Data Privacy

The Federal Communications Commission (FCC) has formally proposed for public comments new net neutrality rules that—if adopted—will impact both internet service providers (ISPs) and the entities that provide content, applications, services and devices accessed over the internet (i.e., “edge providers”). The move comes only weeks after Chairwoman Jessica Rosenworcel obtained a Democratic majority with the swearing-in of Commissioner Anna Gomez on September 25, 2023.

For ISPs, the Notice of Proposed Rulemaking (NPRM) is deja vu. The NPRM largely tracks the net neutrality rules the FCC adopted in 2015, based on reclassifying broadband internet access (BIAS) as a telecommunications service under Title II of the Communications Act. As in 2015, the NRPM proposes prohibiting blocking and throttling lawful traffic (subject to a reasonable network management practice exception) and paid prioritization by third parties (i.e., paying ISPs to prioritize traffic routing). It also proposes to adopt a general conduct standard that would mimic the 2015 rules by prohibiting any unreasonable interference with an end user’s ability to use BIAS to access services or content or to use devices.Continue Reading Net Neutrality 2.0: The FCC Revives Net Neutrality Emphasizing Concerns with Data Privacy, Cybersecurity and National Security

Originally posted on Squire Patton Boggs’ Global IP and Technology blog by David Elkins.

The U.S. is generally viewed as “behind” in its regulation of AI compared to the European Union and Asian countries. Yet ChatGPT’s release triggered a tsunami of U.S. legislation in 2023 from federal and state legislators seeking to address perceived concerns with the emerging and fast evolving technology. State legislatures have introduced nearly 200 AI bills in 2023. Congress does not have nearly that number of AI bills, with about 30 bills tabled thus far. The various pieces of U.S. legislation – federal or state – seek to regulate both the creation of AI models and how those models may be used.Continue Reading Federal Policymakers: Chasing the Runaway AI Train

As courts throughout the country wrestle with Article III standing in Session Replay Code cases alleging violations of wiretapping laws, consumer protection statutes and privacy torts, another federal court from the Eastern District of Missouri has joined those recently holding that a plaintiff must allege the sharing of some type of personal or sensitive information on the website in question in order to adequately alleged a concrete harm supporting Article III standing. Where the plaintiff failed to do so, the Court found Plaintiff failed adequately allege a concrete harm and dismissed her putative class action complaint for lack of standing in Adams v. PSP Group, LLC, No. 4:22-CV-1210 RLW, 2023 WL 5951784, — F. Supp.3d —- (E.D. Mo. September 13, 2023).Continue Reading Missouri Federal Court Declines to Transfer Case to Join Session Replay Class Actions in Washington and Dismisses Case for Plaintiff’s Failure to Allege Standing

Following Europe’s lead, 12 states now, or soon will, require personal data practice assessments be conducted and documented, and be available for inspection (and California is considering mandatory filing requirements). Potential fines for noncompliance could be significant. The risks of other regulated or high-risk data practices like artificial intelligence, children’s data processing and digital health data

We are pleased to announce that Alan Friel and Julia Jacobson will be speaking in an upcoming Strafford live video webinar, Consumer Data Transfers Under New Privacy Laws: Contracting Requirements; Due Diligence; Vendor Management, Best Practices for Drafting and Modifying Documents to Ensure Continued Compliance With Ever-Evolving Privacy Laws on Tuesday, October 10, 2023 from

Since our July 13 post about the European Commission’s formal adoption of the EU-U.S. Data Privacy Framework (EU DPF), members of our Data Privacy, Cybersecurity & Digital Assets Practice have been hard at work helping clients prepare for and complete the certification process. We prepared for our readers answers to some of the most frequently asked questions we have received over the past few months.Continue Reading You have Questions, We have Answers: Data Privacy Framework FAQs

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Fewer Clouds on … Cloud: The EU to (Finally) Drop Most Data Localisation Requirements in the EUCS | Privacy World

According to the latest draft of the EU cybersecurity certification scheme for cloud services (EUCS), dated August 2023 (leaked by POLITICO), the data localisation requirement, which was heavily criticised by the industry, will now apply only to the highly critical “high+” level. Data localisation would, should the EUCS be approved as such, not apply to the category 3 (“high”) level. This might not be the end of a debate that has run wild between industry (with major cloud providers unkeen with the idea) on one side and some member states defending some level of sovereignty, such as France, Italy and Spain, and EU institutions (such as the European Data Protection Board and ENISA) on the other one.Continue Reading Fewer Clouds on … Cloud: The EU to (Finally) Drop Most Data Localisation Requirements in the EUCS

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

China Generative AI New Provisional Measures | Privacy World

Red Hot Enforcement Summer: No Vacation for California and Colorado Privacy

As many of our readers know, keeping up with new developments in the privacy landscape is sometimes like drinking from a firehose. With respect to privacy enforcement, particularly in California and Colorado, the hose was turned on June 30th and has been running all summer long. This barrage of information has left unanswered questions for many. What does the delay in enforcement of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CPRA) (together, CCPA) regulations really mean? What am I required to comply with as of today? What are regulators already focusing on in their privacy enforcement efforts this summer?Continue Reading Red Hot Enforcement Summer: No Vacation for California and Colorado Privacy Regulators