Search Results: Privacy Compliance

FTC Announces Advanced Notice of Proposed Rulemaking on Privacy and Data Security

On August 11, 2022, the FTC issued an Advanced Notice of Proposed Rulemaking (ANPR) to request public comment on commercial privacy and security practices and their effects on consumers. The ANPR is a first – and tentative – step towards the development of privacy and data security regulations that would,…

Read More

New EU Rules for Data Access and Sharing: What You Need to Know

On February 23, 2022, the European Commission published its proposal for a Regulation on Harmonized Rules on Fair Access to and Use of Data (“Data Act”), which focuses on data generated by Internet of Things (“IoT”) devices. The aim of the Data Act are to create a single market for…

Read More

Tech Companies Need to Prepare for the Data Privacy Implications of Dobbs v. Jackson Women’s Health Organization

In overturning Roe v. Wade and eliminating the constitutional right to abortion in the U.S., Dobbs v. Jackson Women’s Health Organization has caused a seismic shift in constitutional jurisprudence. The Dobbs ruling and the legislation criminalizing abortion that has followed in a number of states threaten to alter numerous dimensions…

Read More

UK Government Issues Response to its Data Reform Consultation

On June 17, 2022, the UK Government’s Department for Digital, Culture, Media and Sport (“DCMS”) issued a final response (“Response”) to the consultation, ‘Data: a new direction’ (“Consultation”), which launched on September 10, 2021, to receive input from stakeholders on the DCMS proposals to reform the UK’s data protection regime….

Read More

Deidentified Under HIPAA, But Regulated Under the CCPA

The Health Insurance Portability and Accountability Act (“HIPAA”) establishes standards by which Protected Health Information (“PHI”) may be deidentified.  Upon deidentification, HIPAA generally allows covered entities to use or disclose the information without limitation.  However, states are increasingly passing privacy laws with definitions of personal information expansive enough to arguably…

Read More

Connecticut Becomes Latest State to Pass Comprehensive Data Privacy Law

On May 10, 2022, Connecticut Governor Ned Lamont signed into law an Act Concerning Personal Data Privacy and Online Monitoring (“Connecticut Data Privacy Act”,  “CTDPA” or the “Act”). Like the California Privacy Rights Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, the Act provides…

Read More

French Data Protection Authority Fined Medical Software Provider for GDPR Violations

On April 21, 2022, France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), announced its decision to fine medical software company Dedalus Biologie €1.5 million following a data breach that exposed health information of nearly 500,000 people. The CNIL noted the company violated several GDPR obligations,…

Read More

United States to Join Cross-Border Privacy Effort

The United States is making efforts to further ease the burden of managing cross-border data transfers amid vast and often divergent privacy regulations across the globe. In addition to the recent announcement from the EU and U.S. on agreement for the Trans-Atlantic Data Privacy Framework, as announced by the US…

Read More

New Data Protection Rights Coming Soon to Saudi Arabia – Just Not as Soon as Expected

The Kingdom of Saudi Arabia (“Saudi Arabia” or the “Kingdom”) has enacted the Personal Data Protection Law (“PDPL”), the country’s first comprehensive data protection law. The PDPL was scheduled to become effective on March 23, 2022 but full implementation was recently delayed until March 17, 2023, a positive development for…

Read More