Enforcement of CPRA Regulations Delayed Until 2024
A California court order has delayed enforcement of the implementing regulations for the California Privacy Rights Act of 2020 (CPRA) until March 29, 2024. The California Superior Court of Sacramento County issued the court order on Friday, June 30 — one day before enforcement of the CPRA regulations was originally […]
One Step Closer to a European Law Regulating Artificial Intelligence
On 14 June 2023, the European Parliament adopted its negotiating position on the Artificial Intelligence (AI) Act. The European Parliament’s vote on the AI Act proposal marks a significant milestone toward the regulation of AI within the European Union, as it sets the baseline for inter-institutional negotiations, as further discussed […]
Washington State’s My Health My Data Act FAQ, Part Two – Requirements
In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive requirements. As we explained in our previous FAQ, given the MHMD’s breadth – both to which entities and data it applies – regulated entities […]
Digital Health and Connected Device Companies Be on Alert: FTC Continues to Focus on Consumer Health Information in Recent Enforcement Action
In the post-Roe era, the federal government and state governments continue to focus on consumer digital health privacy. On May 17, 2023, the Federal Trade Commission (FTC) announced a settlement with Easy Healthcare Corporation (ECH) related to its Premom Ovulation Tracker mobile application. The settlement is reflected in the terms […]
Washington State’s My Health My Data Act FAQ, Part One – Applicability and Scope
In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the most stringent privacy laws in the US, and it further complicates the already byzantine US-patchwork approach to privacy. While the MHMD […]
European Court of Justice Clarifies Rules on Damages Compensation for GDPR Breaches
On 4 May 2023, the Court of Justice of the European Union (CJEU) delivered its decision in the Österreichische Post case (Case C-300/21), in essence deciding that a mere infringement of the General Data Protection Regulation (GDPR) does not automatically lead to compensation for damages; compensation for nonmaterial damage does […]
FTC Warns to ‘Keep Your AI Claims in Check’ in New AI Guidance
On February 27, 2023, the US Federal Trade Commission (FTC) published new Business Blog guidance from Division of Advertising Practices staff about marketing claims for artificial intelligence products. While prior FTC AI guidance focused on the need to avoid using automated tools that have biased or discriminatory impacts, the latest […]
China Releases Standard Contract for Cross-Border Transfer of Personal Information
On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Measures on the Standard Contract for the Cross-Border Transfer of Personal Information, accompanied by a standard contract as a schedule. The measures will take effect on June 1, 2023, and provide a six-month grace […]
CJEU Clarifies Whether Data Protection Officers Can Perform Other Roles or Be Dismissed
On February 9, 2023, the Court of Justice of the European Union ruled in two decisions (C-453/21 and C-560/21) that a data protection officer (DPO) may have other duties within their role if there is not a conflict of interest. The CJEU also found that national provisions that allow for the […]
Digital Services Act: Online Platforms, Do Your Homework Before it’s too Late
The Digital Services Act (DSA) entered into force on November 16, 2022. This new European regulation builds on the Electronic Commerce Directive to strengthen the moderation obligations of online platforms regarding illegal content, such as racism, child pornography, counterfeiting and disinformation. Among various obligations, online platforms must remove illegal content […]