Archives: Privacy

Subscribe to Privacy RSS Feed

UK Brings Forward Legislation to Streamline the GDPR

In March 2023, the UK government published the Data Protection and Digital Information (No. 2) Bill (the bill). If enacted, the bill will introduce significant changes to the UK’s data protection laws, with the aim of introducing a simple, clear, and business-friendly framework, while maintaining high data protection standards.… Continue Reading

FTC Announces Settlement with BetterHelp for Disclosing Consumers’ Health Information to Third-Party Advertisers

On March 2, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (also referred to as “proposed consent order”) with BetterHelp, Inc., an online counseling service, for allegedly disclosing its website visitors’ and users’ “health information” to advertisers, despite making representations on the company’s website and in the company’s privacy policy that such information would … Continue Reading

EDPB Issues Guidance on Cookie Banners

In January 2023, the European Data Protection Board (EDPB) published a report on cookie banners (Report). The Report provides practical guidance to companies doing business in the EU on how to comply with the EU cookie rules. It deals with issues such as reject-all buttons, pre-ticked boxes, banner design, and withdrawal icons. The Report is … Continue Reading

European Commission Seeks Companies’ Input on GDPR Enforcement

On February 24, 2023, the European Commission (EC) opened a public consultation on its initiative (Initiative) to revise procedural rules relating to the enforcement of the EU General Data Protection Regulation (GDPR). The EC invites companies to give feedback on the Initiative by March 24, 2023.… Continue Reading

EU Regulators Adopt Opinion on Draft EU-U.S. Data Privacy Framework

Since the invalidation of the Privacy Shield framework in 2020 in the “Schrems II” case, the EU and the U.S. have been working to set up a new framework for data flows from the EU to the U.S. A draft of a new “Data Privacy Framework” (DPF), which is designed to serve as the basis … Continue Reading

DSA: European Commission Publishes Guidance on Requirement to Publish User Numbers Ahead of February 17, 2023, Deadline

On February 1, 2023, the European Commission (EC) published Guidance on the requirement to publish user numbers under the Digital Services Act (DSA).1 The Guidance contains important information for providers of online platforms and online search engines that are required to publish the average monthly number of recipients of their service by February 17, 2023.… Continue Reading

FTC Announces First Enforcement Action Under the Health Breach Notification Rule Against GoodRx

On February 1, 2023, the Federal Trade Commission (FTC) announced a complaint against and proposed settlement agreement (the “proposed order”) with GoodRx, a digital health company, over its data sharing practices that allegedly resulted in the disclosure of sensitive health information to third-parties. This is the first enforcement action the FTC has ever brought under the … Continue Reading

Colorado Attorney General’s Office Releases Third Version of Draft Rules for Colorado Privacy Act: Key Takeaways

On January 27, 2023, the Colorado Attorney General’s (Colorado AG) office released the third version of its proposed draft rules (third draft) for the Colorado Privacy Act (ColoPA) based on public comments it received on the modified proposed rules published on December 21, 2022 (second draft).1 During a February 1, 2023, rulemaking hearing, the Colorado AG’s office emphasized that it … Continue Reading

Preparing for the UK Online Safety Bill: A Focus on Protecting Children

The UK Online Safety Bill (OSB or the Bill) cleared an important hurdle in January 2023 after passing its third reading in parliament. The Bill was first published in May 2021 and has been subject to intense scrutiny. If enacted, it will place extensive obligations on providers of search engines and online platforms that enable … Continue Reading

California AG Targets Mobile Apps for Failing to Honor or Provide Mechanism for Opt-Out Requests

On January 27, 2023, the California Attorney General (California AG) Rob Bonta announced an “investigative sweep” of mobile apps in retail, travel, and food service industries for failing to provide a mechanism for—or honor—consumers’ opt-out requests to stop selling their data under the California Consumer Privacy Act (CCPA). According to the California AG’s tweet, the … Continue Reading

CJEU Finds That Companies Must Provide Individuals with the Identity of Data Recipients When Responding to Data Access Requests

On January 12, 2023, the Court of Justice of the European Union (CJEU) ruled1 that the data subject’s right of access to personal data2 requires controllers to provide the data subject with the identity of the companies that they have shared or will share data with. This is a sharp departure from current market practice since many … Continue Reading

Colorado Attorney General’s Office Releases Modified Draft Rules for Colorado Privacy Act: Key Takeaways

On December 21, 2022, the Colorado Attorney General’s office published an updated version of proposed draft rules (“modified draft rules”) to the Colorado Privacy Act (ColoPA), which revise the initial draft rules issued in October 2022, based on feedback received during the prior comment period.1 Notably, the Colorado Attorney General’s office explained that it modified some of the rules to … Continue Reading

2023 U.S. Cybersecurity Predictions

Given that cyberattacks continue to be sophisticated and severe, and cybersecurity continues to be a top concern for regulators, consumers, business partners, and investors, companies should be proactive and devote adequate resources to their security practices and incident response. In addition to the litigation and reputational risks that companies face if they are perceived as … Continue Reading

2023 U.S. Privacy Regulatory Predictions

The year 2023 promises to be another big year for privacy. In 2022, regulators focused on AI, dark patterns and aggressive remedies for allegedly deceptive and unfair data practices, such as disgorgement of algorithms developed through ill-gotten data, and these trends are likely to continue. Privacy professionals continue to focus on the privacy laws in five states coming into … Continue Reading

Council of the EU Proposes Amendments to Draft AI Act

On December 6, 2022, the European Union’s (EU) Regulation on Artificial Intelligence (AI Act) progressed one step towards becoming law when the Council of the EU (the Council) adopted their amendments to the draft act (Council General Approach). The European Parliament (Parliament) must now finalize their common position before interinstitutional negotiations can begin.… Continue Reading

EU Introduces Legislative Proposal to Collect Data from Short-Term Accommodation Platforms

On November 7, 2022, the European Commission (EC) published its proposal for a regulation on data collection and sharing for short-term accommodation rental services (proposal). The proposal includes data sharing and website design requirements for online platforms providing short-term accommodation rental services. It also prompts EU countries to create a harmonized registration process for hosts providing such … Continue Reading

UK Government Publishes New Code of Practice for App Store Operators and App Developers

On December 9, 2022, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published a voluntary Code of Practice for App Store Operators and App Developers (Code). The Code sets out eight core principles to be followed by in-scope entities and is intended to help protect end users from malicious and poorly designed … Continue Reading

Some Light Holiday Reading: Draft Procedural Guidance on the EU’s Digital Market Act Open for Consultation

On December 9, 2022, the European Commission (EC) published its draft Digital Markets Act (DMA) Implementing Regulation, which will be open for public comment until January 6, 2023. The package is designed to give guidance on the practical aspects of gatekeeper designation and sets out the information required from gatekeepers and their procedural rights. The … Continue Reading

FTC Extends Deadline to Comply with the Updated Safeguards Rule Until June 9, 2023

On November 15, 2022, the Federal Trade Commission (FTC) announced it is extending the deadline for covered financial institutions to comply with the updated Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) by six months. The FTC originally published updates to the Safeguards Rule in October 2021. Under the updated rule, covered financial institutions had until … Continue Reading

California Privacy Protection Agency Releases Modified Proposed CPRA Regulations: An In-Depth Analysis

Written Comments Due by November 21 On November 3, 2022, the California Privacy Protection Agency (CPPA, or the Agency) issued modified proposed regulations implementing the California Privacy Rights Act (CPRA),[1] which revise the initial proposed regulations released on July 8, 2022. The Agency’s Notice of Modifications to Text of Proposed Regulations triggers a 15-day public … Continue Reading

EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations

On September 20, 2022, an adviser to the EU’s top court opined that competition authorities may consider a company’s compliance with the EU’s data protection rules as part of an abuse of dominance investigation. In his Opinion (Opinion), Advocate General (AG) Athanasios Rantos of the EU’s Court of Justice (CJEU) noted that competition authorities do not have … Continue Reading

FTC Settles Allegations of Data Security Failures with Edtech Company Chegg

On October 31, 2022, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Chegg, an edtech company, over its security practices that resulted in four security breaches in three years. The commissioners unanimously voted to approve the proposed order. The case follows the FTC’s announcement earlier this year that it would scrutinize the … Continue Reading
LexBlog