SHARE:  

SEPTEMBER 2024

DATA ROUNDUP

In the past month, legal and regulatory updates regarding children’s privacy have surged across the United States. From California’s ongoing amendments to the California Consumer Privacy Act aimed at enhancing protections for minors to recent court rulings and proposed regulations in other states, the landscape of children’s online privacy is rapidly evolving. This article provides a detailed recap of the most significant developments, including the California Age-Appropriate Design Code Act of 2022, recent actions by the U.S. Department of Justice and Federal Trade Commission against TikTok for alleged COPPA violations, and new child privacy rulemaking initiatives in New York. As these updates unfold, they underscore the ongoing tension between protecting children’s privacy and balancing other constitutional rights, such as free speech.

Read the Blog

In August 2024, global data privacy saw major shifts with new cross-border agreements like the EU-Japan EPA, Brazil’s landmark injunction on WhatsApp, a sizeable fine against Uber, and China’s identity authentication measures. Sector-specific protections tightened, especially for children’s privacy in the U.K. and facial recognition in Denmark, while formal guidance from Brazil and India clarified compliance in an evolving digital landscape.

As we move toward the end of 2024, it seems the time is right for an update of AI statutory developments so far this year. While the EU has once again set the standard with the EU AI Act, the 30,000-foot view in the U.S. is that while there is a lot of talk there is not a lot of action. As the case has been with the failure of Congress to pass meaningful, comprehensive data privacy legislation, it has failed to pass any meaningful AI legislation.

Read the Blog
Read the Blog

LEGISLATIVE & REGULATORY UPDATE

Attorney General Ken Paxton Sues General Motors for Unlawfully Collecting Drivers' Private Data and Selling It To Several Companies, Including Insurance Companies

Ken Paxton

"The investigation was part of a broad data privacy and security initiative launched by Attorney General Paxton in June 2024 to ensure that companies respect Texans' privacy rights and enforce privacy protection laws."

Read Full Article

Attorney General Formella Announces Creation of New Data Privacy Unit

New Hampshire DOJ

"Attorney General John M. Formella announces the creation of a new Data Privacy Unit (the "Unit") to be housed within the Consumer Protection and Antitrust Bureau of the New Hampshire Attorney General's Office. The Unit will be primarily responsible with enforcing compliance with RSA 507-H (the "New Hampshire Data Privacy Act" or the "Act")."

Read Full Article

California passes landmark bill requiring easier data sharing opt outs for consumers

The Record

"California legislators on Wednesday passed a bill which requires internet browsers and mobile operating systems to allow consumers to easily opt out from the sharing and selling of their private data with websites which use it for targeted advertising. "

Read Full Article

ENFORCEMENT ACTIONS

Dutch SA imposes a fine of 290 million euro on Uber because of transfers of drivers' data to the US

European Data Protection Board

"The Dutch Supervisory Authority (SA) started the investigation on Uber after more than 170 French Uber drivers complained to the French human rights interest group LDH, which subsequently submitted a complaint to the French SA. The French SA forwarded the complaints to the Dutch SA, which is the lead Supervisory Authority for Uber."

Read Full Article

FTC Takes Action Against Security Camera Firm Verkada over Charges it Failed to Secure Videos, Other Personal Data and Violated CAN-SPAM Act

Federal Trade Commission

"The Federal Trade Commission will require security camera firm Verkada to develop and implement a comprehensive information security program to settle allegations the company failed to use appropriate informational security practices, which allowed a hacker to access customer's security cameras."

Read Full Article

Italy: Garante fines Credit Agricole Autobank €1M for unlawful processing of personal data of customers

OneTrust DataGuidance

"On August 9, 2024, the Italian data protection authority (Garante) published its decision no. 304 as issued on June 6, 2024, in which it imposed a fine of €1 Million on Credit Agricole Autobank SpA (CA Autobank) following violations of the General Data Protection Regulations (GDPR)."

Read Full Article

BREACH REPORT

National Public Data confirms massive data breach included Social Security numbers

USA TODAY

"Social Security numbers, addresses, email addresses and phone numbers were in the 2.9 billion records within a data breach. Security firm Pentester.com tool tells you if your data is involved."

Read Full Article

FlightAware configuration error leaked user data for years

Bleeping Computer

"Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information."

Read Full Article

PODCAST PORTAL

In this episode of PrivacyCafé, Richard and Jade dive into the background and significance of the Becerra case, which challenges the HHS guidance on the usage of tracking technologies by medical providers. Throughout the episode, they provide practical advice for hospitals on using tracking technologies responsibly, discuss the potential impact on ongoing and future class action lawsuits, and offer actionable tips for medical providers to ensure compliance with data privacy regulations.

Listen Now

In this episode, Richard and Jade discuss France’s new data privacy law permitting AI video surveillance for the Paris Olympics and its implications. During their conversation, they explore broader concerns surrounding turning France into a surveillance state and the potential future application of similar technologies at other large-scale events.

Listen Now

MEET OUR TEAM

Richard Sheinis


Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.

Jade Davis


Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.

Joseph Stepina


Joseph is an Attorney in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.



Lea McBryde


Lea is an Attorney in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.


Savannah Avera


Savannah is an Attorney in our Atlanta office, where she protects the rights of clients in health care and cyberspace.

Web      LinkedIn      Instagram      Facebook