of personal data and joint controllership under the General Data Protection Regulation (GDPR).Continue Reading EU Court of Justice Landmark Ruling on Digital Advertising and GDPR Compliance
The EU AI Act Passes Another Hurdle Towards Becoming Law
On March 13, 2024, the European Parliament (EP) approved the latest draft of the European Union’s (EU) Artificial Intelligence Act (AI Act). Following this vote, the text will be sent to the Council of the EU (Council) for formal approval, after which the AI Act will officially become law. Once the AI Act starts to apply, it will introduce a swathe of new obligations for companies providing and using AI systems and general-purpose AI (GPAI) models in the EU, subject to hefty fines of up to EUR 35 million or seven percent of the total worldwide annual turnover, whichever is higher.Continue Reading The EU AI Act Passes Another Hurdle Towards Becoming Law
New Executive Order Restricts Certain Cross-Border Transactions Involving Sensitive Personal Data of U.S. Citizens
On February 28, 2024, President Biden signed Executive Order 14117 (the Order) aimed at protecting Americans’ sensitive personal data and U.S. Government-related data from exploitation by “countries of concern.” This move constitutes a transformative overhaul in the U.S. approach to data regulation and creates the foundation for a comprehensive regulatory structure governing U.S. data.Continue Reading New Executive Order Restricts Certain Cross-Border Transactions Involving Sensitive Personal Data of U.S. Citizens
UK Privacy Regulator to Focus on AI, Cookies, Biometrics, and Children’s Privacy, and Consult on “Consent or Pay” Models
On February 28, 2024, the UK’s Information Commissioner (commissioner) confirmed that the regulator’s focus areas in 2024 will include artificial intelligence (AI), cookies, biometrics, and children’s privacy.Continue Reading UK Privacy Regulator to Focus on AI, Cookies, Biometrics, and Children’s Privacy, and Consult on “Consent or Pay” Models
Time to Hit the Books for Student Privacy Compliance: College Board Agrees to Pay $750K for N.Y. Student Privacy Violations
On February 13, 2024, the New York Attorney General Letitia James and New York State Education Department (NYSED) Commissioner Betty A. Rosa announced a settlement with College Board to resolve allegations that College Board violated New York Education Law § 2-d, the state’s student privacy law.Continue Reading Time to Hit the Books for Student Privacy Compliance: College Board Agrees to Pay $750K for N.Y. Student Privacy Violations