Category: Policy & Legislation
EU Collective Redress Directive: What Services Companies Need to Know (Part One)
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent in the EU, companies offering platforms, products, and services in both jurisdictions will benefit from implementing and maintaining a coordinated global class action […]
Understanding Washington’s My Health My Data (MHMD) Act: Applicability, Scope and Requirements
On January 31, 2024, Cooley lawyers Brooke Fritz and Andrew Epstein led a virtual presentation on Washington state’s My Health My Data (MHMD) Act. Below are some key highlights from the discussion. The MHMD Act’s origins and purposes:In an effort to close the “gap” that exists between consumer knowledge and […]
CISA Opens Notice and Comment Process on CIRCIA Draft Regulations
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed into law in 2022 by President Joe Biden, CIRCIA required CISA to […]
Washington State’s My Health My Data Act FAQ, Part Three – Enforcement Risks
In Part Three of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to the MHMD Act’s enforcement risks – including the much-feared private right of action. Given the MHMD Act’s broad scope, its private right of action, the potential for large certified […]
New Hampshire and New Jersey Pass Comprehensive Consumer Privacy Laws
The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire Privacy Act (NHPA), making New Hampshire the 14th state to enact a comprehensive privacy law. Similarly, on January 16, 2024, New Jersey Gov. Phil Murphy signed […]
NIST Unveils Cybersecurity Framework 2.0
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few significant changes: As we noted in a July 2023 blog post, NIST was required by the White House’s National Cybersecurity Strategy […]
UK Government Sets Out Approach to AI Regulation
On Tuesday, 6 February 2024, the UK government released its consultation response to its March 2023 white paper titled ‘A pro-innovation approach to AI regulation’. The response provides further details on the UK government’s approach to artificial intelligence regulation.
Inundated With Requests Under New Jersey’s Daniel’s Law?
A flood of class action lawsuits have been filed against companies alleging violations of New Jersey’s Daniel’s Law. The statute – enacted after the son of a New Jersey federal judge was fatally shot by a disgruntled lawyer – is designed to protect judicial officials, law enforcement officers, child protective […]
FTC Targets Algorithmic Discrimination in Settlement With Rite Aid
In December 2023, the Federal Trade Commission (FTC) announced a settlement with Rite Aid for the company’s use of facial recognition technology (FRT) in connection with its surveillance technologies for theft deterrence purposes. In this groundbreaking settlement, the FTC took its first enforcement action against a company for “algorithmic unfairness” […]
Washington Attorney General Publishes Updated FAQ for My Health My Data Act
Without much fanfare, the Washington attorney general’s office updated its My Health My Data (MHMD) Act guidance FAQ in January 2024. Specifically, the updated guidance states that the consumer health data privacy policy must have its own “separate and distinct link” on a regulated entity’s homepage and “may not contain […]