Fatal Flaws in SEC’s Amended Complaint Against SolarWinds
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and Exchange Commission (SEC) against SolarWinds and its chief information security officer (CISO), Tim Brown. Amici from the business community and the software industry, as well as […]
New Hampshire and New Jersey Pass Comprehensive Consumer Privacy Laws
The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire Privacy Act (NHPA), making New Hampshire the 14th state to enact a comprehensive privacy law. Similarly, on January 16, 2024, New Jersey Gov. Phil Murphy signed […]
NIST Unveils Cybersecurity Framework 2.0
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few significant changes: As we noted in a July 2023 blog post, NIST was required by the White House’s National Cybersecurity Strategy […]
UK Government Sets Out Approach to AI Regulation
On Tuesday, 6 February 2024, the UK government released its consultation response to its March 2023 white paper titled ‘A pro-innovation approach to AI regulation’. The response provides further details on the UK government’s approach to artificial intelligence regulation.
Inundated With Requests Under New Jersey’s Daniel’s Law?
A flood of class action lawsuits have been filed against companies alleging violations of New Jersey’s Daniel’s Law. The statute – enacted after the son of a New Jersey federal judge was fatally shot by a disgruntled lawyer – is designed to protect judicial officials, law enforcement officers, child protective […]
FTC Targets Algorithmic Discrimination in Settlement With Rite Aid
In December 2023, the Federal Trade Commission (FTC) announced a settlement with Rite Aid for the company’s use of facial recognition technology (FRT) in connection with its surveillance technologies for theft deterrence purposes. In this groundbreaking settlement, the FTC took its first enforcement action against a company for “algorithmic unfairness” […]
Washington Attorney General Publishes Updated FAQ for My Health My Data Act
Without much fanfare, the Washington attorney general’s office updated its My Health My Data (MHMD) Act guidance FAQ in January 2024. Specifically, the updated guidance states that the consumer health data privacy policy must have its own “separate and distinct link” on a regulated entity’s homepage and “may not contain […]
Changes are Expected to the EU One-Stop-Shop Mechanism
Authored by Patrick Van Eecke, Loriane Sangaré-Vayssac and Enrique Capdevila this article was originally published in Privacy Laws & Business International Report, December 2023. Patrick van Eecke, Loriane Sangaré-Vayssac and Enrique Capdevila of Cooley analyse the updated guidelines for identifying the Lead Supervisory Authority and the draft GDPR Procedural Regulation. […]
The European Data Act: New Rules for a New Age
In today’s digital age, data is the new currency. The European Union recognises this and has introduced the European Data Act, a set of new rules that will revolutionise the way data generated by connected devices is shared and used. Consumers and businesses will be able to access their devices’ data […]
EU’s Artificial Intelligence Act: The Last Stretch
On Friday, 8 December 2023, European Union lawmakers concluded a provisional agreement on the much-anticipated Artificial Intelligence Act (AI Act). The AI Act – a broad new piece of legislation governing the development, placing on the market and use of AI systems – will apply beyond the EU’s borders and […]