Last year was a rollercoaster year for data protection and privacy professionals, but expect 2023 to call and raise 2022’s activity at the state, federal and international levels. Privacy, as we all know, is recession-proof. These will be some of the highlights: US state laws go into force The most…
Is a university a financial institution governed by the Gramm-Leach Bliley-Act (“GLBA”), or are they subject to the Illinois Biometric Information Privacy Act (“BIPA”) and its heightened protections for individuals’ biometric data? This question has animated a series of BIPA cases in Illinois courts over the years, and has spawned…
On December 13, 2022, the European Commission published a draft adequacy decision on the EU-US Data Privacy Framework (the “Framework”), the successor to the EU-US Privacy Shield Framework that was famously struck down by Europe’s top court two years ago. While the purpose of the draft adequacy decision, once adopted,…
Introduction On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal data from the EU to elsewhere to rely on (for more information,…
On October 18, 2022, the New York Department of Financial Services (“NYDFS”) announced the execution of its sixth consent order for alleged violations of Cybersecurity Regulation, Part 500 of Title 23 of the New York Codes, Rules, and Regulations (“Part 500”). This latest settlement imposes a $4.5 million fine on…
Indonesia joins its Southeast Asian neighbors, Singapore, Malaysia, Thailand, and the Philippines, with its adoption of a comprehensive data protection law. The new measure, the Personal Data Protection Law (“PDPL”), which appears to have taken inspiration from the European General Data Protection Regulation (“GDPR”) was long anticipated after the various…
California lawmakers passed a new potentially transformative children’s privacy law. The new measure, the California Age-Appropriate Design Code Act (“CAADCA” or “Act”), establishes a comprehensive framework that requires businesses to prioritize the “best interests of the child” when designing, developing, and providing online services such as websites, online video games…
UPDATE: On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence that will form the basis of a new EU-U.S. Data Privacy Framework (“DPF”). The DPF, which President Biden and European…
Businesses barely had time to recover from a hectic privacy summer, with U.S. privacy legislation making progress on the Hill and the U.S. Federal Trade Commission’s launch of a sweeping rulemaking initiative, when California Attorney General Rob Bonta dropped a bombshell: The first enforcement settlement under the California Consumer Privacy Act. Pursuant…
On August 5, 2022 news broke that the French Data Protection Authority (“CNIL”) proposes fining adtech company Criteo €60 million for undisclosed GDPR violations as part of an ongoing investigation opened by the CNIL in 2020. The investigation followed a 2018 complaint by the privacy NGO Privacy International against Criteo…