Digital Health and Connected Device Companies Be on Alert: FTC Continues to Focus on Consumer Health Information in Recent Enforcement Action
In the post-Roe era, the federal government and state governments continue to focus on consumer digital health privacy. On May 17, 2023, the Federal Trade Commission (FTC) announced a settlement with Easy Healthcare Corporation (ECH) related to its Premom Ovulation Tracker mobile application. The settlement is reflected in the terms […]
Washington State’s My Health My Data Act FAQ, Part One – Applicability and Scope
In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the most stringent privacy laws in the US, and it further complicates the already byzantine US-patchwork approach to privacy. While the MHMD […]
European Court of Justice Clarifies Rules on Damages Compensation for GDPR Breaches
On 4 May 2023, the Court of Justice of the European Union (CJEU) delivered its decision in the Österreichische Post case (Case C-300/21), in essence deciding that a mere infringement of the General Data Protection Regulation (GDPR) does not automatically lead to compensation for damages; compensation for nonmaterial damage does […]
China Releases Standard Contract for Cross-Border Transfer of Personal Information
On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Measures on the Standard Contract for the Cross-Border Transfer of Personal Information, accompanied by a standard contract as a schedule. The measures will take effect on June 1, 2023, and provide a six-month grace […]
CJEU Clarifies Whether Data Protection Officers Can Perform Other Roles or Be Dismissed
On February 9, 2023, the Court of Justice of the European Union ruled in two decisions (C-453/21 and C-560/21) that a data protection officer (DPO) may have other duties within their role if there is not a conflict of interest. The CJEU also found that national provisions that allow for the […]
Considering Texting About Work? Beware.
As the rise in remote work has led to an increased reliance on mobile devices to stay connected – with cellphones at our fingertips virtually 24/7 – the use of third-party messaging applications to communicate about work has become commonplace. From WhatsApp to Telegram, corporate executives, financial services professionals and […]
California Supreme Court Boosts Policyholders Seeking Coverage for Privacy Class Actions
Key takeaways In a recent opinion, the California Supreme Court ruled in favor of California-based tech giant Yahoo in a multiyear legal battle with the National Union Fire Insurance Company of Pittsburgh, Pennsylvania. The insurer had refused to defend Yahoo against five class action lawsuits alleging Yahoo violated provisions of […]
European Commission Approves Trans-Atlantic Data Privacy Framework
On 13 December 2022, the European Commission issued a draft adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from EU to US companies. Approved by the US following President Joe Biden’s executive order in October 2022, the framework is […]
Cooley Privacy Talks: Key Things to Know About Data Protection Laws in China
This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data […]
California Legislature Passes Children’s Privacy Bills
Update: Governor Newsom signed the California Age-Appropriate Design Code Act into law on September 14, 2022 and signed the Student Test Taker Privacy Protection Act into law on September 28, 2022. California’s legislature adjourned for the year on August 31, 2022, after passing two notable children’s privacy bills: the California […]