Last year was a rollercoaster year for data protection and privacy professionals, but expect 2023 to call and raise 2022’s activity at the state, federal and international levels. Privacy, as we all know, is recession-proof. These will be some of the highlights: US state laws go into force The most…
Is a university a financial institution governed by the Gramm-Leach Bliley-Act (“GLBA”), or are they subject to the Illinois Biometric Information Privacy Act (“BIPA”) and its heightened protections for individuals’ biometric data? This question has animated a series of BIPA cases in Illinois courts over the years, and has spawned…
California lawmakers passed a new potentially transformative children’s privacy law. The new measure, the California Age-Appropriate Design Code Act (“CAADCA” or “Act”), establishes a comprehensive framework that requires businesses to prioritize the “best interests of the child” when designing, developing, and providing online services such as websites, online video games…
On August 11, 2022, the FTC issued an Advanced Notice of Proposed Rulemaking (ANPR) to request public comment on commercial privacy and security practices and their effects on consumers. The ANPR is a first – and tentative – step towards the development of privacy and data security regulations that would,…
On February 23, 2022, the European Commission published its proposal for a Regulation on Harmonized Rules on Fair Access to and Use of Data (“Data Act”), which focuses on data generated by Internet of Things (“IoT”) devices. The aim of the Data Act are to create a single market for…
In overturning Roe v. Wade and eliminating the constitutional right to abortion in the U.S., Dobbs v. Jackson Women’s Health Organization has caused a seismic shift in constitutional jurisprudence. The Dobbs ruling and the legislation criminalizing abortion that has followed in a number of states threaten to alter numerous dimensions…
On May 10, 2022, Connecticut Governor Ned Lamont signed into law an Act Concerning Personal Data Privacy and Online Monitoring (“Connecticut Data Privacy Act”, “CTDPA” or the “Act”). Like the California Privacy Rights Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, the Act provides…
On April 21, 2022, France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), announced its decision to fine medical software company Dedalus Biologie €1.5 million following a data breach that exposed health information of nearly 500,000 people. The CNIL noted the company violated several GDPR obligations,…
On March 24, 2022, Utah became the fourth U.S. state to adopt consumer data privacy legislation after Utah Gov. Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”). The UCPA is largely based on the Virginia Consumer Data Protection Act (“VCDPA”). It regulates how a controller (defined by the UCPA…
The International Data Transfer Agreement (“IDTA”), the long awaited mechanism for international transfers of personal data originating from the United Kingdom (“UK”), is now in force as of March 21, 2022, along with a separate addendum to the EU standard contractual clauses (“UK Addendum”). These transfer mechanisms were introduced by…