On March 8, 2024, the California Privacy Protection Agency Board discussed and voted 3-2 in favor of further edits to revised draft regulations regarding risk assessments and automated decisionmaking technology, which were released in February 2024, but did not initiate
Privacy & Information Security Law Blog
Global Privacy and Cybersecurity Law Updates and Analysis
Latest from Privacy & Information Security Law Blog - Page 2
FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
On March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules went into effect.…
CJEU Rules That Oral Disclosure May Be Considered as Processing of Personal Data Under the GDPR
On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of Endemol Shine (Case C‑604/22). In this case, the CJEU was called upon to assess whether oral disclosure of information could be…
New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law
On March 6, 2024, Governor Chris Sununu signed into law SB 255, making New Hampshire the 15th state with a comprehensive state privacy law. This blog entry provides a summary of the new law.…
European Parliament Approves the AI Act
On March 13, 2024, the European Parliament adopted the AI Act by a majority of 523 votes in favor, 461 votes against, and 49 abstentions. The AI Act will introduce comprehensive rules to govern the use of AI in the…
FTC Hosts Annual PrivacyCon Event on March 6, 2024
The Federal Trade Commission held its eighth annual privacy conference, PrivacyCon, on March 6, 2024. The goal of PrivacyCon is to assemble researchers, academics, industry representatives, consumer advocates and government regulators to consider and discuss cutting-edge research and trends related…
FTC Chair Asserts Certain Sensitive Data Should Be Excluded from Training AI Models
As reported by Bloomberg Law, on February 27, 2024, at RemedyFest, a conference hosted by Bloomberg Beta and Y Combinator, Federal Trade Commission Chair Lina Khan said that sensitive personal data that is linked to health, geolocation and web browsing…
CJEU Rules on IAB Europe’s Transparency and Consent Framework
On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with…
DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors
President Biden recently released an Executive Order “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”…
College Board Agrees to Settle with the New York Attorney General Over Student Data Privacy
New York Attorney General Letitia James and New York State Education Department Commissioner Betty A. Rosa recently announced that College Board has agreed to settle charges in connection with allegations that it violated New York Education Law § 2-d, New…