Privacy & Information Security Law Blog

New ANPD resolution establishes rules and procedures for international data transfers. Brazilian firm Mattos Filho reports on the new rules.

On September 10, 2024, the European Commission and the European Data Protection Board issued a press release stating that they would be cooperating to develop guidance regarding the interplay between the Digital Markets Act and the General Data Protection Regulation.

On September 10, 2024, the UK Information Commissioner’s Office announced that it signed a memorandum of understanding with the UK National Crime Agency related to cyber resilience.

On August 30, 2024, the Federal Trade Commission announced a proposed settlement with Verkada, a security camera firm, in connection with alleged data security failures and CAN-SPAM Act violations. Under the proposed order, Verkada will be required to implement a comprehensive information security program and pay a $2.95 million monetary penalty.

On August 30, 2024, the Beijing Municipal Internet Information Office, Beijing Municipal Commerce Bureau and Beijing Municipal Government Services and Data Administration Bureau jointly issued the Data Export Management List (Negative List) of China (Beijing) Pilot Free Trade Zone (Version 2024) and the Administrative Measures for the Negative List.

On September 3, 2024, the Dutch Data Protection Authority announced a €30.5 million fine against Clearview AI for the processing of personal data related to its biometric data database.

On September 4, 2024, the Irish High Court dismissed proceedings against X related to X’s use of personal data for its AI tool Grok.

On August 28, 2024, the FCC announced that it signed a Memorandum of Understanding on Cooperation in the Enforcement of Laws Protecting Personal Information in the Private Sector with the Office of the Privacy Commissioner of Canada.

On August 26, 2024, the Dutch Data Protection Authority as lead supervisory authority announced it has imposed a fine of 290 Million Euros on Uber related to a violation of international transfer requirements under the EU General Data Protection Regulation. 

As reported on the Hunton Retail Law resource blog, on August 2, 2024, Illinois amended its Biometric Information Privacy Act (“BIPA”), curbing the potential for massive damages and modernizing the law’s written consent provisions. On their face, the amendments are not retroactive.  It remains unclear, however, whether this change in Illinois law will nonetheless be applied retroactively by the courts.

For more information click here.