Maneesha Mithal

The EU’s AI Act Starts to Apply as of February 2, 2025

By Laura De Boel, Maneesha Mithal, Matthew Nuding & Jessica O'Neill on January 31, 2025

Posted in Cybersecurity, European Union, Privacy, Regulatory

On February 2, 2025, the European Union’s (EU) Artificial Intelligence Act (AI Act) will start to apply in phases. This alert summarizes the new obligations that will apply as of February 2, 2025. It also indicates when companies can expect the first enforcement actions, and what the enforcement regime will look like. For more information about the scope and requirements of the AI Act, please see our 10 Things You Should Know About the EU AI Act.Continue Reading The EU’s AI Act Starts to Apply as of February 2, 2025

New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

By Maneesha Mithal, Christopher Olsen, Demian Ahn & Rebecca Weitzel Garcia on January 7, 2025

Posted in Privacy

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

Shaping Consumer Protection: What to Expect from Incoming Chairman Ferguson’s FTC

By Christopher Olsen, Maneesha Mithal & Taylor Stenberg Erb on December 19, 2024

Posted in Regulatory

On December 10, 2024, President-elect Trump named FTC Commissioner Andrew Ferguson as next Chairman of the Federal Trade Commission (FTC), replacing Chair Lina Khan on January 20, 2025. As a Senate-approved sitting Commissioner, he will not need Senate approval to assume the role of Chairman. President-elect Trump also named Mark Meador as a Commissioner to fill the slot currently occupied by Chair Khan. Meador is a former staff member for Senator Mike Lee (R-UT). He has experience serving at the FTC, having spent five years at the beginning of his career working on antitrust cases at the agency.Continue Reading Shaping Consumer Protection: What to Expect from Incoming Chairman Ferguson’s FTC

CFPB Issues Proposed Rule to Cover Data Brokers Under the Fair Credit Reporting Act

By Christopher Olsen, Maneesha Mithal, Libby Weingarten, Jess Cheng & Taylor Stenberg Erb on December 12, 2024

Posted in Regulatory

On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) announced its highly anticipated and controversial proposed rule that primarily aims to bring data brokers within the scope of the Fair Credit Reporting Act (FCRA). Data brokers have long argued that they do not furnish “consumer reports,” and thus do not constitute “consumer reporting agencies” subject to the FCRA’s obligations. The CFPB catalogues the harms that have resulted from such a stance; namely, risks to national security, financial well-being, and personal safety when data brokers sell information to countries of concern, scammers, or stalkers. The proposed rule seeks to cover data brokers by clarifying key provisions within the definition of “consumer report.” The proposed rule also aims to shore up consumer protections under the FCRA by interpreting the definition of “consumer reporting agency” more broadly and permissible purposes for furnishing consumer reports more narrowly, such as consumer consent and legitimate business needs. The CFPB seeks public comment on the proposed rule, which must be received on or before March 3, 2025.Continue Reading CFPB Issues Proposed Rule to Cover Data Brokers Under the Fair Credit Reporting Act

FTC Files Consumer Protection Complaint Against GOAT

By Maneesha Mithal, Christopher Olsen & Kristen Abram on December 10, 2024

Posted in Uncategorized

On December 2, 2024, the Federal Trade Commission (FTC) announced it had filed a complaint against GOAT, an online retailer of sneakers, apparel, and accessories. In the complaint, the FTC alleged, among other things, that GOAT failed to honor its “Buyer Protection” policy for consumers who received deficient products. The FTC also alleged that GOAT failed to offer consumers whose products were delayed beyond the promised delivery period a clear and conspicuous way to consent to the delay or cancel the order in exchange for a refund. Furthermore, the FTC alleged that consumers were forced to repeatedly contact customer service for relief, and often received inadequate refunds.Continue Reading FTC Files Consumer Protection Complaint Against GOAT

California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

By Edward Holman, Kristen Abram, Maneesha Mithal & Tracy Shapiro on November 18, 2024

Posted in Cybersecurity, Privacy, Regulatory

On November 8, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.Continue Reading California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

The Data Advisor