Privacy

Subscribe to Privacy via RSS

Last week, the Federal Trade Commission (FTC) announced a proposed rule that would regulate a broad range of “junk fees” in consumer goods and services, from resort fees associated with travel and lodging, to delivery fees associated with meal and grocery delivery, to convenience fees associated with financial services (the proposed rule). The proposed rule would generally prohibit the omission of mandatory fees from advertised prices. If finalized, violations of the proposed rule could result in civil penalties of up to $50,120 per violation. The public has 60 days to comment after the proposal is published in the Federal Register.Continue Reading FTC Seeks Comments on Proposed Rule Requiring Disclosure of Fees in Consumer Goods and Services

The Online Safety Bill (OSB or Bill) passed its final reading in the UK’s Parliament in September 2023. The Bill will become law in the coming weeks, ushering in a new era for the regulation of digital services in the UK. Online platforms and search services that fall within the scope of the legislation will be subject to proactive content risk assessment and mitigation duties oriented at protecting users, regardless of where those services are established. The Bill has attracted considerable media attention due to its anticipated impact on the operation of online services in the UK, as well as the potential for it to interfere with freedom of speech.Continue Reading Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?

On September 21, 2023, the UK Government announced the establishment of the “UK-US data bridge” (the Bridge), also known as the UK Extension to the EU-U.S. Data Privacy Framework (the DPF). The announcement promises to simplify compliance issues surrounding the transfer of personal data from the UK to the U.S.Continue Reading UK-U.S. Data Bridge Commencement Date Announced

On September 6, 2023, the European Commission (EC) returned from its summer break with full force and announced the designation of six tech companies as so-called “gatekeepers” under the EU’s Digital Markets Act (DMA) and

Continue Reading Into the Final Stretch: Six Gatekeepers Confirmed Under the EU’s Digital Markets Acts

On June 21, 2023, a request for a preliminary ruling on the scope of the term “undertaking” in Article 83(4) to (6) of the General Data Protection Regulation (GDPR) was lodged with the Court of Justice of the EU (CJEU). This concept is critical for companies facing enforcement action as it is used as a reference point to determine the cap for GDPR fines.Continue Reading Missteps in Mixing EU Data Protection and Competition Law: A Call for Boundaries

Significant New CCPA Compliance Requirements Likely on the Way

On August 29, 2023, the California Privacy Protection Agency (CPPA) posted discussion drafts of its forthcoming regulations on cybersecurity audits and risk assessments as part of the materials for its September 8, 2023, public board meeting. These draft regulations are expected to eventually become part of the CPPA’s second rulemaking package under the California Consumer Privacy Act (CCPA) since the CCPA’s amendment by the California Privacy Rights Act. The CPPA has not yet started its formal rulemaking process for cybersecurity audits and risk assessments, and it has made clear that these draft regulations are meant to facilitate CPPA Board discussion and public participation. Nevertheless, the obligations set forth in the draft rules are extensive and provide an initial window into the onerous new compliance requirements. Notable requirements put forth for discussion under the draft regulations include:Continue Reading CPPA Posts Draft Rules on Cybersecurity Audits and Risk Assessments