Since the invalidation of the Privacy Shield framework in 2020 in the “Schrems II” case, the EU and the U.S. have been working to set up a new framework for data flows from

Continue Reading EU Regulators Adopt Opinion on Draft EU-U.S. Data Privacy Framework

On January 27, 2023, the California Attorney General (California AG) Rob Bonta announced an “investigative sweep” of mobile apps in retail, travel, and food service industries for failing to provide a mechanism for—or honor—consumers’ opt-out

Continue Reading California AG Targets Mobile Apps for Failing to Honor or Provide Mechanism for Opt-Out Requests

On August 11, 2022, the Federal Trade Commission (FTC) took the first step toward creating national privacy and security rules that, if finalized, would apply across most sectors of the U.S. economy. The agency unveiled an Advance Notice of Proposed Rulemaking (ANPRM), which asks for public comment on 95 questions, ranging from topics such as targeted advertising, security of personal information, algorithmic discrimination, and protection of children and teens. Comments are due within 60 days of publication of the ANPRM in the Federal Register. The ANPRM was issued with a 3-2 vote along party lines. This alert attempts to answer some key questions about the announcement.
Continue Reading The FTC Privacy Rulemaking: What’s Next?

On June 3, 2022, members of the U.S. Congress released a bipartisan, bicameral discussion draft of a comprehensive national data privacy and data security framework. The draft is notable in that it reflects a compromise on the two issues that have for years vexed lawmakers angling for federal privacy legislation: preemption and private right of action. The House Energy and Commerce Committee has announced a hearing for June 14 to discuss the draft.

The discussion draft has become widely known as the “three corners” bill, because it has the support of three of the four “corners” of the relevant committees: the Chair and Ranking Member of the House Energy and Commerce Committee and the Ranking Member of the Senate Commerce Committee. Notably, the fourth “corner,” Senate Commerce Committee Chair Maria Cantwell, is circulating her own draft.[1] While there are similarities between the two drafts, the differences reflect the likely sticking points among the negotiators.Continue Reading Privacy Legislation Update: The “Three Corners” Bill and the Cantwell Draft

Last week, the Federal Trade Commission (FTC) and the District Attorneys of Los Angeles County and Riverside County agreed to an order to settle claims against Frontier Communications Intermediate, LLC and its parent company, Frontier Communications Parent, Inc. (collectively, Frontier). The plaintiffs alleged that Frontier promised internet speeds that Frontier did not deliver. The order, approved by all Commissioners, contains far-reaching and, in some cases, novel relief, including an $8.5 million penalty, a requirement for customer-by-customer substantiation, an absolute prohibition on signing up of certain new customers, and a mandated $50-60 million investment in new technology.
Continue Reading FTC Takes Aggressive Action Against Internet Service Provider for Misrepresenting Internet Speeds

On May 20, 2021, the Belgian Supervisory Authority (Belgian SA) approved the EU Cloud Code of Conduct (EU Cloud CoC).[1] This is the first time that a Supervisory Authority has approved a transnational, industry-wide code of conduct under the General Data Protection Regulation (GDPR).[2] Cloud service providers (CSPs) will be able to rely on their adherence to the code to demonstrate compliance with the GDPR as a data processor. Although the EU Cloud CoC does not yet qualify as an appropriate safeguard for international data transfers, a separate module is currently under discussion and should, when adopted, accommodate such transfers.
Continue Reading Belgian DPA Approves Code of Conduct for the Cloud Industry