Washington’s Biometric Data Regime Advances Privacy Regulation

On April 27, Washington Governor Jay Inslee signed into law the state’s expansive health privacy law, the My Health My Data Act. Effective March 31, 2024, the MHMDA establishes a comprehensive privacy framework for entities doing business in Washington state that handle consumer health data. Reflecting a trend by lawmakers to…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of May 15, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news.         Case Law Updates and…

Read More

European Court Finds Pseudonymized Data is Not Personal Data in the Hands of Recipient That Can’t Re-identify It

On April 26, 2023, the General Court of the European Union issued a ruling in Case T-557/20, SRB v EDPS, finding that pseudonymized data shared by one party with another will not be considered personal data in the hands of the recipient, if the recipient does not have legal means…

Read More

States Race After Utah on Minors’ Privacy Despite Legal Threats

The legislative and regulatory landscape concerning minors’ privacy is becoming increasingly protective, adding new complexity and uncertainty for companies as they navigate a patchwork of requirements. The latest legislative trend aims to regulate use of social media by minors and provide parents with greater control over their children’s social media…

Read More

Takeaways from Washington's Sweeping Health Privacy Bill

On April 27, Washington Gov. Jay Inslee signed into law the state’s sweeping health privacy bill – the My Health Data Act.[1] The act, which establishes a comprehensive privacy framework for entities that do business in the state and that handle consumer health data, will take effect less than a…

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of May 8, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 27 April…

Read More

New EDPB Guidelines on Designation of a Lead Supervisory Authority

On April 17, 2023, the European Data Protection Board (“EDPB”) adopted a final version of the Guidelines for identifying a controller or processor’s lead supervisory authority (“New Guidelines”). This document is an update to the Article 29 Working Party Guidelines (“Old Guidelines”) which were adopted in April 2017 and subsequently…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of April 17, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates On 13 April 2023, the…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of March 27, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates On 16 March 2023, the…

Read More

French Privacy Regulator Fines Apple 8 Million Euros for Ad Targeting Violations

On December 29, 2022, France’s privacy regulator (CNIL) imposed an €8 million fine on Apple. The CNIL found Apple in breach of France’s ePrivacy rules for not obtaining mobile users’ consent prior to reading and depositing Identifiers for Advertising (IDFAs) on those users’ devices. Apple has announced that it intends…

Read More