Maneesha Mithal

Subscribe to Maneesha Mithal's Posts

On April 26, 2024, the Federal Trade Commission (FTC) announced a Final Rule that amends the Health Breach Notification Rule (HBNR or Rule) to significantly broaden the FTC’s enforcement power in the area of digital health. Under the Final Rule, many developers of everyday health and wellness apps (Developers) will now constitute “health care providers” subject to the HBNR. The consequences of failing to comply with the HBNR could be steep—failure to comply with the Rule could subject a company to civil penalties of $51,744 per violation. Below, we provide a summary of the Final Rule and highlight some of the key challenges it presents.Continue Reading FTC Final Rule Officially Broadens Health Breach Notification Rule, Targets Health and Wellness Apps

The recent omnibus foreign relations package signed by President Biden on April 24, 2024, includes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (the Act), a set of sweeping privacy provisions prohibiting data brokers from sharing sensitive personal information with a broad range of entities that may have ties to Russia, China, Iran, and North Korea. The Federal Trade Commission (FTC) will enforce these prohibitions and have the ability to seek civil penalties for violations. The provision takes effect 60 days after the date of enactment of the Act.Continue Reading New Federal Data Broker Restrictions Signed into Law

On April 7, 2024, Representative Cathy McMorris Rogers (R-WA) and Senator Maria Cantwell (D-WA) announced that Congress will once again consider a comprehensive federal data privacy bill that, if passed, would dramatically alter the privacy landscape across the United States.Continue Reading Congress Proposes New Comprehensive Privacy Legislation: The American Privacy Rights Act

On March 13, 2024, the European Parliament (EP) approved the latest draft of the European Union’s (EU) Artificial Intelligence Act (AI Act). Following this vote, the text will be sent to the Council of the EU (Council) for formal approval, after which the AI Act will officially become law. Once the AI Act starts to apply, it will introduce a swathe of new obligations for companies providing and using AI systems and general-purpose AI (GPAI) models in the EU, subject to hefty fines of up to EUR 35 million or seven percent of the total worldwide annual turnover, whichever is higher.Continue Reading The EU AI Act Passes Another Hurdle Towards Becoming Law

On February 28, 2024, President Biden signed Executive Order 14117 (the Order) aimed at protecting Americans’ sensitive personal data and U.S. Government-related data from exploitation by “countries of concern.” This move constitutes a transformative overhaul in the U.S. approach to data regulation and creates the foundation for a comprehensive regulatory structure governing U.S. data.Continue Reading New Executive Order Restricts Certain Cross-Border Transactions Involving Sensitive Personal Data of U.S. Citizens

On February 9, 2024, the California Third District Court of Appeals in Sacramento overturned a lower court order that postponed enforcement of the California Privacy Protection Agency’s (CPPA) newest rules. The decision restores the authority of the CPPA and California Attorney General to enforce the latest regulations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) (“updated CCPA regulations”).Continue Reading California Appeals Court Moves Up Enforcement Date for Latest CCPA Regulations