Archives: Privacy

Subscribe to Privacy RSS Feed

Into the Final Stretch: Six Gatekeepers Confirmed Under the EU’s Digital Markets Acts

On September 6, 2023, the European Commission (EC) returned from its summer break with full force and announced the designation of six tech companies as so-called “gatekeepers” under the EU’s Digital Markets Act (DMA) and published a Q&A document. The six companies are predominantly American, with one Asian company represented and no European: Alphabet, Amazon, Apple, … Continue Reading

Missteps in Mixing EU Data Protection and Competition Law: A Call for Boundaries

On June 21, 2023, a request for a preliminary ruling on the scope of the term “undertaking” in Article 83(4) to (6) of the General Data Protection Regulation (GDPR) was lodged with the Court of Justice of the EU (CJEU). This concept is critical for companies facing enforcement action as it is used as a … Continue Reading

CPPA Posts Draft Rules on Cybersecurity Audits and Risk Assessments

Significant New CCPA Compliance Requirements Likely on the Way On August 29, 2023, the California Privacy Protection Agency (CPPA) posted discussion drafts of its forthcoming regulations on cybersecurity audits and risk assessments as part of the materials for its September 8, 2023, public board meeting. These draft regulations are expected to eventually become part of … Continue Reading

UK Regulators Signal Increased Focus on “Damaging” Website Design Practices

On August 9, 2023, the UK’s Information Commissioner’s Office (ICO) and Competition and Markets Authority (CMA) released a joint position paper (the Paper) focused on “harmful” website design practices that may “trick” consumers into giving more access to their personal information. The Paper is targeted at web designers and developers, and it will be particularly … Continue Reading

OCR and FTC Issue Joint Letter to Healthcare Companies Warning About Online Tracking Technologies

On July 20, 2023, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) sent a joint letter to approximately 130 hospitals, telehealth providers, health app developers, and other healthcare industry companies warning of the “serious privacy and security risks” related to the use of online tracking … Continue Reading

Texas, Oregon, and Delaware Join the Comprehensive U.S. State Privacy Law Landscape

New Requirements Include Identifying Specific Third Parties to Whom Businesses Disclose Data and Consent for Targeted Advertising to Teens Texas, Oregon, and Delaware are the latest states to join the growing landscape of comprehensive data privacy laws, adding to the many state privacy laws that were passed this year.1 On June 18, 2023, Governor Greg Abbott … Continue Reading

UK Privacy Regulator Continues to Focus on Children’s Privacy

Updated Guidance for Edtech Providers The UK Privacy Regulator (ICO) recently updated its guidance on privacy compliance for providers of education technologies (Edtech). This should be seen as a call to action for Edtech providers to ensure their privacy compliance program is fully up to date. This blog post sets out key elements of the … Continue Reading

EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified

On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers of personal data from the EU to the U.S., and allowing companies to simplify their compliance with EU data flow restrictions. … Continue Reading

What’s in a Review? The FTC’s Updated Endorsement Guides and Proposed New Rule on Consumer Reviews

In late June 2023, the Federal Trade Commission (FTC) announced revised Endorsement Guides to strengthen and clarify guidance for advertisers and address emerging market trends concerning the use of endorsements and testimonials in advertising. The FTC also announced a proposed rule banning fake reviews and testimonials.… Continue Reading

EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations

In a landmark judgment issued on July 4, 2023, the European top court, the Court of Justice (ECJ), ruled that competition authorities in the EU can consider a company’s compliance with the EU’s data protection rules when assessing whether it abused its dominant position. In addition, the ECJ ruled on important General Data Protection Regulation … Continue Reading

European Commission Proposes New Rules on Financial Data Access and Use

On June 28, 2023, the European Commission (EC) published a Proposal for a Regulation on Financial Data Access (FIDA). FIDA aims to create a framework through which data holders (e.g., banks, credit institutions) share the financial data they hold with other players in the finance industry (e.g., fintech companies). Customers of financial institutions will be able to … Continue Reading

FTC Announces Proposed Settlement with 1Health.io Genetic Testing Firm for Privacy and Security Violations

On June 16, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (in the form of a stipulated order) with genetic testing company Vitagene, Inc., now known as 1Health.io (1Health.io), for allegedly misrepresenting its security and privacy practices regarding its data storage, deletion, and usage. The FTC also alleged that the company unfairly changed material … Continue Reading

European Commission Proposes New Rules for Cross Border GDPR Enforcement

On July 4, 2023, the European Commission (EC) published its proposal for a regulation laying down additional procedural rules for the enforcement of the EU General Data Protection Regulation (GDPR) (proposal). The proposal focuses on procedural issues relating to handling complaints and conducting investigations in cross-border cases.1 The proposal adds to the procedural rules laid down in the … Continue Reading

Sacramento Superior Court Delays Enforcement of CPRA Implementing Regulations

In a shocking turn of events, a Superior Court for the County of Sacramento issued a ruling on June 30, 2023, enjoining the enforcement of the California Privacy Protection Agency’s (the “Agency’s”) California Privacy Rights Act (CPRA) modifications to the California Consumer Privacy Act (CCPA) regulations until one year after the regulations have been finalized. … Continue Reading

SEC Adjusts Anticipated Action Date for Publication of Final Rules for Cybersecurity Reporting and Enhanced Standardized Disclosure

Earlier this month, the U.S. Securities and Exchange Commission’s (SEC) 2023 Spring Unified Agenda of Regulatory and Deregulatory Actions was released. The agenda identifies the rules that the agency expects to consider in the next 12 months and includes an anticipated action date for finalizing rules for cybersecurity disclosure by public companies by October 2023. … Continue Reading

FTC Alleges Amazon Prime Subscription and Cancellation Screens Violate Federal Law

The recent suit filed by the Federal Trade Commission (FTC) represents the latest guidance in the rapidly evolving patchwork of federal and state laws that govern online subscription models. Any company offering subscription services should take note. In addition to increased activity by federal and state regulators regarding subscription services, plaintiff firms representing consumers remain … Continue Reading

Are You Ready for the 3Cs?: California, Colorado, and Connecticut’s New Privacy Laws Become Enforceable July 1, 2023

On July 1, 2023, the Colorado Privacy Act (ColoPA) and Connecticut Data Privacy Act (CTDPA) will go into effect, joining California and Virginia, whose data privacy laws are already in effect. Notably, while the California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA) went into effect on January 1, 2023, those amendments will also become enforceable starting … Continue Reading

UK and U.S. Commit to Establish a “Data Bridge” to Facilitate the Free Flow of Personal Data

On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of personal data between the two countries (the “Data Bridge”).… Continue Reading

Texas Joins Other States in Enacting Social Media Law for Minors

On June 13, 2023, Texas Governor Greg Abbott signed the Securing Children Online through Parental Empowerment Act (HB 18) (SCOPE Act). With this signing, Texas joins Utah and Arkansas in regulating social media and its impact on minors and their mental health. The SCOPE Act requires covered “digital service providers” to provide minors with certain data protections, prevent minors from accessing … Continue Reading

Europe Prepares for a New Era in AI Regulation

In Europe, recent advances in artificial intelligence (AI) have given rise to intense debate over how this technology should be regulated. Companies that have developed AI tools, or who are considering implementing AI, should assess the implications of recent legislative developments and regulatory action. This alert discusses the most recent legislative and regulatory developments in … Continue Reading

Meta Receives Record 1.2 Billion EUR Fine and Is Ordered to Suspend Its EU-U.S. Data Transfers

On May 22, 2023, Ireland’s Data Protection Commission (DPC) published its long-awaited decision in the Meta EU-U.S. data transfer case (Decision). In its landmark Decision, the DPC imposed a record 1.2 billion EUR fine and ordered Meta Platforms Ireland Limited (Meta) to suspend any EU-U.S. transfers of personal data within approximately five months. Meta was … Continue Reading
LexBlog