US

The Biden Administration has announced the rollout of the “cybersecurity label for interconnected devices, known as the U.S. Cyber Trust Mark.” The voluntary program, which will allow providers of certain such devices to label their products with the Mark, comes after the Federal Communications Commission (FCC) approved final rules and implementing framework that will

Join SPB’s Julia Jacobson and Sasha Kiosse for a Strafford webinar on Data Privacy and Security Programs: Policies, Practices, Requirements, Latest Developments, Compliance Updates, taking place next week on Tuesday, December 17, from 1:00 pm to 2:30 pm EST.Continue Reading Join Us for a Strafford Webinar on Data Privacy and Security Programs

Nineteen states have followed the lead of California and passed consumer privacy laws.  Three went into effect this year and eight will become effective in 2025.  The remainder become effective in 2026.  Charts at the end of this post track effective dates (see Table 1) and applicability thresholds (see Table 2).  While there are many similar aspects to these laws, they also diverge from each other in material ways, creating a compliance challenge for organizations. In addition, there are other privacy laws pertaining specifically to consumer health data,[1] laws specific to children’s and minors’ personal data and not part of a comprehensive consumer privacy law,[2] AI-specific laws,[3] or laws, including part of overall consumer privacy laws, regulating data brokers[4] that enterprises need to consider. 

A recent article published by the authors in Competition Policy International’s TechReg Chronical details the similarities and differences between the 20 state consumer privacy laws and a chart at the end of this post provides a quick reference comparison of these laws (see Table 3).Continue Reading Are You Ready for The Latest U.S. State Consumer Privacy Laws?

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

The Federal Communications Commission (FCC) recently issued four orders imposing $196 million in fines against the three largest national mobile services providers in the United States (i.e., AT&T, T-Mobile, and Verizon) and Sprint, who merged with T-Mobile in 2020 (the “Mobile Providers”).[1] The FCC fined them for sharing customer location information with third parties without prior customer consent and then failing to take reasonable measures to protect that information against unauthorized disclosure. Although AT&T, T-Mobile, and Verizon suspended in 2019 the specific programs that gave rise to the fines, the Forfeiture Orders stand as the definitive guidance from the FCC on the treatment of customer location information under Section 222 of the Communications Act and the FCC’s rules regulating access to “customer proprietary network information” or “CPNI.” They also provide a window into upcoming debates and possible additional FCC actions.Continue Reading FCC Fines National Mobile Providers for Sharing Customer Location Information: What Are the Lessons and What to Expect in this New Era of FCC Mobile Data Privacy Oversight

The recently released discussion draft of the American Privacy Rights Act rejects the opt-out approach to targeted advertising in 17 state consumer privacy laws, and instead requires express affirmative opt-in consent for tailoring online ads based on a specific viewer’s interests and activities, akin to the prevailing European approach.  In a guest post published earlier

1. Introduction

The Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law has been concluded by the Council of Europe (CoE) Committee on Artificial Intelligence on March 24, 2024, finally landing a decisive blow with a provisional agreement on the text of a treaty on artificial intelligence and human rights (Treaty).

This Treaty is the first of its kind and aims to establish basic rules to govern AI that safeguard human rights, democratic values and the rule of law among nations. As a CoE treaty, it is open for ratification by countries worldwide. It is worth noting that in this epic battlefield, apart from the CoE members in one corner of the global arena, on the opposite corner, representing various nations like the US, the UK, Canada and Japan, we have the observers, eyeing the proceedings, ready to pounce with their influence. Although lacking voting rights, their mere presence sends shockwaves through the negotiating ring, influencing the very essence of the Treaty.Continue Reading Heavyweight Fight, Did the US or EU KO the AI Treaty?

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

China Finalizes New Regulations to Relax Personal Data Exports from China | Privacy World

Squire Patton Boggs Lawyers to Present