Privacy & Information Security Law Blog

Last week, the House Energy and Commerce Committee advanced the Kids Online Safety Act (H.R. 7891) and the Children and Teen’s Online Privacy Protection Act (H.R. 7890).

On September 4, 2024, the California Privacy Protection Agency issued an Enforcement Advisory on Avoiding Dark Patterns: Clear and Understandable Language, Symmetry in Choice.

On September 12, 2024, the Irish Data Protection Commission announced it had launched a cross-border statutory inquiry into Google Ireland Limited in relation to Google’s data protection impact assessment obligations under the Irish Data Protection Act.

On September 10, 2024, the U.S. District Court for the District of Utah issued an Order granting a Motion for a Preliminary Injunction, prohibiting the Utah Attorney General from implementing and enforcing the Utah Minor Protection in Social Media Act, which was set to take effect October 1, 2024.

On August 29, 2024, the California State Assembly passed California bill AB-1949, following the bill’s passage in the California State Senate, and AB 1949 is currently awaiting approval by Governor Newsom. If enacted, AB-1949 would amend the California Consumer Privacy Act (as amended by the California Privacy Rights Act) to significantly expand privacy protections concerning the personal information of consumers under the age of 18.

On August 16, 2024, a Ninth Circuit panel partially upheld an injunction halting implementation of the California Age-Appropriate Design Code Act (the “Act”). In particular, the Ninth Circuit affirmed the district court’s ruling that NetChoice, a technology trade group, was likely to succeed in showing that the Act’s data protection impact assessment (“DPIA”) requirements violate the First Amendment. Under the DPIA requirements, covered businesses would have been required to identify material risks to children under the age of 18, document and mitigate those risks before such children access an online service, product or feature, and provide the DPIA to the California Attorney General upon written request.

New ANPD resolution establishes rules and procedures for international data transfers. Brazilian firm Mattos Filho reports on the new rules.

On September 10, 2024, the European Commission and the European Data Protection Board issued a press release stating that they would be cooperating to develop guidance regarding the interplay between the Digital Markets Act and the General Data Protection Regulation.

On September 10, 2024, the UK Information Commissioner’s Office announced that it signed a memorandum of understanding with the UK National Crime Agency related to cyber resilience.

On August 30, 2024, the Federal Trade Commission announced a proposed settlement with Verkada, a security camera firm, in connection with alleged data security failures and CAN-SPAM Act violations. Under the proposed order, Verkada will be required to implement a comprehensive information security program and pay a $2.95 million monetary penalty.