This month the EDPB shed light on the question of lead supervisory authorities. The issue arose in response to a question late last month from the French supervisory authority. Some background. As most international organizations are aware, GDPR provides for
Eye On Privacy
Timely Updates and Analysis on Privacy and Cybersecurity Issues
Latest from Eye On Privacy - Page 2
UK ICO Uses AI In Cookie Banner Review
The UK Information Commissioner’s Office recently reported that it is continuing its review of website cookie banners. It had expressed concern late last year that these banners were not giving “fair choices” because they did not make it as easy for…
California AG Turns on CCPA Investigation of Streaming Services
To close out Data Privacy Week, California Attorney General Rob Bonta announced a new investigative sweep probing streaming apps’ and devices’ compliance with the California Consumer Privacy Act (CCPA).…
The Garden State Cultivates a Consumer Privacy Law – The First for 2024
New Jersey’s governor has signed into law the first US state comprehensive privacy law of 2024. It will go into effect January 16, 2025. For those keeping score, that puts New Jersey after Florida, Oregon, Texas (all July 1, 2024),…
Privacy Day 2024: A Look Back at Developments from 2023
From the expansion of “general privacy” laws in US states and concerns over cross-border data transfers, to global focus on artificial intelligence, surveillance and dark patterns, 2023 was a busy year. Our privacy team tracked these developments and more during…
Defense Department Outlines Its Future Cybersecurity Program
The Department of Defense published a much-anticipated Proposed Rule at the end of last year for its Cybersecurity Maturity Model Certification program. The proposed rule is our first comprehensive look at the latest iteration of the CMMC program (referred to…
CJEU Decision Will Have Impact on Potential Fine Setting Under GDPR
The Court of Justice of the European Union (CJEU) clarified in two judgments in the last month of 2023 (Deutsche Wohnen, ECLI:EU:C:2023:950 [DW] and Nacionalinis visuomenės sveikatos centras, ECLI:EU:C:2023:949 [NVSC]) the conditions under which data protection authorities…
FTC Sends Stern Reminder to AI Companies
While the US does not have some specific AI-focused law a host of regulators have been providing their thoughts about AI. Noticeable traction on the topic began in 2020. With the explosion of ChatGPT in 2023, commentary (and scrutiny) has…
Operator? I’d like to Report a Data Breach—The FCC’s Updated Data Breach Rule
After waiting 16 years for a call, the FCC is finally back on the line. Last month the FCC updated their 16-year-old data breach notification rule. The updated rule makes drastic changes to the previous FCC notification requirements. However, many…
FTC Continues Focus on Data Brokers and Sensitive Information
The FTC is beginning 2024 with a bang. Just a few short days after announcing a settlement with lead-generation company Response Tree, the FTC has announced another decision. In this latest announcement, the FTC has described this as its…