Tag: data privacy

Washington State’s My Health My Data Act FAQ, Part Three – Enforcement Risks

In Part Three of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to the MHMD Act’s enforcement risks – including the much-feared private right of action. Given the MHMD Act’s broad scope, its private right of action, the potential for large certified […]

Washington Attorney General Publishes Updated FAQ for My Health My Data Act

Without much fanfare, the Washington attorney general’s office updated its My Health My Data (MHMD) Act guidance FAQ in January 2024. Specifically, the updated guidance states that the consumer health data privacy policy must have its own “separate and distinct link” on a regulated entity’s homepage and “may not contain […]

China Loosens Cross-Border Data Transfer Controls

On September 28, 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Promoting Cross-Border Data Flows (see the Chinese version and the unofficial English translation) for public comments. The commenting period ends on October 15, 2023. While this draft is subject to change after the commenting […]

UK-US Data Bridge Gets Green Light

Closely following the establishment of the EU-US Data Privacy Framework (DPF) – see our July 2023 post – the UK has now agreed to an extension for the transfer of personal data from the UK to the US, known as the UK Extension to the EU-US Data Privacy Framework, or […]

CFPB Announces Plans to Extend FCRA to Data Brokers through Rulemaking

At an August 15, 2023, White House roundtable, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced plans to issue rules that would extend the Fair Credit Reporting Act (FCRA) to certain “data broker practices.” This announcement and a concurrently issued fact sheet come on the heels of a March […]

Transatlantic Data Economy Simplified: European Commission Adopts Adequacy Decision for EU-US Data Privacy Framework

On 10 July 2023, the European Commission adopted its adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from the European Union (EU) to US companies. Approved by the US following President Joe Biden’s executive order in October 2022, the framework […]

Washington State’s My Health My Data Act FAQ, Part Two – Requirements 

In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive requirements. As we explained in our previous FAQ, given the MHMD’s breadth – both to which entities and data it applies – regulated entities […]

European Commission Approves Trans-Atlantic Data Privacy Framework

On 13 December 2022, the European Commission issued a draft adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from EU to US companies. Approved by the US following President Joe Biden’s executive order in October 2022, the framework is […]

FTC Requires App Developer to Obtain Users’ Express Consent for Use of Facial Recognition

The Federal Trade Commission announced on January 11 that Everalbum, the developer of the photo storage application called Ever, settled allegations that it deceived users about its use of facial recognition technology and retained photos and videos from users who had deactivated their accounts in violation of its own privacy policy. […]