On August 11, 2022, the FTC issued an Advanced Notice of Proposed Rulemaking (ANPR) to request public comment on commercial privacy and security practices and their effects on consumers. The ANPR is a first – and tentative – step towards the development of privacy and data security regulations that would,…
On February 23, 2022, the European Commission published its proposal for a Regulation on Harmonized Rules on Fair Access to and Use of Data (“Data Act”), which focuses on data generated by Internet of Things (“IoT”) devices. The aim of the Data Act are to create a single market for…
In overturning Roe v. Wade and eliminating the constitutional right to abortion in the U.S., Dobbs v. Jackson Women’s Health Organization has caused a seismic shift in constitutional jurisprudence. The Dobbs ruling and the legislation criminalizing abortion that has followed in a number of states threaten to alter numerous dimensions…
On June 17, 2022, the UK Government’s Department for Digital, Culture, Media and Sport (“DCMS”) issued a final response (“Response”) to the consultation, ‘Data: a new direction’ (“Consultation”), which launched on September 10, 2021, to receive input from stakeholders on the DCMS proposals to reform the UK’s data protection regime….
Starting June 30, 2022, all apps available in the Apple App Store that offer account creation must also allow users to initiate account deletion within the app. This requirement does not come as a surprise: Apple first announced this policy in 2021, and initially planned to roll it out by…
The Health Insurance Portability and Accountability Act (“HIPAA”) establishes standards by which Protected Health Information (“PHI”) may be deidentified. Upon deidentification, HIPAA generally allows covered entities to use or disclose the information without limitation. However, states are increasingly passing privacy laws with definitions of personal information expansive enough to arguably…
On May 10, 2022, Connecticut Governor Ned Lamont signed into law an Act Concerning Personal Data Privacy and Online Monitoring (“Connecticut Data Privacy Act”, “CTDPA” or the “Act”). Like the California Privacy Rights Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, the Act provides…
On April 21, 2022, France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), announced its decision to fine medical software company Dedalus Biologie €1.5 million following a data breach that exposed health information of nearly 500,000 people. The CNIL noted the company violated several GDPR obligations,…
The United States is making efforts to further ease the burden of managing cross-border data transfers amid vast and often divergent privacy regulations across the globe. In addition to the recent announcement from the EU and U.S. on agreement for the Trans-Atlantic Data Privacy Framework, as announced by the US…
The Kingdom of Saudi Arabia (“Saudi Arabia” or the “Kingdom”) has enacted the Personal Data Protection Law (“PDPL”), the country’s first comprehensive data protection law. The PDPL was scheduled to become effective on March 23, 2022 but full implementation was recently delayed until March 17, 2023, a positive development for…