In the past month, legal and regulatory updates regarding children’s privacy have surged across the United States. From California’s ongoing amendments to the California Consumer Privacy Act aimed at enhancing protections for minors to recent court rulings and proposed regulations in other states, the landscape of children’s online privacy is rapidly evolving. This article provides a detailed recap of the most significant developments, including the California Age-Appropriate Design Code Act of 2022, recent actions by the U.S. Department of Justice and Federal Trade Commission against TikTok for alleged COPPA violations, and new child privacy rulemaking initiatives in New York. As these updates unfold, they underscore the ongoing tension between protecting children’s privacy and balancing other constitutional rights, such as free speech. |
|
In August 2024, global data privacy saw major shifts with new cross-border agreements like the EU-Japan EPA, Brazil’s landmark injunction on WhatsApp, a sizeable fine against Uber, and China’s identity authentication measures. Sector-specific protections tightened, especially for children’s privacy in the U.K. and facial recognition in Denmark, while formal guidance from Brazil and India clarified compliance in an evolving digital landscape. | |
As we move toward the end of 2024, it seems the time is right for an update of AI statutory developments so far this year. While the EU has once again set the standard with the EU AI Act, the 30,000-foot view in the U.S. is that while there is a lot of talk there is not a lot of action. As the case has been with the failure of Congress to pass meaningful, comprehensive data privacy legislation, it has failed to pass any meaningful AI legislation. | |
LEGISLATIVE & REGULATORY UPDATE | | |
|
Attorney General Ken Paxton Sues General Motors for Unlawfully Collecting Drivers' Private Data and Selling It To Several Companies, Including Insurance Companies
Ken Paxton
"The investigation was part of a broad data privacy and security initiative launched by Attorney General Paxton in June 2024 to ensure that companies respect Texans' privacy rights and enforce privacy protection laws."
| | |
|
Attorney General Formella Announces Creation of New Data Privacy Unit
New Hampshire DOJ
"Attorney General John M. Formella announces the creation of a new Data Privacy Unit (the "Unit") to be housed within the Consumer Protection and Antitrust Bureau of the New Hampshire Attorney General's Office. The Unit will be primarily responsible with enforcing compliance with RSA 507-H (the "New Hampshire Data Privacy Act" or the "Act")."
| | |
|
California passes landmark bill requiring easier data sharing opt outs for consumers
The Record
"California legislators on Wednesday passed a bill which requires internet browsers and mobile operating systems to allow consumers to easily opt out from the sharing and selling of their private data with websites which use it for targeted advertising. "
| | |
Dutch SA imposes a fine of 290 million euro on Uber because of transfers of drivers' data to the US
European Data Protection Board
"The Dutch Supervisory Authority (SA) started the investigation on Uber after more than 170 French Uber drivers complained to the French human rights interest group LDH, which subsequently submitted a complaint to the French SA. The French SA forwarded the complaints to the Dutch SA, which is the lead Supervisory Authority for Uber."
| |
| |
FTC Takes Action Against Security Camera Firm Verkada over Charges it Failed to Secure Videos, Other Personal Data and Violated CAN-SPAM Act
Federal Trade Commission
"The Federal Trade Commission will require security camera firm Verkada to develop and implement a comprehensive information security program to settle allegations the company failed to use appropriate informational security practices, which allowed a hacker to access customer's security cameras."
| |
| |
Italy: Garante fines Credit Agricole Autobank €1M for unlawful processing of personal data of customers
OneTrust DataGuidance
"On August 9, 2024, the Italian data protection authority (Garante) published its decision no. 304 as issued on June 6, 2024, in which it imposed a fine of €1 Million on Credit Agricole Autobank SpA (CA Autobank) following violations of the General Data Protection Regulations (GDPR)."
| |
| |
|
National Public Data confirms massive data breach included Social Security numbers
USA TODAY
"Social Security numbers, addresses, email addresses and phone numbers were in the 2.9 billion records within a data breach. Security firm Pentester.com tool tells you if your data is involved."
| | |
|
FlightAware configuration error leaked user data for years
Bleeping Computer
"Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information."
| | |
In this episode of PrivacyCafé, Richard and Jade dive into the background and significance of the Becerra case, which challenges the HHS guidance on the usage of tracking technologies by medical providers. Throughout the episode, they provide practical advice for hospitals on using tracking technologies responsibly, discuss the potential impact on ongoing and future class action lawsuits, and offer actionable tips for medical providers to ensure compliance with data privacy regulations. |
| |
In this episode, Richard and Jade discuss France’s new data privacy law permitting AI video surveillance for the Paris Olympics and its implications. During their conversation, they explore broader concerns surrounding turning France into a surveillance state and the potential future application of similar technologies at other large-scale events. |
| |
Richard Sheinis
Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.
| | |
Jade Davis
Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.
| | |
Joseph Stepina
Joseph is an Attorney in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.
|
Lea McBryde
Lea is an Attorney in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.
| | |
Savannah Avera
Savannah is an Attorney in our Atlanta office, where she protects the rights of clients in health care and cyberspace.
| | | | | |