Posted in Cybersecurity, European Union, PrivacyIn March 2023, the UK government published the Data Protection and Digital Information (No. 2) Bill (the bill). If enacted, the bill will introduce significant changes to the UK’s data protection laws, with the aim of introducing a simple, clear, and business-friendly framework, while maintaining high data protection standards.
Posted in UncategorizedOn March 15, 2023, the Colorado Attorney General’s (Colorado AG) office released the final version of the Colorado Privacy Act (ColoPA) rules (the final rules), which are based on public comments on the third version of the rules published on January 27, 2023.1 The final rules were published in the Colorado Register on March 25, 2023. While the final rules are substantially similar to the third version of the proposed rules, there are several notable revisions companies should consider as part of their compliance efforts. Below are some key takeaways from the changes in the final rules.
Posted in UncategorizedOn March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions to inquire about their designation and position in their respective organizations. The DPAs will also investigate compliance with the DPO-related requirements and follow-up on ongoing formal investigations. Organizations should consider reviewing their compliance with the General Data Protection Regulation (GDPR) requirements on DPOs in light of the upcoming DPA wave of enforcement.
Posted in CybersecurityOn March 2, 2023, the White House released its National Cybersecurity Strategy (the Strategy). The Strategy sets out ambitious goals for the federal government to hold countries accountable for irresponsible behavior in cyberspace and to disrupt the networks of criminals behind cyberattacks. It also seeks to establish, harmonize, and streamline regulations to secure critical infrastructure, as well as shift liability to those it considers to be best positioned to implement cybersecurity, such as owners and operators of the systems that hold consumer data and the technology providers that build and service these systems. The role of the private sector and collaboration between the public and private sectors are prominent themes throughout the Strategy, as is international collaboration.
Posted in PrivacyOn March 2, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (also referred to as “proposed consent order”) with BetterHelp, Inc., an online counseling service, for allegedly disclosing its website visitors’ and users’ “health information” to advertisers, despite making representations on the company’s website and in the company’s privacy policy that such information would stay anonymous or be disclosed only for limited purposes. Of note, the proposed consent order completely prohibits BetterHelp from disclosing any information associated with its website visitors and users to third parties for targeted advertising purposes, even if the company obtains consent from its users for such ad targeting. The proposed consent order also requires BetterHelp to obtain consent before disclosing any information associated with its website visitors and users to third parties for any other purpose, with some exceptions for company vendors.
Posted in Privacy, RegulatoryIn January 2023, the European Data Protection Board (EDPB) published a report on cookie banners (Report). The Report provides practical guidance to companies doing business in the EU on how to comply with the EU cookie rules. It deals with issues such as reject-all buttons, pre-ticked boxes, banner design, and withdrawal icons. The Report is helpful for companies looking to implement a baseline approach to cookie compliance across the EU.
