Privacy

Subscribe to Privacy via RSS

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:

Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation (GDPR).

Continue Reading EU Privacy Regulators Confirm That Legitimate Interest Is a Valid Legal Basis for AI Model Training and Deployment

On November 8, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.

Continue Reading California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

In October 2024, the UK government introduced the Data (Use and Access) Bill (the Data Bill) to Parliament. The Data Bill represents a third attempt by UK ministers to bring about reforms to the UK’s data protection and ePrivacy regimes. If enacted, the Data Bill will introduce changes to the existing regime, including by reducing restrictions on automated decision-making and enhancing powers for the UK’s privacy regulator. It will also lay the groundwork for new “Smart Data” schemes, which will in future require companies operating in certain industries to share data with authorized and regulated third parties.

Continue Reading UK Brings Forward Bill to Reform UK Privacy Laws

On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) announced its long-awaited final rule on “Personal Financial Data Rights” (the Final Rule). The Final Rule implements Section 1033 of the Dodd-Frank Act, which provides consumers the right to access and port their financial information between banks and other financial entities. For an analysis of the proposed rule, please see our analysis here.

Continue Reading CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies

In recent months, politicians and regulators across a number of jurisdictions have called on operators of online platforms to take seriously their legal obligations to promote a safe online environment. The safety of children online has continued to dominate this conversation, with a recent joint UK-U.S. statement (Statement) declaring that online platforms should “go further and faster in their efforts to protect children.”

This alert sets out the regulatory focus areas of the European Commission (EC), the Irish Coimisiún na Meán (CNAM), and the UK’s online safety regulator Ofcom.

Continue Reading Regulators in Europe Signal Increased Scrutiny of Online Platforms