November 2024

Preparing for the UK’s New Online Safety Regime: Timeline and Key Phases

By Nikolaos Theodorakis, Tom Evans & Matthew Nuding on November 26, 2024

The UK’s Online Safety Act (OSA) is a landmark law that will require companies to make online services “safe by design” for all individuals, with a particularly high standard of protection required for children. The OSA was enacted in 2023, and its obligations will come into force in phases throughout 2025 and 2026. This blog post explains how the law will be brought into force, and what companies can do to prepare.Continue Reading Preparing for the UK’s New Online Safety Regime: Timeline and Key Phases

California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

By Edward Holman, Kristen Abram, Maneesha Mithal & Tracy Shapiro on November 18, 2024

Posted in Cybersecurity, Privacy, Regulatory

On November 8, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.Continue Reading California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

UK Brings Forward Bill to Reform UK Privacy Laws

By Nikolaos Theodorakis, Tom Evans & Claudia Chan on November 5, 2024

Posted in Privacy

In October 2024, the UK government introduced the Data (Use and Access) Bill (the Data Bill) to Parliament. The Data Bill represents a third attempt by UK ministers to bring about reforms to the UK’s data protection and ePrivacy regimes. If enacted, the Data Bill will introduce changes to the existing regime, including by reducing restrictions on automated decision-making and enhancing powers for the UK’s privacy regulator. It will also lay the groundwork for new “Smart Data” schemes, which will in future require companies operating in certain industries to share data with authorized and regulated third parties.Continue Reading UK Brings Forward Bill to Reform UK Privacy Laws

CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies

By Maneesha Mithal, Jess Cheng & Doo Lee on November 4, 2024

Posted in Privacy

On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) announced its long-awaited final rule on “Personal Financial Data Rights” (the Final Rule). The Final Rule implements Section 1033 of the Dodd-Frank Act, which provides consumers the right to access and port their financial information between banks and other financial entities. For an analysis of the proposed rule, please see our analysis here.Continue Reading CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies

The Data Advisor

November 2024

Preparing for the UK’s New Online Safety Regime: Timeline and Key Phases

California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

UK Brings Forward Bill to Reform UK Privacy Laws

CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies

ABOUT OUR DATA, PRIVACY, AND CYBERSECURITY PRACTICE