Privacy

Subscribe to Privacy via RSS

On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technology by covered entities regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates (together, “regulated entities”). While the updated guidance from OCR seems intended to clarify, and even narrow, the circumstances under which regulated entities’ use of websites and mobile app tracking technologies constitutes a disclosure of Protected Health Information (PHI), it fails to provide clarity on the exact scope, rendering compliance challenging. We summarize the updates to the guidance below and analyze briefly how these updates may impact the use of tracking technologies on unauthenticated and authenticated webpages, and what companies may explore in terms of compliance.Continue Reading OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities

On March 13, 2024, the European Parliament (EP) approved the latest draft of the European Union’s (EU) Artificial Intelligence Act (AI Act). Following this vote, the text will be sent to the Council of the EU (Council) for formal approval, after which the AI Act will officially become law. Once the AI Act starts to apply, it will introduce a swathe of new obligations for companies providing and using AI systems and general-purpose AI (GPAI) models in the EU, subject to hefty fines of up to EUR 35 million or seven percent of the total worldwide annual turnover, whichever is higher.Continue Reading The EU AI Act Passes Another Hurdle Towards Becoming Law

On February 28, 2024, the UK’s Information Commissioner (commissioner) confirmed that the regulator’s focus areas in 2024 will include artificial intelligence (AI), cookies, biometrics, and children’s privacy.Continue Reading UK Privacy Regulator to Focus on AI, Cookies, Biometrics, and Children’s Privacy, and Consult on “Consent or Pay” Models

On February 13, 2024, the New York Attorney General Letitia James and New York State Education Department (NYSED) Commissioner Betty A. Rosa announced a settlement with College Board to resolve allegations that College Board violated New York Education Law § 2-d, the state’s student privacy law.Continue Reading Time to Hit the Books for Student Privacy Compliance: College Board Agrees to Pay $750K for N.Y. Student Privacy Violations

On February 9, 2024, the California Third District Court of Appeals in Sacramento overturned a lower court order that postponed enforcement of the California Privacy Protection Agency’s (CPPA) newest rules. The decision restores the authority of the CPPA and California Attorney General to enforce the latest regulations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) (“updated CCPA regulations”).Continue Reading California Appeals Court Moves Up Enforcement Date for Latest CCPA Regulations