Privacy & Information Security Law Blog

On October 12, 2022, the UK Information Commissioner's Office (“ICO”) launched a public consultation on its draft guidance on employers’ obligations when monitoring at work (“Draft Guidance”). In addition, the ICO has published an impact scoping document, which outlines some of the context and potential impacts of the Draft Guidance (“Impact Scoping Document”).

On September 27, 2022, California Governor Gavin Newsom signed into law a pair of bills designed to prevent medical information and other data held by California entities from being used in out-of-state abortion prosecutions. 

On October 11, 2022, the Biden-Harris Administration released an informational statement about the current Administrations’ progress in strengthening America’s national cybersecurity. The statement provides detail into several new initiatives and sets goals for America’s future in cybersecurity:

On October 13, 2022, the Interactive Advertising Bureau (“IAB”) released for public comment an updated version of its contractual framework and new U.S. State Signals (“Signals”) specifications to help the digital advertising industry comply with the comprehensive state privacy laws of California, Virginia, Colorado, Utah and Connecticut.

On October 3, 2022, Google LLC (“Google”) agreed to pay the State of Arizona $85 million to settle a consumer privacy lawsuit that alleged the company surreptitiously collected consumers’ geolocation data on smartphones even after users disabled location tracking. 

On October 21 and October 22, 2022, the California Privacy Protection Agency (“CPPA”) Board will hold public meetings to discuss and take possible action, including adoption or modification of proposed regulations, to “implement, interpret, and make specific” the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 .

On October 4, 2022, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published a white paper outlining 10 key recommendations for regulating artificial intelligence (“AI”) in Brazil (the "White Paper"). CIPL prepared the White Paper to assist the special committee of legal experts established by Federal Senate of Brazil (the “Senate Committee”) as it works towards an AI framework in Brazil.

On October 4, 2022, the White House Office of Science and Technology Policy (“OSTP”) unveiled its Blueprint for an AI Bill of Rights, a non-binding set of guidelines for the design, development, and deployment of artificial intelligence (AI) systems. 

On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, which provides a new framework for legal data transfers between the European Union and the United States. The legal basis for transatlantic data transfers has been uncertain since 2020, when the European Court of Justice (“ECJ”) declared the previous framework, the EU-U.S. Privacy Shield, invalid under EU law. 

On October 3, 2022, the U.S. Department of Justice (“DOJ”) announced that the agreement between the U.S. Government and the UK Government on Access to Electronic Data for the Purpose of Countering Serious Crime (the “CLOUD Act Agreement”) entered into force, effective the same day. The CLOUD Act Agreement, which is authorized by the U.S. Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, is the first of its kind and will allow each country’s investigators to gain access to data held by service providers in the other country, for the purpose of combating serious crime. According to DOJ, this “will greatly enhance the ability of the United States and the United Kingdom to prevent, detect, investigate and prosecute serious crime, including terrorism, transnational organized crime, and child exploitation, among others.”