On October 3, 2024, the European Commission published a report evaluating the effectiveness of existing EU consumer protection laws in protecting consumers in the digital space. More specifically, the report assesses the effectiveness of the following three consumer protection laws:
Inside Privacy
Updates on developments in data privacy and cybersecurity
California Passes Law to Protect Minors from “Addictive Feeds”
On September 20, 2024, California Governor Newsom signed into law SB 976, the Protecting Our Kids from Social Media Addiction Act (the “Act”). The Act defines and prohibits an “addictive internet-based service or platform” from providing an “addictive feed”…
California Enacts Health AI Bill and Protections for Neural Data
What to expect from the UK’s Cyber Security and Resilience Bill (and when)
The UK Government has announced that it intends to introduce the Cyber Security and Resilience Bill (the “Bill”) to Parliament in 2025. Formally proposed as part of the King’s Speech in July, this Bill is intended to strengthen the UK’s…
HHS OCR Settles Ransomware Cybersecurity Investigation for $250,000
On September 26, 2024, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS OCR”) announced that it had settled its cybersecurity investigation with Cascade Eye and Skin Centers, P.C. (“Cascade”), a privately-owned health care provider in…
The EU Considers Changing the EU AI Liability Directive into a Software Liability Regulation
Now that the EU Artificial Intelligence Act (“AI Act”) has entered into force, the EU institutions are turning their attention to the proposal for a directive on adapting non-contractual civil liability rules to artificial intelligence (the so-called “AI Liability Directive”). …
EU Commission Announces New SCCs for International Transfers to Non-EU Controllers and Processors Subject to the GDPR
On September 12, 2024, the European Commission announced that it will launch a public consultation on additional standard contractual clauses for international transfers of personal data to non-EU controllers and processors that are subject to the EU GDPR extra-territorially (“Additional…
CISA and FBI Publish a Secure by Design Alert to Eliminate Cross-Site Scripting Vulnerabilities
On September 17, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) and the Federal Bureau of Investigation (“FBI”) published a Secure by Design Alert, cautioning senior executives and business leaders to be aware of and work to eliminate…
Brazil Issues New Regulation on International Data Transfers
On August 23, 2024, the Brazilian Data Protection Authority (“ANPD”) published Resolution 19/2024, approving the Regulation on international data transfers and the content of standard contractual clauses (the “Regulation”). The Regulation implements the international data transfer framework under the…
FTC Issues Final Rule on Reviews and Testimonials
On August 14, the FTC announced a final rule that, according to the FTC, is intended to “combat fake reviews and testimonials.” The rule will go into effect on October 21, 2024. This final rule is the culmination of the…