Photo of Julia Jacobson

Julia Jacobson

Online privacy and safety of children and teens are hot legislative topics this year. In a companion post we provide an update of federal and state legislative efforts to fundamentally change how online content and advertising are delivered to children and teens. We have previously discussed legislation in California and Connecticut to require assessments of online privacy impacts on minors. In this post we focus on proposed regulatory and legislative changes to the 1998 Children’s Online Privacy Protection Act (COPPA) (effective in 2000) and its corresponding regulations (COPPA Rule), which were last updated in 2013.Continue Reading Federal Children’s Privacy Requirements to Be Updated and Expanded

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready

The first month of 2024 brought two new state privacy laws. On January 18, the New Hampshire legislature passed the 15th US state consumer privacy law (notably, still subject to some procedural requirements and signature by Governor Chris Sununu before it is officially law). The New Hampshire law was passed a few days after New Jersey’s new consumer privacy law (Approved P.L.2023, c.266) was signed into law on January 16. 

Both new state consumer privacy laws follow the now-familiar format, offering consumer privacy rights and requiring role-based data processing agreements, but with a few notable differences. A more detailed comparison follows.Continue Reading New Jersey and New Hampshire Pass Consumer Privacy Laws – and 11 Other States Are Considering Similar Laws

Most U.S. public companies are gearing up to prepare and file their annual reports (Forms 10-K) between February 29th and April 1st.  This year’s preparations will be busier because the Regulations on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (Cyber Risk Regulations) issued by the Securities and Exchange Commission’s (SEC) are now in force. Continue Reading FBI and DOJ Issue Guidance on SEC Incident Reporting Delay Requests

On Devil’s Night Day, two significant AI developments were announced. First, the White House’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (“AI EO”)Second, the Group of 7 (“G-7”) announced its International Guiding Principles on Artificial Intelligence (“G-7 Principles”) and companion Code of Conduct for AI Developers (“G-7 Code”). All are three broad strokes – the devil will be in the details. 

Following is a short summary of each but please check back soon for more analysis and key takeaways for businesses and their AI governance programs.Continue Reading Two Significant AI Announcements:  Spooky for AI Developers?

Mr. Philippe Latombe, a French member of Parliament, beat privacy activist Max Schrems to the punch! Despite Mr. Schrems’ many statements against the EU-US Data Privacy Framework (DPF), Mr. Latombe was the first to file a request in the EU’s General Court to seek the annulment of the DPF and, separately, an interim measure to suspend

The UK government has published its “adequacy decision” to allow transfers of personal data from the UK to U.S. businesses that have completed certification to the EU-U.S. Data Privacy Framework (DPF). The UK’s adequacy decision creates a “UK Extension” to the DPF that takes effect on October 12, 2023, a little more than three months after the EU’s adoption of DPF. (Please see our DPF FAQS for more information about DPA.)Continue Reading The UK Adequacy Decision for the EU-U.S. Data Privacy Framework

Since our July 13 post about the European Commission’s formal adoption of the EU-U.S. Data Privacy Framework (EU DPF), members of our Data Privacy, Cybersecurity & Digital Assets Practice have been hard at work helping clients prepare for and complete the certification process. We prepared for our readers answers to some of the most frequently asked questions we have received over the past few months.Continue Reading You have Questions, We have Answers: Data Privacy Framework FAQs

On July 10, the European Commission formally adopted the EU-U.S. Data Privacy Framework (DPF). The Commission’s adequacy decision (and the documentation package accompanying it, including the FAQ) brings welcome news: for certified DPF participants, personal data can flow between the European Economic Area (EEA) and the United States (U.S.

With Gov. Abbot’s recent signing of the Securing Children Online through Parental Empowerment Act (SCOPE Act), Texas joins Arkansas and Utah (see our blogs here and here) in requiring age verification and parental consent before allowing minors to create accounts on social media platforms. Two key differences among these laws are (i) the SCOPE Act’s scope, which is broader than the other two state laws; and (ii) the duty imposed by the SCOPE Act to prevent harm to minors by preventing their exposure to “harmful material.”  To define “harmful material,” the SCOPE Act borrows from a different Texas law which defines it as material that “taken as a whole” (i) appeals to the prurient interest of a minor in sex, nudity, or excretion, (ii) is patently offensive to prevailing standards in the adult community as a whole with respect to what is suitable for minors, and (iii) is utterly without redeeming social value for minors.Continue Reading Texas Two-Steps into the Childrens Privacy Dance: The Securing Children Online through Parental Empowerment Act