Data Privacy

Today at a panel before the International Association of Privacy Professionals (“IAPP”) – Europe Data Protection Congress in Brussels, leading European Union (“EU”) data protection authority commissioners cast doubt on the notion that there could ever be a lawful basis for targeted advertising based on behavioral profiling, referred to often as interest-based advertising (“IBA”).Continue Reading Privacy Challenges for Digital Advertising, Particularly in Europe


The Online Safety Act (“OSA”) aims to make the internet a safer place, protecting adults and children from illegal and harmful content by making online service providers such as social media companies more accountable for content published on their sites[1]. Despite the positive intentions, the OSA may have unintended consequences. In particular, service providers will face the difficult task of balancing the duty to protect users from illegal and harmful content against the duty to protect freedom of expression.

The OSA became law on 26 October 2023.Continue Reading The Online Safety Act: Does this present a difficult balancing act for online service providers?

In November 2023, the National Commission on Informatics and Liberty (CNIL), the French data protection authority, has announced having issued 10 new sanctions under its new simplified procedure following complaints with respect to geolocation of vehicles and video surveillance of employees, data minimization, right to object and lack of response to CNIL requests.

The New

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Two Significant AI Announcements:  Spooky for AI Developers? | Privacy World

Last Chance to Register for In-Person CLE: The Important

According to the 2023 ACC CLO Survey, legal teams are facing unique and growing data-related challenges in this ever-changing regulatory and threat landscape. Data requirements for privacy and compliance continue to become more complex and confusing and the risk of resulting litigation continues to rise.

Join team SPB, in partnership with Exterro, in a

We have limited places left at our in-person roundtable which will gather a select group of industry leaders to enable a high-level discussion focused on the legal and public policy challenges surrounding the EU’s proposed Artificial Intelligence Act, AI Code of Conduct and AI Pact. This will be an opportunity to discuss shared issues and

Last week, the House of Representatives’ Committee on Energy and Commerce kicked off its first in a series of hearings surrounding the burgeoning topic of artificial intelligence (AI) with a hearing titled “Safeguarding Data and Innovation: Building the Foundation for the Use of Artificial Intelligence.”

While this was the first AI-focused Energy and Commerce hearing

Data breaches are an all-too-familiar issue, affecting businesses of all sizes and across all industries. Beyond dealing with the operational and reputational impacts and other resulting fallouts of a data breach, businesses also face enhanced class action litigation risk.

A recent high-profile case serves as a valuable reminder that companies should consider reliance upon a well-established mechanism of mitigating class action litigation risk. In In re Marriott International, Inc., Consumer Data Security Breach Litig., 78 F.4th 677 (4th Cir. 2023), the Fourth Circuit Court of Appeals reversed the district court’s certification order in a data breach class action dispute due to the effect of a class action waiver signed by all putative class members. The Marriott decision demonstrates how class action waivers can be utilized as a core strategy for mitigating heightened data breach litigation risks.Continue Reading Recent Marriott Data Breach Class Action Decision Underscores the Importance of Class Action Waivers

The Federal Communications Commission (FCC) has formally proposed for public comments new net neutrality rules that—if adopted—will impact both internet service providers (ISPs) and the entities that provide content, applications, services and devices accessed over the internet (i.e., “edge providers”). The move comes only weeks after Chairwoman Jessica Rosenworcel obtained a Democratic majority with the swearing-in of Commissioner Anna Gomez on September 25, 2023.

For ISPs, the Notice of Proposed Rulemaking (NPRM) is deja vu. The NPRM largely tracks the net neutrality rules the FCC adopted in 2015, based on reclassifying broadband internet access (BIAS) as a telecommunications service under Title II of the Communications Act. As in 2015, the NRPM proposes prohibiting blocking and throttling lawful traffic (subject to a reasonable network management practice exception) and paid prioritization by third parties (i.e., paying ISPs to prioritize traffic routing). It also proposes to adopt a general conduct standard that would mimic the 2015 rules by prohibiting any unreasonable interference with an end user’s ability to use BIAS to access services or content or to use devices.Continue Reading Net Neutrality 2.0: The FCC Revives Net Neutrality Emphasizing Concerns with Data Privacy, Cybersecurity and National Security

Originally posted on Squire Patton Boggs’ Global IP and Technology blog by David Elkins and Stacy Swanson.

The U.S. is generally viewed as “behind” in its regulation of AI compared to the European Union and Asian countries. Yet ChatGPT’s release triggered a tsunami of U.S. legislation in 2023 from federal and state legislators seeking to address perceived concerns with the emerging and fast evolving technology. State legislatures have introduced nearly 200 AI bills in 2023. Congress does not have nearly that number of AI bills, with about 30 bills tabled thus far. The various pieces of U.S. legislation – federal or state – seek to regulate both the creation of AI models and how those models may be used.Continue Reading Federal Policymakers: Chasing the Runaway AI Train