Privacy

The EU’s AI Act Starts to Apply as of February 2, 2025

By Laura De Boel, Maneesha Mithal, Matthew Nuding & Jessica O'Neill on January 31, 2025

Posted in Cybersecurity, European Union, Privacy, Regulatory

On February 2, 2025, the European Union’s (EU) Artificial Intelligence Act (AI Act) will start to apply in phases. This alert summarizes the new obligations that will apply as of February 2, 2025. It also indicates when companies can expect the first enforcement actions, and what the enforcement regime will look like. For more information about the scope and requirements of the AI Act, please see our 10 Things You Should Know About the EU AI Act.Continue Reading The EU’s AI Act Starts to Apply as of February 2, 2025

New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services

By Libby Weingarten, Tracy Shapiro & Rebecca Weitzel Garcia on January 29, 2025

Posted in Privacy

Companies that may have child users, or whose competitors have child users, take note. On January 16, 2025, the Federal Trade Commission (FTC) announced the final amendments to the Children’s Online Privacy Protection Rule (COPPA Rule). At a high level, the COPPA Rule requires websites or online services to provide notice and obtain verifiable parental consent before collecting information from children under the age of 13. The Rule’s amendments slightly expand the Rule’s scope, change the previous notice and consent provisions, and implement new data security requirements. Violations of the Rule would be subject to $53,088 in civil penalties per violation.Continue Reading New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services

The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now

By Nikolaos Theodorakis, Tom Evans, Claudia Chan & Matthew Nuding on January 23, 2025

Posted in Privacy

In the last month, Ofcom, the regulator tasked with enforcing the UK’s Online Safety Act (OSA), has published guidance enacting requirements under the OSA to carry out illegal harms risk assessments and children’s access assessments. Providers of in-scope services must document an illegal harms risk assessment by March 16, 2025, and a children’s access assessment by April 16, 2025. This alert outlines the steps that in-scope services must take to prepare for these deadlines. For more information on the OSA and its phased implementation, refer to our previous blog post here. Continue Reading The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now

HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule

By Tracy Shapiro, Haley Bavasi, Demian Ahn & Colin Black on January 14, 2025

Posted in Privacy

Overview

The U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) has announced proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (the Proposed Rule). The Proposed Rule was published in the Federal Register for comment on January 6, 2025. It aims to strengthen the security and privacy of electronic protected health information (ePHI) in response to the evolving threat landscape and emerging technological challenges. If finalized as proposed, the Proposed Rule will have significant implications for healthcare organizations, their business associates, and other entities subject to HIPAA compliance requirements (the “regulated entities”). This alert represents the first in a multipart series outlining the most pertinent of the proposed rules and the potential implications for regulated entities.Continue Reading HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule

Increased Focus on the Protection of Minors and Age Verification in the EU and the UK

By Marie Catherine Ducharme, Yann Padova, Cédric Burton & Tom Evans on January 9, 2025

Posted in Privacy

Legislators and regulators across the European Union (EU) and the United Kingdom (UK) are intensifying efforts to enhance the protection of minors online, responding to growing concerns about children’s safety in the digital space. Recent regulations (including the EU Digital Services Act) and guidance impose increasingly strict obligations for providers to restrict access to harmful content for children.Continue Reading Increased Focus on the Protection of Minors and Age Verification in the EU and the UK

New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

By Maneesha Mithal, Christopher Olsen, Demian Ahn & Rebecca Weitzel Garcia on January 7, 2025

Posted in Privacy

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

The Data Advisor

Privacy

The EU’s AI Act Starts to Apply as of February 2, 2025

New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services

The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now

HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule

Increased Focus on the Protection of Minors and Age Verification in the EU and the UK

New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

ABOUT OUR DATA, PRIVACY, AND CYBERSECURITY PRACTICE