Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town. On July 1, Texas’ Data Privacy and Security Act goes into effect as one of the strongest…
On February 13, 2024, New York State’s Attorney General (AG) Letitia James and the New York State Education Department (NYSED) announced a $750,000 settlement with the non-profit College Board over allegations that College Board shared and sold student personal information in violation of the state’s student privacy law, New York…
The European Council and European Parliament have reached a provisional agreement on the European Health Data Space (“EHDS”). See our recent article on the draft text – Shaping the Future: the European Health Data Space. The main objectives of the EHDS is to improve individual access and control over patient…
The European Commission published a proposal on 03 May 2022 for a regulation to create a European Health Data Space (“EHDS”). This proposed EU regulation establishes a health-specific ecosystem of rules, common standards and practices, infrastructures, and a governance framework, which processes a wide range of electronic health data and…
This year, Data Privacy Day, January 28, fell on a Sunday, allowing us extra time to contemplate – between NFL championship games – the top ten things to keep your eyes on in US privacy in 2024. The coming year will continue to feature a dizzying pace of developments, including…
On Jan. 16, New Jersey Gov. Phil Murphy (D) signed the New Jersey Data Privacy Act into law. Its passage makes New Jersey the 14th state to adopt a comprehensive consumer data privacy law. Given the NJDPA’s nuances compared to other current state privacy laws, companies subject to the New Jersey law will have…
As we kick off 2024, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. Will AI continue to be the trendsetter, even among privacy regulators? And what will businesses do to keep up to date with all emerging laws,…
On December 7, 2023, the Court of Justice of the European Union (“CJEU”) delivered a landmark decision against SCHUFA Holding AG (“SCHUFA”) that will likely impact how the EU General Data Protection Regulation (“GDPR”) applies to credit scoring agencies. In the decision, OQ v. Land Hessen, the CJEU decided that…
On September 11, 2023, Delaware Governor John Carney signed House Bill No. 154, referred to as the Delaware Personal Data Privacy Act (DPDPA), into law. With the passage of the DPDPA, Delaware became the thirteenth state to adopt a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, and Oregon. The DPDPA…
On December 14, 2023, the EU Court of Justice (“CJEU”) issued its first ever ruling on the scope of data security requirements under the GDPR. In VB v. NAP, the CJEU held that an organization is not liable for a security breach unless it failed to implement appropriate security measures….