On September 25, 2020, the District Court of New Mexico granted Google’s motion to dismiss a lawsuit filed on February 20, 2020, by New Mexico Attorney General Hector Balderas alleging, among other claims, that the company violated the federal Children’s Online Privacy Protection Act (“COPPA” or the “Act”) by using G Suite for Education to “spy on New Mexico students’ online activities for its own commercial purposes, without notice to parents and without attempting to obtain parental consent.”
On September 24, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth (“CIPL”) released a new paper (the “Paper”) on the Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision.
The Centre for Information Policy Leadership at Hunton Andrews Kurth (“CIPL”) recently published a concept paper titled Why We Need Interstate Privacy Rules for the U.S.
The paper acknowledges the possibility that the U.S. may not implement a comprehensive federal privacy law in the near future, and that instead a growing patchwork of state laws will emerge. It proposes an interstate privacy interoperability code of conduct or certification as a solution to the possibility of inconsistent and disparate privacy requirements across the U.S. The paper outlines the benefits and key features of the code, as well as potential models and sources for its structure and substantive rules, such as the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (“APEC CBPR”), ISO standards, existing state privacy laws, the EU General Data Protection Regulation (“GDPR”) and key federal privacy proposals. It also discusses the process that could be used to develop the code.
On September 28, 2020, the U.S. Department of Commerce, along with the U.S. Department of Justice and the Office of the Director of National Intelligence, released a White Paper entitled Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II (the “White Paper”). The White Paper outlines privacy safeguards in and updates to the U.S. surveillance provisions flagged by the Court of Justice of the European Union (“CJEU”) in its Schrems II decision. It is intended to serve as a resource for companies transferring personal data from the EU to the U.S. in the wake of the CJEU’s decision overturning the EU-U.S. Privacy Shield. Particularly, it focuses on companies relying on Standard Contractual Clauses (“SCCs”) for data transfers, and provides information to help them determine whether the U.S. ensures adequate privacy protections for companies’ data.
In an op-ed recently published by The Richmond Times-Dispatch, former Governor of Virginia and Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton Andrews Kurth Terry McAuliffe discusses why a U.S. federal privacy law is essential to economic recovery in the wake of the COVID-19 pandemic. McAuliffe highlights how the U.S., unlike other countries, lacks a comprehensive privacy law.
On September 21, 2020, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a $1.5 million settlement with Athens Orthopedic Clinic PA (“Athens Orthopedic”) for alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules.
On September 17, 2020, Senator Roger Wicker (MS), Chairman of the Senate Commerce Committee, along with Senators John Thune (SD), Deb Fischer (NE) and Marsha Blackburn (TN) introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act (“the Bill”). The Bill marks an official introduction of an update of Senator Wicker’s draft United States Consumer Data Privacy Act of 2019, which was circulated last November.
On September 18, 2020, the U.S. Department of Commerce (“Commerce”) announced detailed sanctions relating to the mobile applications WeChat and TikTok. These prohibitions were issued in accordance with President Trump’s Executive Orders issued on August 6, 2020, imposing economic sanctions against the platforms under the International Emergency Economic Powers Act (50 U.S.C. § 1701 et seq.) and the National Emergencies Act (50 U.S.C. § 1601 et seq.). These orders, if they become fully effective, will (1) prohibit mobile app stores in the U.S. from permitting downloads or updates to the WeChat and TikTok mobile apps; (2) prohibit U.S. companies from providing Internet backbone services that enable the WeChat and TikTok mobile apps; and (3) prohibit U.S. companies from providing services through the WeChat mobile app for the purpose of transferring funds or processing payments to or from parties. The sanctions do not target individual or business use of the applications but are expected to degrade the ability of persons in the United States to use the apps for the purposes they were designed to serve.
On September 18, 2020, as confirmed by Brazilian firm Mattos Filho, Veiga Filho, Marrey Jr. e Quiroga Advogados, Brazil’s President signed a bill from Brazil’s Congress bringing the new Brazilian data protection law (Lei Geral de Proteção de Dados Pessoais, “LGPD”) into effect with a retroactive applicability date of August 16, 2020. The LGPD’s sanctions provisions will apply beginning August 1, 2021, based on a previous delay passed by Brazil’s legislature. As we previously reported, on August 26, 2020, Brazil’s Senate had unexpectedly rejected the ...
On September 15, 2020, the U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) announced five more settlements under its HIPAA Right of Access Initiative. The OCR announced its Right of Access Initiative in 2019, promising vigorous enforcement of HIPAA’s access rules. The five newly announced settlements bring OCR's total to seven completed enforcement actions under the Right of Access Initiative.
Search
Recent Posts
- Department of Defense Issues Final Rule Implementing Contractor Requirements to Safeguard Sensitive Information
- California Privacy Protection Agency Defends Broad Authority to Investigate Potential CCPA Violations
- Qantas Airways Cuts Executive Pay After Cyber Incident: A Governance Signal for the Industry
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- Age Appropriate Design Code
- Age Verification
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Audit
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Consumer Rights
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cross-Border Data Transfer
- Cyber Attack
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Protection Officer
- Data Transfer
- David Dumont
- David Vladeck
- Deceptive Trade Practices
- Delaware
- Denmark
- Department of Commerce
- Department of Defense
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Design
- Digital Markets Act
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DORA
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Electronic Protected Health Information
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- Financial Data
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Geolocation Data
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- HIPAA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Large Language Model
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Louisiana
- Madrid Resolution
- Maine
- Malaysia
- Maryland
- Massachusetts
- Meta
- Mexico
- Michigan
- Microsoft
- Minnesota
- Missouri
- Mobile
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- North Dakota
- North Korea
- Norway
- Obama Administration
- OCPA
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Online Behavioral Advertising
- Online Privacy
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Poland
- PRISM
- Privacy By Design
- Privacy Notice
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Profiling
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk Assessment
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Salesforce
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Sensitive Data
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- States Attorney General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code