NYDFS Escalates and Expands Cybersecurity Enforcement

On October 18, 2022, the New York Department of Financial Services (“NYDFS”) announced the execution of its sixth consent order for alleged violations of Cybersecurity Regulation, Part 500 of Title 23 of the New York Codes, Rules, and Regulations (“Part 500”).  This latest settlement imposes a $4.5 million fine on…

Read More

A Long-Awaited Privacy Measure Finally Becomes Law in Indonesia

Indonesia joins its Southeast Asian neighbors, Singapore, Malaysia, Thailand, and the Philippines, with its adoption of a comprehensive data protection law. The new measure, the Personal Data Protection Law (“PDPL”), which appears to have taken inspiration from the European General Data Protection Regulation (“GDPR”) was long anticipated after the various…

Read More

California Lawmakers Pass The Transformative Age Appropriate Design Code Act

California lawmakers passed a new potentially transformative children’s privacy law. The new measure, the California Age-Appropriate Design Code Act (“CAADCA” or “Act”), establishes a comprehensive framework that requires businesses to prioritize the “best interests of the child” when designing, developing, and providing online services such as websites, online video games…

Read More

President Biden Signs “Privacy Shield” Executive Order to Address European Concerns Over Surveillance Practices in the United States

UPDATE: On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence that will form the basis of a new EU-U.S. Data Privacy Framework (“DPF”). The DPF, which President Biden and European…

Read More

The Sephora Case: Do Not Sell - But Are You Selling?

Businesses barely had time to recover from a hectic privacy summer, with U.S. privacy legislation making progress on the Hill and the U.S. Federal Trade Commission’s launch of a sweeping rulemaking initiative, when California Attorney General Rob Bonta dropped a bombshell: The first enforcement settlement under the California Consumer Privacy Act. Pursuant…

Read More

Rulings Awaited Against Both Criteo and IAB Europe: Ongoing Uncertainty for Digital Advertising

On August 5, 2022 news broke that the French Data Protection Authority (“CNIL”) proposes fining adtech company Criteo €60 million for undisclosed GDPR violations as part of an ongoing investigation opened by the CNIL in 2020. The investigation followed a 2018 complaint by the privacy NGO Privacy International against Criteo…

Read More

Congress Seeks to Protect Children by Allowing Parents and Regulators Access to What Minors Post and View on Social Media

After years of public concern regarding the safety of children on social media platforms, today there is bipartisan congressional support for multiple pieces of legislation that would shift more of the burden and liability of keeping minors safe online to the social media platforms. These laws would mandate that social…

Read More

FTC Announces Advanced Notice of Proposed Rulemaking on Privacy and Data Security

On August 11, 2022, the FTC issued an Advanced Notice of Proposed Rulemaking (ANPR) to request public comment on commercial privacy and security practices and their effects on consumers. The ANPR is a first – and tentative – step towards the development of privacy and data security regulations that would,…

Read More

New EU Rules for Data Access and Sharing: What You Need to Know

On February 23, 2022, the European Commission published its proposal for a Regulation on Harmonized Rules on Fair Access to and Use of Data (“Data Act”), which focuses on data generated by Internet of Things (“IoT”) devices. The aim of the Data Act are to create a single market for…

Read More