Data Privacy Day 2024: What’s Hot in Privacy? Everything

This year, Data Privacy Day, January 28, fell on a Sunday, allowing us extra time to contemplate – between NFL championship games – the top ten things to keep your eyes on in US privacy in 2024. The coming year will continue to feature a dizzying pace of developments, including…

Read More

New Jersey Privacy Law Helps Expand US Consumer Privacy System

On Jan. 16, New Jersey Gov. Phil Murphy (D) signed the New Jersey Data Privacy Act into law. Its passage makes New Jersey the 14th state to adopt a comprehensive consumer data privacy law. Given the NJDPA’s nuances compared to other current state privacy laws, companies subject to the New Jersey law will have…

Read More

Goodwin’s 2024 Data, Privacy & Cybersecurity Outlook

As we kick off 2024, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. Will AI continue to be the trendsetter, even among privacy regulators? And what will businesses do to keep up to date with all emerging laws,…

Read More

CJEU ADM Decision Casts Wide Net Over Credit Scoring Agencies

On December 7, 2023, the Court of Justice of the European Union (“CJEU”) delivered a landmark decision against SCHUFA Holding AG (“SCHUFA”) that will likely impact how the EU General Data Protection Regulation (“GDPR”) applies to credit scoring agencies. In the decision, OQ v. Land Hessen, the CJEU decided that…

Read More

Delaware Personal Data Privacy Act: What Businesses Need to Know

On September 11, 2023, Delaware Governor John Carney signed House Bill No. 154, referred to as the Delaware Personal Data Privacy Act (DPDPA), into law. With the passage of the DPDPA, Delaware became the thirteenth state to adopt a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, and Oregon. The DPDPA…

Read More

EU Court of Justice Confirms GDPR Security Measures Can Be “Appropriate” Even If Not Foolproof

On December 14, 2023, the EU Court of Justice (“CJEU”) issued its first ever ruling on the scope of data security requirements under the GDPR. In VB v. NAP, the CJEU held that an organization is not liable for a security breach unless it failed to implement appropriate security measures….

Read More

October Cybersecurity Awareness Month Closes Out With Notable Changes in U.S. Regulation: New FTC Safeguards and NYDFS Cybersecurity Requirements Revealed

The cybersecurity world is ablaze as recent developments demonstrate an increased expectation of accountability and competence in the space. This trend is unsurprising given high-profile cyber-attacks coupled with advances in artificial intelligence (AI).  In fact, days after releasing the Administration’s Executive Order on the Safe, Secure, and Trustworthy Development and…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of October 30, 2023

Case Law Updates and Fines On May 29, 2023, the Hellenic Data Protection Authority (HDPA) published Decision No. 20/2023, in which it fined WIND Hellas Telecommunications S.A. (now NOVA Telecommunications & Media Monoprosopi SA) €150,000, for violations of the General Data Protection Regulation (GDPR), following a complaint. You can read the press release here and the…

Read More