“Browsing and location data are sensitive . . .. Full stop”
Data Law Insights
by Laura Foggan, Jacob Canter and Branden Nikka
2w ago
“Browsing and location data are sensitive . . .. Full stop,” says the Federal Trade Commission. As is all granular data that can reveal “insights” that “can be attributed to particular people” through a “re-identification” procedure. This is one basis of complaints the FTC filed against Avast, X-Mode Social, and InMarket. A March 4, 2024 FTC blog post titled FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, and InMarket describes why these three companies’ collection of consumers’ browsing and location data raised concerns for the agency, and looks at two other data gove ..read more
Visit website
DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Rule
Data Law Insights
by Evan D. Wolff, Michael G. Gruden, CIPP/G, Maida Oringher Lerner, Nkechi Kanu, Jacob Harrison and Alexis Ward
3M ago
On December 26, 2023, the Department of Defense (DoD) released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who handles sensitive data such as Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) during DoD contract performance will be covered by this regulation. While the CMMC program builds upon the security requirements included in Defense Federal Acquisition Regulation Supplem ..read more
Visit website
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Data Law Insights
by Evan D. Wolff, Daniel Zelenko, Matthew B. Welling, Jennie Wang VonCannon, William J. Bruno, Alexander Urbelis, Anand Sithian, Garylene “Gage” Javier and Neda Shaheen
3M ago
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public ..read more
Visit website
European Parliament Adopts Final EU Data Act
Data Law Insights
by Yung Shin Van Der Sype, Sari Depreeuw and Maarten Stassen
4M ago
On November 9, 2023, the European Parliament has adopted the final version of the Data Act, marking a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the European Commission’s broader strategy to shape Europe’s digital future (see our earlier posts here and here). The widespread use of internet-connected products (the so-called Internet of things or “IoT”) has notably increased the volume and potential value of data for consumers, businesses, and society at large. Recognizing that barriers to data sharing hinder optimal data allocation for societa ..read more
Visit website
European Data Protection Supervisor Releases New Opinion on the EU’s Proposed AI Act
Data Law Insights
by Maarten Stassen, Sari Depreeuw and Yung Shin Van Der Sype
4M ago
On October 24, 2023, the European Data Protection Supervisor (EDPS), which is the supervisory authority for the EU institutions, bodies, offices and agencies (EUIs), published a new opinion on the widely discussed proposal for an EU Regulation laying down harmonized rules on artificial intelligence (commonly known as the AI Act Proposal). Although the EDPS does not supervise the private sector, it plays an influential role in both the European and global regulatory community and this new opinion is, thus, a valuable addition to the current legislative debate. The AI Act Proposal was published ..read more
Visit website
Catch Up Fast: The “Data Days” of Summer in China
Data Law Insights
by Kate Growley, Evan Chuck and Zhiwei Chen
7M ago
The summer has been anything but slow in the People’s Republic of China. China is leaning into its regulation of emerging technologies, while attempting to strike a balance with its domestic economic priorities. In just the past few weeks, state authorities have issued a slew of draft measures and announced new initiatives – all with significant ramifications for businesses processing data within the PRC. From personal information processing to facial recognition to cross-border data transfers, what follows is a highlight reel of what you may have missed while you were away on vacation, with t ..read more
Visit website
The Future is Here: Senate Judiciary Committee’s Oversight of AI and Principles for Regulation
Data Law Insights
by Neda Shaheen, Jacob Canter, Aaron Cummings and Tim Shadyac
8M ago
On July 25, 2023, the Senate Judiciary Committee held its fifth hearing this year on artificial intelligence (AI). This is the second hearing held by the Subcommittee on Privacy, Technology, and the Law, and it highlighted the “bipartisan unanimity” in regulating AI technology. Overview Chairman Richard Blumenthal (D-CT) opened the hearing by recognizing “the future is not science fiction or fantasy. It’s not even the future. It’s here and now.” Last week, the Biden administration secured voluntary commitments focused on managing the risks posed by artificial intelligence. Blumenthal ..read more
Visit website
The First Text Cuts the Deepest: Eleventh Circuit Aligns with Other Circuits on TCPA Standing
Data Law Insights
by Marlee Santos and Jeffrey L. Poston
8M ago
On July 24, 2023, an en banc Eleventh Circuit joined the majority of circuits to find that just one text is sufficient to establish standing to bring a Telephone Consumer Protection Act (“TCPA”) claim. The decision, Drazen v. Pinto, — F.4th —, 2023 WL 4699939 (11th Cir. July 24, 2023), not only undoes the panel’s original holding, but also reverses course from the Eleventh Circuit’s prior decision in Salcedo v. Hanna, 936 F.3d 1162 (11th Cir. 2019), which held that a Plaintiff who received a single text message did not have TCPA standing.   The original Drazen panel ap ..read more
Visit website
Five Key Takeaways from the SEC’s Final Cybersecurity Rules for Public Companies
Data Law Insights
by Jennie Wang VonCannon, William J. Bruno, Evan D. Wolff, Matthew B. Welling, Daniel Zelenko, Anand Sithian, Alexander Urbelis and Christiana State
8M ago
On July 26, 2023, the SEC finalized long-awaited disclosure rules (the “Final Rules”) regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.  While the end results are substantially similar to rules proposed by the SEC in March 2022, there are some key distinctions.  The top five takeaways are: Disclosure of Cybersecurity Incidents within 4 Days of Materiality Determination. Public companies must now disclose in their Form 8-K Item 1.05 fili ..read more
Visit website
Senate Judiciary Subcommittee on Intellectual Property Hearing on Artificial Intelligence and Intellectual Property – Part II: Copyright
Data Law Insights
by Aaron Cummings, William Frankel, John Freeman and Neda Shaheen
8M ago
In an unconventional opening to the normally staid proceedings of the United States Senate, the voice of Frank Sinatra introduced the July 12, 2023 Senate Judiciary Subcommittee hearing on artificial intelligence (AI) and intellectual property. More accurately, an AI-generated version of Frank Sinatra’s voice sang about regulating AI to the tune of New York, New York, which Senator Chris Coons (D-DE), Chairman of the Senate Judiciary Subcommittee on Intellectual Property, used to illustrate both the possibilities and the risks of the use of AI in creative industries. Chairman Coons presided ov ..read more
Visit website

Follow Data Law Insights on FeedSpot

Continue with Google
Continue with Apple
OR