Banking on an Exemption: Do Universities Qualify as Financial Institutions Exempt from the Illinois Biometric Information Privacy Act?

Is a university a financial institution governed by the Gramm-Leach Bliley-Act (“GLBA”), or are they subject to the Illinois Biometric Information Privacy Act (“BIPA”) and its heightened protections for individuals’ biometric data? This question has animated a series of BIPA cases in Illinois courts over the years, and has spawned…

Read More

EU Commission Publishes Draft Adequacy Decision on Privacy Shield 2.0

On December 13, 2022, the European Commission published a draft adequacy decision on the EU-US Data Privacy Framework (the “Framework”), the successor to the EU-US Privacy Shield Framework that was famously struck down by Europe’s top court two years ago. While the purpose of the draft adequacy decision, once adopted,…

Read More

EU Standard Contractual Clauses Need Replacing by December 27, 2022

Introduction On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal data from the EU to elsewhere to rely on (for more information,…

Read More

NYDFS Escalates and Expands Cybersecurity Enforcement

On October 18, 2022, the New York Department of Financial Services (“NYDFS”) announced the execution of its sixth consent order for alleged violations of Cybersecurity Regulation, Part 500 of Title 23 of the New York Codes, Rules, and Regulations (“Part 500”).  This latest settlement imposes a $4.5 million fine on…

Read More

A Long-Awaited Privacy Measure Finally Becomes Law in Indonesia

Indonesia joins its Southeast Asian neighbors, Singapore, Malaysia, Thailand, and the Philippines, with its adoption of a comprehensive data protection law. The new measure, the Personal Data Protection Law (“PDPL”), which appears to have taken inspiration from the European General Data Protection Regulation (“GDPR”) was long anticipated after the various…

Read More

California Lawmakers Pass The Transformative Age Appropriate Design Code Act

California lawmakers passed a new potentially transformative children’s privacy law. The new measure, the California Age-Appropriate Design Code Act (“CAADCA” or “Act”), establishes a comprehensive framework that requires businesses to prioritize the “best interests of the child” when designing, developing, and providing online services such as websites, online video games…

Read More

President Biden Signs “Privacy Shield” Executive Order to Address European Concerns Over Surveillance Practices in the United States

UPDATE: On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence that will form the basis of a new EU-U.S. Data Privacy Framework (“DPF”). The DPF, which President Biden and European…

Read More

The Sephora Case: Do Not Sell - But Are You Selling?

Businesses barely had time to recover from a hectic privacy summer, with U.S. privacy legislation making progress on the Hill and the U.S. Federal Trade Commission’s launch of a sweeping rulemaking initiative, when California Attorney General Rob Bonta dropped a bombshell: The first enforcement settlement under the California Consumer Privacy Act. Pursuant…

Read More

Rulings Awaited Against Both Criteo and IAB Europe: Ongoing Uncertainty for Digital Advertising

On August 5, 2022 news broke that the French Data Protection Authority (“CNIL”) proposes fining adtech company Criteo €60 million for undisclosed GDPR violations as part of an ongoing investigation opened by the CNIL in 2020. The investigation followed a 2018 complaint by the privacy NGO Privacy International against Criteo…

Read More

Congress Seeks to Protect Children by Allowing Parents and Regulators Access to What Minors Post and View on Social Media

After years of public concern regarding the safety of children on social media platforms, today there is bipartisan congressional support for multiple pieces of legislation that would shift more of the burden and liability of keeping minors safe online to the social media platforms. These laws would mandate that social…

Read More