Category: Policy & Legislation

California Legislature Passes Children’s Privacy Bills

California’s legislature adjourned for the year on August 31, 2022, after passing two notable children’s privacy bills: the California Age-Appropriate Design Code Act and the Student Test Taker Privacy Protection Act, both of which now await the governor’s signature.

California Legislature Declines to Extend the CCPA’s HR and B2B Exemptions

Last week, the California Legislature adjourned its 2022 legislative session without passing proposed legislation (AB 2871, AB 2891, SB 1454, AB 1102) that would have extended or made permanent exemptions under the California Consumer Privacy Act (CCPA) applicable to personal information collected in human resources (HR) and business-to-business (B2B) contexts. […]

FTC Proposes Change in Regulation, Enforcement of Data Collection and Security

Key Takeaways On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed “commercial surveillance,” which it broadly defines as the “collection, aggregation, analysis, retention, transfer, […]

Europe Takes Position on Sending Personal Data to Russia

On 12 July 2022, the European Data Protection Board (EDPB) adopted Statement 02/2022 on Personal Data Transfers to the Russian Federation, in which it confirmed that data transfers to Russia require a data transfer impact assessment (DTIA). A DTIA is a case-by-case evaluation that determines whether a specific data transfer […]

US Legislative Developments in Children’s Privacy

“It’s time to strengthen privacy protections, ban targeted advertising to children, [and] demand tech companies stop collecting personal data on our children.” – President Joe Biden, State of the Union, March 1, 2022 On May 19, 2022, the Federal Trade Commission publicly renewed its focus on children’s privacy . In […]

Breach of Patients’ Data Leads to Heavy Sanctions in France

At the end of February 2021, the French Data Protection Authority (CNIL) found out via the media about a massive personal data breach involving health-related data of about 500,000 French patients. After more than a year of investigation, CNIL has published its decision (available in French only) imposing a fine […]

Companies Respond to SEC’s Proposed Cybersecurity Disclosure Framework

As we reported in our March 2022 client alert, the Securities and Exchange Commission released proposed cybersecurity reporting rules and solicited feedback through a 60-day comment period. The comment period ended on May 9, 2022, and the SEC received 100+ comments from business, legal, nonprofit and government sectors. While the […]

EU Data Governance Act: Europe Regulating Big Data

What you need to know in a nutshell The Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance will go by its short name: Data Governance Act (DGA). The DGA was published in the Official Journal of the European Union […]

FTC Commissioners Ponder Future of Section 13(b) and Alternative Enforcement Mechanisms

Nearly a year after the Supreme Court stripped the FTC of its ability to obtain equitable monetary relief under Section 13(b) of the Federal Trade Commission Act (FTCA) in AMG Capital Management LLC v. FTC, the Commission convened an open meeting to discuss the impact of this decision on their activities, […]

Part 3: PIPL’s Localization Requirements and Restrictions on Responding to Foreign Judicial and Enforcement Agencies

Localization requirements China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that reaches “the threshold specified by” the Cyberspace Administration of China (CAC) store personal information collected and generated in China locally.[1] […]