Photo of Jennifer B. Maisel

Alabama, North Dakota, and South Carolina are the first states to announce that they will use Apple-Google’s exposure notification technology for their state COVID-19 tracking apps.  Several countries in Europe have already agreed to use the technology.

The Apple-Google technology uses Bluetooth to aid in COVID-19 exposure notification.  A user’s device with the technology enabled

Just last year the public was scrutinizing Big Tech for its collection and use of extraordinary amounts of data about people’s activities, from real-world location tracking to virtual lingering and clicks.  This scrutiny led to the landmark California Consumer Privacy Act, among other general privacy and data protection laws around the world. Will Big Tech

The Federal Trade Commission (“FTC”) released its 2019 Privacy and Data Security Update, highlighting its enforcement actions in 2019 directed to the protection of consumer privacy and data security.

In the roundup of 2019 Privacy Cases, the Update highlights the FTC’s and the Department of Justice’s record $5 billion penalty imposed on Facebook—the largest

The European Commission recently presented strategies for data and Artificial Intelligence (AI) focusing on promoting excellence in AI and building trust.  The Commission’s White Paper, “On Artificial Intelligence – A European approach to excellence and trust,” addresses the balance between the promotion of AI with regulation of its risks.  “Given the major impact

The California Attorney General recently released modified CCPA guidance.  While the modified guidance offers additional examples for CCPA compliance and clarifies certain obligations, several open issues and ambiguities still remain. Below are highlights of the changes, and note that written comments are due by February 25, 2020.

Definitions: The modified guidance specify the

“Reasonable” appears several times in the California Consumer Privacy Act (CCPA), and most notably in the section on the private right of action for a data breach resulting from “a business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal

The National Institute of Standards and Technology (NIST) released version 1.0 of its Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, which follows the structure of the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework).  The Privacy Framework acknowledges that failure to manage privacy risks can have direct adverse

One notable difference between the California Consumer Privacy Act (CCPA) and Europe’s General Data Privacy Regulation (GDPR) is that only the latter provides the right for individuals to not be subjected to automated decision-making, including profiling, which has legal or other significant effects on that individual.

But, the CCPA still creates issues for covered entities