privacy

Subscribe to privacy via RSS

On July 20, 2023, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) sent a joint letter to approximately 130 hospitals, telehealth providers, health app developers, and other healthcare industry companies warning of the “serious privacy and security risks” related to the use of online tracking technologies integrated into their websites and mobile apps. The FTC released a press release about the joint letter here and OCR released a press release about the joint letter here.Continue Reading OCR and FTC Issue Joint Letter to Healthcare Companies Warning About Online Tracking Technologies

New Requirements Include Identifying Specific Third Parties to Whom Businesses Disclose Data and Consent for Targeted Advertising to Teens

Texas, Oregon, and Delaware are the latest states to join the growing landscape of comprehensive data privacy laws, adding to the many state privacy laws that were passed this year.1 On June 18, 2023, Governor Greg Abbott signed the Texas Data Privacy and Security Act. On July 18, 2023, Governor Tina Kotek signed Oregon Senate Bill 619, referred to as the Oregon Consumer Privacy Act. Similarly, on June 30, 2023, the Delaware legislature passed the Delaware Personal Data Privacy Act. In doing so, Texas and Oregon officially became the 10th and 11th states, respectively, to enact a comprehensive privacy law. Assuming Governor John Carney also signs the Delaware Personal Data Privacy Act, his state would join as the 12th with that status. All three of the most recent laws are substantially similar to the prior state comprehensive consumer privacy laws, but they each include some key particularities that companies should be aware of as they plan their compliance strategies.Continue Reading Texas, Oregon, and Delaware Join the Comprehensive U.S. State Privacy Law Landscape

On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers of personal data from the EU to the U.S., and allowing companies to simplify their compliance with EU data flow restrictions. It thus represents a major development in the regulation of data flows from the EU to the U.S.Continue Reading EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified

Midnight on July 3, 2023, heralded the deadline for potential gatekeepers to notify the European Commission (EC) as to whether they meet the thresholds for gatekeepers set out in Article 3 of the Digital Markets Act (DMA).Continue Reading The Final Countdown: Designation of Digital Platforms Under the EU’s Digital Markets Act Formally Underway

In a landmark judgment issued on July 4, 2023, the European top court, the Court of Justice (ECJ), ruled that competition authorities in the EU can consider a company’s compliance with the EU’s data protection rules when assessing whether it abused its dominant position. In addition, the ECJ ruled on important General Data Protection Regulation (GDPR) clarifications on the legal bases for personalized advertising.

The judgment sets out how competition agencies should cooperate with data protection agencies when conducting competition investigations involving the consideration of whether a company’s data collection and processing practices comply with EU data protection rules.Continue Reading EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations