Search Results for:

FTC Announces Advanced Notice of Proposed Rulemaking on Privacy and Data Security

On August 11, 2022, the FTC issued an Advanced Notice of Proposed Rulemaking (ANPR) to request public comment on commercial privacy and security practices and their effects on consumers. The ANPR is a first – and tentative – step towards the development of privacy and data security regulations that would,…

Read More

New Federal Law Mandates Cyber Incident and Ransomware Payment Reporting for Critical Infrastructure Industries

After years of lengthy debates, Congress passed and the President signed into law a bipartisan bill requiring entities in sectors deemed to constitute “critical infrastructure” to report certain cyber incidents and ransomware payments. Currently, companies may and often do voluntarily report cyber incidents to the FBI or other federal agencies,…

Read More

Ninth Circuit: Web Scraping Does Not Violate CFAA

In a decision that is certain to reverberate through the big data community, the U.S. Court of Appeals for the Ninth Circuit ruled that the primary legal tool that companies tried to use to limit scraping of their websites – the criminal statute Computer Fraud and Abuse Act (“CFAA”) –…

Read More

New Data Protection Rights Coming Soon to Saudi Arabia – Just Not as Soon as Expected

The Kingdom of Saudi Arabia (“Saudi Arabia” or the “Kingdom”) has enacted the Personal Data Protection Law (“PDPL”), the country’s first comprehensive data protection law. The PDPL was scheduled to become effective on March 23, 2022 but full implementation was recently delayed until March 17, 2023, a positive development for…

Read More

U.S. and EU Reach Political Agreement On a New Trans-Atlantic Data Privacy Framework: The Implications for Businesses

On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…

Read More

Utah Passes Comprehensive Consumer Privacy Legislation

On March 24, 2022, Utah became the fourth U.S. state to adopt consumer data privacy legislation after Utah Gov. Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”).  The UCPA is largely based on the Virginia Consumer Data Protection Act (“VCDPA”). It regulates how a controller (defined by the UCPA…

Read More

Use of Google Analytics by EU Websites Violates GDPR

Introduction On 13 January 2022, the Austrian Data Protection Authority (“DSB“) ruled that the use of Google Analytics (“GA”) and the resulting export of personal data to the United States (“US”) violates the GDPR’s data export requirements. On 10 February 2022 the French data protection authority (“CNIL”) also confirmed that…

Read More

China Passes Extensive Regulations Governing Artificial Intelligence Algorithms

The Cybersecurity Administration of China (CAC), China’s data protection and cybersecurity watchdog, recently passed the final text of the Internet Information Service Algorithm Recommendation Management Regulations, an extensive set of rules – one of the most fully developed artificial intelligence (AI) regulations in the world – designed to govern the…

Read More

The Princeton University Data Access Research: A Timely Reminder to Revisit Data Subject Request Processes

Update: Since going live with the below, the EDPB has published its draft guidelines addressing key aspects of a data subject’s right of access.  More to follow soon. Last month, a large number of EU and US companies received queries about their data access request procedures under the General Data Protection…

Read More

12