On March 14, 2024, the Court of Justice of the EU (“CJEU”) ruled that EU supervisory authorities have the (corrective) power to order data controllers who have been found to process personal data unlawfully to erase such personal data, even
Inside Privacy
Updates on developments in data privacy and cybersecurity
Blog Authors
Latest from Inside Privacy
EU Parliament Adopts AI Act
Earlier this week, Members of the European Parliament (MEPs) cast their votes in favor of the much-anticipated AI Act. With 523 votes in favor, 46 votes against, and 49 abstentions, the vote is a culmination of an effort that began…
California Privacy Protection Agency Takes Next Step on New Automated Decision-Making Regulations and Privacy Risk Assessments
At its March 8, 2024 meeting, the Board of the California Privacy Protection Agency (“CPPA”) moved, by a 3-2 vote, to advance proposed regulations addressing automated decision-making technology (“ADMT”) and risk assessments for the processing of personal information. Notably, the…
The Cyber Resilience Act is One Step Closer to Becoming Law
Yesterday, the European Parliament approved the Cyber Resilience Act (“CRA”), which sets out cybersecurity requirements for “products with digital elements” (“PDEs”) placed on the EU market. The term PDE is defined broadly to include both hardware and software products, such…
EDPB’s 2024 Coordinated Enforcement Action on the Access Right: What Can You Expect?
On February 28, the European Data Protection Board (“EDPB”) announced that EU supervisory authorities (“SAs”) will undertake a coordinated enforcement action in 2024 regarding data subjects’ right of access under the GDPR. For context, the EDPB selects a particular topic…
California Attorney General Announces Second CCPA Settlement
The California Attorney General recently announced a settlement with DoorDash to resolve allegations that DoorDash violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). …
FTC Returns to Bipartisan Commission with Confirmation of Two New Republican Commissioners
On Thursday, March 7, 2024, the U.S. Senate confirmed two nominees for the open seats on the Federal Trade Commission: Andrew N. Ferguson, former solicitor general of the Commonwealth of Virginia; and Melissa Holyoak, former solicitor general with the Utah…
Senator Cassidy Issues White Paper with Proposals to Update Health Data Privacy Framework – Part 2: Safeguarding Health Data Not Covered by HIPAA
Senator Bill Cassidy (R-LA), the Ranking Member of the U.S. Senate Health, Education, Labor, and Pensions (“HELP”) Committee, published on February 21, 2024, a white paper with various proposals to update privacy protections for health data. In Part 1 of…
UK ICO Launches a Consultation on “Consent or Pay” Business Models
On 6 March 2024, the ICO issued a call for views on so-called “Consent or pay” models, where a user of a service has the option to consent to processing of their data for one or more purposes (typically targeted…
European Court Clarifies Concept of Personal Data
On March 7, 2024, the European Court of Justice (“CJEU”) rendered its judgment in an appeal against a decision of the EU General Court (C-479/22P). In the original decision, the General Court decided that the information contained in…