In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Data Protection Impact Assessments: Are You Ready? | Privacy World
This year has widened the landscape of consumer privacy protections, with dozens of comprehensive privacy bills moving through state legislatures and becoming enacted. So far in 2023, Iowa’s Act Relating to Consumer Data Protection (“Iowa Privacy Law”) and Indiana’s Consumer Data Protection Act (“ICDPA”) were signed into law. These two laws join the Virginia Consumer Data Protection Act (“VCDPA”), California Privacy Rights Act (“CPRA”), Colorado Privacy Rights Act (“CPA”), Connecticut’s Public Act No. 22-15 (“CTPA”), and Utah Consumer Privacy Act (“UCPA”) in the state comprehensive consumer privacy law framework. The Iowa Privacy Law becomes effective on January 1, 2025, and the ICDPA becomes effective on July 1, 2026. The VCDPA and CPRA (amending the California Consumer Privacy Act or “CCPA”) went into effect on January 1, 2023, while the CPA and CTPA go into effect on July 1, 2023. The UCPA will go into effect December 31, 2023.
Continue Reading Data Protection Impact Assessments: Are You Ready?
On May 18th, Scott Warren, Partner, Tokyo/Shanghai, will be speaking at the Legal Plus 3rd Annual Asia International Arbitration and Competition Law Summit held in Hong Kong on the topic “China’s New Personal Data Export Restrictions: Are You Ready?” Scott is speaking from 2:40-3:00 p.m. Hong Kong time on the challenges
Stephanie Faber will be speaking at the 3rd Annual France-Singapore Symposium on Law and Business which will take place in Paris on May 11-12, 2023.
The symposium is organized by the Singapore Academy of Law, Embassy of France in Singapore in collaboration with Paris Bar, the Université Paris 1 Panthéon-Sorbonne, the Asian Business Law
Florida is the latest state to pass a consumer privacy bill, pending Governor DeSantis’ signature, that will go into full effect on July 1, 2024.
While the Florida Digital Bill of Rights found in S.B. 262 provides similar rights as the other state laws going into effect, it also differs in important and significant ways. The primary difference is the definition of a “controller.” A controller must have $1 billion in global gross revenue (a significant departure from the $25 million dollar requirement in other states), and at least one of the following: i) 50% of global gross revenue coming from the sale of advertisements online; ii) operates a consumer smart speaker and voice command service; or iii) operates an app store or digital distribution platform with at least 250,000 different software applications. Based on these threshold requirements, most of the bill is clearly intended to target only a select group of businesses. However, there are obligations placed on businesses that don’t meet the full definition of a controller in Section 501.715, as we discuss below.
Continue Reading Florida Joins the Privacy Pack with an Opt-In to Sale of Sensitive Data
On May 8, 2023, the Online Criminal Harms Bill[1] (Bill) was introduced for its first reading in Singapore’s Parliament.
The Bill empowers a competent public authority[2] to issue any of five distinct types of directions:
Continue Reading Singapore Introduces New Law to Order Removal, Blocking of Harmful Online Content
A growing area of privacy litigation concerns claims brought under federal and state wiretapping laws against website operators. In many of those cases, plaintiffs allege that their personal information was improperly intercepted and disclosed to third parties, including in relation to information purportedly provided through a website’s chat feature. Last month, a federal court in
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
2023 has swiftly become the year of the U.S. National Cybersecurity Strategy. On March 2, 2023, the Biden Administration issued its National Cybersecurity Strategy brief, outlining its vision to: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. In furtherance of the goal to defend critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” (the “Report”), on April 13.
Calling the current state of technology “vulnerable by design,” the Report aims to encourage technology manufacturers to integrate security into their products from the ground up, factoring security into product development beginning at the design phase. In addition to the CISA, several American security agencies (the National Security Agency and Federal Bureau of Investigation) and international cybersecurity agencies (from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand) collaborated to provide a unified recommended approach to the development of both software and hardware. Below, we break down what the Report means for the tech sector.Continue Reading New CISA Guidelines Lay Out Unified International Principles on Security-by-Design and Security-by-Default
Today the Seventh Circuit issued a ruling which affirmed the dismissal of claims filed under Illinois’s Genetic Information Privacy Act. Bridges, et al. v. Blackstone, Inc., No. 22-2486 (7th Circ. 2023). Because this decision limits in most instances the circumstances under which claims could be brought under the statute in the context of a