On March 25, a huge sigh of relief was heard from businesses and organizations located throughout the United States and Europe after the U.S. and European Commission announced their agreement in principle on a new Trans-Atlantic Data Privacy Framework (Framework) to effectuate the cross-border transfer of personal data from the European Union (EU) to the
On March 24, Governor Spencer J. Cox signed the Utah Consumer Privacy Act (UCPA), making Utah the fourth state in the country to adopt a comprehensive privacy law. The UCPA is set to take effect on December 31, 2023, and this law’s substantive requirements closely mirror the Virginia Consumer Data Protection Act (VCDPA). The UCPA
Introduction
As of March 22, 11 states have wrapped up their 2022 legislative sessions. In these early sessions, privacy legislation was considered in seven of the 11 states that have completed their 2022 sessions, namely Florida, Washington, Indiana, Virginia (amendments to enacted regime), West Virginia, Wisconsin, and Utah. Privacy bills passed out of at least
California Privacy Protection Agency Director Ashkan Soltani recently announced that long-awaited regulations related to the California Privacy Rights Act (CPRA) would be delayed. The agency initially scheduled a July 1 deadline to promulgate regulations and allow companies time to comply with the CPRA, which is set to be enforced beginning July 1, 2023. However, Director
On February 25, the Utah Senate passed the Utah Consumer Privacy Act (the UCPA), which closely resembles both the Virginia Consumer Data Protection Act (the VCDPA) and the Colorado Privacy Act (the CPA). The House unanimously passed the bill on March 2. The bill now goes to Governor Spencer Cox, who has 20 days to
On February 23, the Wisconsin House passed Assembly Bill 957 (AB 957), a bill relating to consumer data protection. This legislation is based on the Virginia Consumer Data Protection Act (VCDPA) and provides consumers with various rights about their data and imposes obligations on businesses. Wisconsin is the second state in 2022 to pass a
On February 14, Northern District of Illinois Judge Sharon Johnson Coleman rejected Clearview AI’s arguments that Illinois’ Biometric Information Privacy Act (BIPA) violated the First Amendment.
In 2020, Clearview AI was accused of violating BIPA in multiple cases filed in the Northern District of Illinois and the Southern District of New York. The plaintiffs alleged
On January 28, following the European Commission’s June 4, 2021 issuance of modified standard contractual clauses (SCCs), the United Kingdom’s (U.K.) secretary of state for digital, culture, media, and sport, presented the U.K. Parliament with two new mechanisms to effectuate cross-border transfers of data: (1) the International Data Transfer Agreement (the IDTA) and (2)
On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional Business Systems. Judge Michael J. Roemer recommended dismissal because plaintiffs’ allegations failed to constitute an injury under the Supreme Court’s ruling in TransUnion v. Ramirez
On January 13, Him Das, the acting head of the Financial Crimes Enforcement Network (FinCEN), highlighted ransomware as a chief national security risk. At the Financial Crimes Enforcement Conference, Das suggested that the current anti-money laundering regulations are insufficient to protect against tech-driven threats, from cyberattacks to digital asset schemes. FinCEN therefore is currently