Privacy & Information Security Law Blog

On October 22, 2024, the Securities and Exchange Commission charged four public companies with making materially misleading disclosures about cybersecurity risks and intrusions.

On October 31, 2024, the UK Information Commissioner’s Office published its response to the draft Data (Use and Access) Bill.

On October 24, 2024, the Irish Data Protection Commission announced that it had issued a fine of 310 million euros against LinkedIn Ireland Unlimited Company for breaches of the EU GDPR related to transparency, fairness and lawfulness in the context of the company’s processing of its users’ personal data for behavioral analysis and targeted advertising.

On October 4, 2024, the Court of Justice of the European Union (“CJEU”) issued its judgment in case KNLTB (C‑621/22). In this judgment, the CJEU was called upon to clarify the concept of “legitimate interests” and, in particular, whether purely commercial interests can be considered as legitimate under the EU General Data Protection Regulation (“GDPR”).

The U.S. Government Accountability Office has launched an investigation into how retirement plan providers use data collected from 401k plan participants to engage in cross-selling of financial products.

On October 23, 2024, the UK government introduced the draft Data (Use and Access) Bill to the House of Lords. 

On October 21, 2024, the U.S. Department of Justice National Security Division issued a Notice of Proposed Rulemaking implementing Executive Order 14117 that will restrict certain transactions with high-risk countries.

On October 22, 2024, the Consumer Financial Protection Bureau finalized a rule concerning the portability of consumers’ personal financial data.

On October 15, 2024, the U.S. Court of Appeals for the Second Circuit vacated the dismissal of a proposed class action against the National Basketball Association under the Video Privacy Protection Act, holding that the named plaintiff successfully pled that he was a “consumer” protected by the Act by virtue of his subscription to the Defendant’s online newsletter.

On October 16, 2024, the Federal Trade Commission issued a final Click-to-Cancel Rule, also known as the Negative Option Rule, updating its existing regulatory scheme that requires sellers to make it as easy for consumers to cancel their subscriptions and memberships as it is to sign up in the first place.