On October 24, 2022, the Federal Trade Commission (FTC) announced a proposed consent order against Drizly and its CEO, James Cory Rellas, over the online alcohol marketplace company’s data breach incident in 2020, which exposed
Continue Reading FTC Announces Settlement with Drizly; Complaint Names CEO in His Individual Capacity
On October 10, 2022, the Colorado Secretary of State published draft rules for the Colorado Privacy Act (ColoPA) in the Colorado Register, thus initiating a public comment period that will run through February 1, 2023.
Continue Reading Colorado Attorney General Issues Draft Rules for the Colorado Privacy Act
On October 12, 2022, the EU Digital Markets Act (DMA) was published in the Official Journal of the European Union (see here), giving clarity as to when the new rules will apply. The DMA will enter into force on November 1, 2022, and it will become fully applicable in May 2023. At that point, the gatekeeper designation process will start, and once designated, gatekeepers will have six months to comply with the DMA. This means that the DMA will only be fully enforceable against companies in spring 2024, likely around March.
Continue Reading Formal Publication of the DMA and Timelines for Compliance
On October 7, 2022, President Biden signed an Executive Order (Order) on Enhancing Safeguards for United States Signals Intelligence Activities. This marks the latest step towards the new EU-U.S. Data Privacy Framework (Framework), a replacement
Continue Reading President Biden Signs Executive Order to Implement the New EU-U.S. Data Privacy Framework
On September 15, 2022, the European Commission (EC) published a Proposal for a Cyber Resilience Act (CRA Proposal) that sets out new rules in the European Union (EU) for software and hardware products and their remote data processing solutions. The CRA Proposal introduces mandatory cybersecurity-related requirements and reporting obligations, including about product vulnerabilities, for manufacturers, importers, and distributors of such products. The potential sanctions include product withdrawal from the EU market and fines of up to EUR 15 million or 2.5 percent of total worldwide annual turnover for the preceding year.
Continue Reading European Commission Proposes New EU Cybersecurity Rules for Software and Hardware Products
On September 15, 2022, the Federal Trade Commission (FTC) held an open Commission meeting that covered three agenda items: 1) a rulemaking on impersonation scams, 2) a policy statement on enforcement related to gig work, and 3) a staff report on dark patterns. While items (1) and (3) moved forward with a bipartisan 5-0 vote, the policy statement on the gig economy was adopted with a 3-2 vote along party lines. This alert provides some insight into the implications for future FTC activity in these areas.
Continue Reading Gig Economy, Dark Patterns, and Impersonation Scams: FTC Signals Priorities in Open Commission Meeting