It is fairly standard language in privacy policies: “This privacy policy may be amended or updated from time to time, so please check back regularly for updates.” It sends the message that the company can change its data practices and policies without ever notifying the end-user. It tells the end-user that the burden is on
Jenny L. Colgate
White House AI Order Balances Innovation And Regulation
On Oct. 30, President Joe Biden issued an executive order on safe, secure and trustworthy artificial intelligence.[1]
The executive order provides a sprawling list of directives aimed at establishing standards for AI safety and security and protecting privacy.
While the executive order acknowledges the executive branch’s lack of authority for any lawmaking or rulemaking…
If you Think “My Health, My Data” Does Not Apply to Your Company, You May Want to Think Again
Many companies may be quick to dismiss Washington’s “My Health, My Data” (MHMD) as a health data law that does not apply to them. But there are many reasons you should think twice before disregarding this law.
First, unlike the state privacy laws that have been passed so far, MHMD applies to all companies…
What is “Data Minimization”? Could This Be a Future Hot Issue for U.S. Privacy Litigation?
On March 16, 2023, the French Data Protection Agency (the “CNIL”) imposed a fine of € 25,000 on the company CITYSCOOT in connection with a finding that CITYSCOOT failed to comply with the obligation to ensure data minimization, as required by Article 5.1.c of the GDPR. The facts that led to the judgment included a…
The Supreme Court Declines to Further Clarify Standing for Privacy Claims in Wakefield v. ViSalus
A number of federal privacy laws provide private rights of action, allowing individuals (or class actions) to bring claims alleging violations of certain privacy laws. Some examples of these statutes include the Video Privacy and Protection Act (VPPA), the Telephone Consumer Protection Act (TCPA), and the Fair Credit Reporting Act (FCRA). What is more is…
First BIPA Trial Ever Results in $228M Judgment Against Company that Hired Out Fingerprint Processing Activities
Yesterday, October 12, 2022, was the first time that a case under the Illinois Biometric Information Privacy Act (BIPA) went to trial – and the result was a big win for the Plaintiffs, more than 44,000 truck drivers whose fingerprints were scanned for identity verification purposes without any informed permission or notice. BIPA is an…
Biden Signs Executive Order Implementing Privacy-Shield Replacement for EU-US Data Transfers
Today, October 7, 2022, President Joe Biden signed an executive order implementing a new privacy framework for data being shared between Europe and the United States. The new framework is called the “Trans-Atlantic Data Privacy Framework,” and it will (hopefully) serve to replace the prior framework, known as “Privacy Shield”, which was struck down by…
CCPA Enforcement – California AG Bonta Announces Settlement with Sephora
California Attorney General Rob Bonta announced yesterday a settlement reached with beauty product retailer, Sephora, Inc. (Sephora), resolving allegations that Sephora violated various provisions of the California Consumer Privacy Act (CCPA). Specifically, it was alleged that Sephora failed to:
- Disclose to consumers that it was selling their personal information
- Process user requests to opt out
…
Meta’s Annual Report Says It May Have To Shut Down Facebook and Instagram in Europe Because of GDPR – A Fact, Not a Threat
In July 2020, the Schrems II decision issued and the European Commission’s adequacy decision for the EU-US Privacy Shield Framework was invalidated. Further, and broader than the invalidation of Privacy Shield adequacy decision, the Schrems II judgement found that US surveillance measures interfered with what are considered “fundamental rights” under EU law, i.e., the rights…
Heads-Up to Any Companies with Loyalty Programs –They Count as “Financial Incentives” for Purposes of the CCPA
On Friday, January 28, 2022, the California Office of Attorney General issued a press release announcing that California DOJ sent notices alleging non-compliance with the California Consumer Privacy Act (CCPA) to a number of businesses operating loyalty programs in California. The press release stated, inter alia:
“Under the CCPA, businesses that offer financial incentives,…