After years of public concern regarding the safety of children on social media platforms, today there is bipartisan congressional support for multiple pieces of legislation that would shift more of the burden and liability of keeping minors safe online to the social media platforms. These laws would mandate that social…
If businesses thought August would bring a lull from the breakneck pace of privacy policymaking — including a draft federal privacy law, five new state privacy laws and a dizzying array of global privacy regulations from the EU to China to Japan — the U.S. Federal Trade Commission had other…
On August 11, 2022, the FTC issued an Advanced Notice of Proposed Rulemaking (ANPR) to request public comment on commercial privacy and security practices and their effects on consumers. The ANPR is a first – and tentative – step towards the development of privacy and data security regulations that would,…
On February 23, 2022, the European Commission published its proposal for a Regulation on Harmonized Rules on Fair Access to and Use of Data (“Data Act”), which focuses on data generated by Internet of Things (“IoT”) devices. The aim of the Data Act are to create a single market for…
In overturning Roe v. Wade and eliminating the constitutional right to abortion in the U.S., Dobbs v. Jackson Women’s Health Organization has caused a seismic shift in constitutional jurisprudence. The Dobbs ruling and the legislation criminalizing abortion that has followed in a number of states threaten to alter numerous dimensions…
On June 17, 2022, the UK Government’s Department for Digital, Culture, Media and Sport (“DCMS”) issued a final response (“Response”) to the consultation, ‘Data: a new direction’ (“Consultation”), which launched on September 10, 2021, to receive input from stakeholders on the DCMS proposals to reform the UK’s data protection regime….
Starting June 30, 2022, all apps available in the Apple App Store that offer account creation must also allow users to initiate account deletion within the app. This requirement does not come as a surprise: Apple first announced this policy in 2021, and initially planned to roll it out by…
The Health Insurance Portability and Accountability Act (“HIPAA”) establishes standards by which Protected Health Information (“PHI”) may be deidentified. Upon deidentification, HIPAA generally allows covered entities to use or disclose the information without limitation. However, states are increasingly passing privacy laws with definitions of personal information expansive enough to arguably…
On May 10, 2022, Connecticut Governor Ned Lamont signed into law an Act Concerning Personal Data Privacy and Online Monitoring (“Connecticut Data Privacy Act”, “CTDPA” or the “Act”). Like the California Privacy Rights Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, the Act provides…
On April 21, 2022, France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), announced its decision to fine medical software company Dedalus Biologie €1.5 million following a data breach that exposed health information of nearly 500,000 people. The CNIL noted the company violated several GDPR obligations,…