Privacy

Subscribe to Privacy via RSS

In late June 2023, the Federal Trade Commission (FTC) announced revised Endorsement Guides to strengthen and clarify guidance for advertisers and address emerging market trends concerning the use of endorsements and testimonials in advertising. The FTC also announced a proposed rule banning fake reviews and testimonials.Continue Reading What’s in a Review? The FTC’s Updated Endorsement Guides and Proposed New Rule on Consumer Reviews

In a landmark judgment issued on July 4, 2023, the European top court, the Court of Justice (ECJ), ruled that competition authorities in the EU can consider a company’s compliance with the EU’s data protection rules when assessing whether it abused its dominant position. In addition, the ECJ ruled on important General Data Protection Regulation (GDPR) clarifications on the legal bases for personalized advertising.

The judgment sets out how competition agencies should cooperate with data protection agencies when conducting competition investigations involving the consideration of whether a company’s data collection and processing practices comply with EU data protection rules.Continue Reading EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations

On June 28, 2023, the European Commission (EC) published a Proposal for a Regulation on Financial Data Access (FIDA). FIDA aims to create a framework through which data holders (e.g., banks, credit institutions) share the financial data they hold with other players in the finance industry (e.g., fintech companies). Customers of financial institutions will be able to control i) which data is shared, ii) with whom, iii) for what purpose, and iv) for how long. If adopted, FIDA will further liberalize financial data sharing in the EU.Continue Reading European Commission Proposes New Rules on Financial Data Access and Use

On June 16, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (in the form of a stipulated order) with genetic testing company Vitagene, Inc., now known as 1Health.io (1Health.io), for allegedly misrepresenting its security and privacy practices regarding its data storage, deletion, and usage. The FTC also alleged that the company unfairly changed material privacy policy disclosures without obtaining affirmative consumer consent.Continue Reading FTC Announces Proposed Settlement with 1Health.io Genetic Testing Firm for Privacy and Security Violations

On July 4, 2023, the European Commission (EC) published its proposal for a regulation laying down additional procedural rules for the enforcement of the EU General Data Protection Regulation (GDPR) (proposal). The proposal focuses on procedural issues relating to handling complaints and conducting investigations in cross-border cases.1 The proposal adds to the procedural rules laid down in the GDPR and addresses certain practical issues and gaps. In particular, the proposal harmonizes at an EU-level the rules on complaint admissibility, strengthens due process rights for complainants and defendants, and streamlines cooperation between supervisory authorities (SAs, i.e., national data protection authorities or DPAs). If it is eventually enacted, the proposal would be of considerable importance in facilitating the enforcement of the GDPR in cross-border cases.Continue Reading European Commission Proposes New Rules for Cross Border GDPR Enforcement

In a shocking turn of events, a Superior Court for the County of Sacramento issued a ruling on June 30, 2023, enjoining the enforcement of the California Privacy Protection Agency’s (the “Agency’s”) California Privacy Rights Act (CPRA) modifications to the California Consumer Privacy Act (CCPA) regulations until one year after the regulations have been finalized. We previously issued an alert reminding businesses that the CPRA amendments to the CCPA become enforceable starting July 1, 2023, but, in accordance with the court’s ruling, the Agency’s recent modifications to the CCPA regulations to account for the CPRA’s changes to the CCPA now will not become enforceable until March 29, 2024. Per the court’s ruling, the prior CCPA regulations will remain in effect until the new regulations become enforceable.Continue Reading Sacramento Superior Court Delays Enforcement of CPRA Implementing Regulations