On January 18, 2024, the New Hampshire legislature passed SB255, making the Granite State the 14th US state to pass a consumer privacy lawâand the second state to do so in January. Following enrolmentâa formality to excise clerical errorsâthe bill will move to Governor Chris Sununuâs desk for final enactment. If it becomes law, SB255 will go into effect on January 1, 2025, giving businesses less than one year to ensure compliance with the new…
28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europeâs Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…
Sending a clear message, the Federal Trade Commission (FTC) announced the settlement of two separate enforcement actions against data brokers for selling precise location data that may be used to reveal sensitive information. On January 9, the FTC settled with Outlogic, LLC (formerly X-Mode Social) over allegations that it failed to obtain meaningful consent from consumers before collecting and selling data that could be used to track visits to sensitive locations like clinics and places of…
Organizations subject to the Washington State My Health My Data Act (generally any organization with physical premises in Washington, and many organizations without it) are preparing for compliance by March 31, 2024. And should, in addition to the overall compliance requirements and immediate action items, be aware that the Washington Attorney General updated its guidance on the requirements for a consumer health privacy policy. Section 4(1)(b) of the My Health My Data Act explicitly provides…
New Jersey is the 13th US State to Pass Comprehensive Consumer Privacy Legislation Consistent with our prediction that 2024 will bring a significant crop of new state consumer privacy laws, the New Jersey legislature recently became the 13th state to pass a comprehensive privacy statute. On January 8âthe final day of its 2022-2023 legislative sessionâthe Senate passed bill S332. Once enactedâeither with Governor Phil Murphy signing the bill or after 45 days if he takes…
If your organization does business across the U.S. and collects consumer health data (broadly defined, health inferences generated from non-health data count), compliance with U.S. state consumer health privacy laws is just around the corner. Consumer health privacy laws in Nevada (Senate Bill 370) and Washington (the My Health My Data Act) become fully operative for regulated entities on March 31, 2024. Requirements specific to consumer health data are already operative in Connecticut. Here are…
In brief On October 8, 2023, California Governor Gavin Newsom signed two bills into law amending the California Consumer Privacy Act (CCPA). AB 947 classifies citizenship and immigration status as “sensitive personal information” subject to special protections under the CCPA, while AB 1194 strengthens reproductive privacy rights. Both bills carried the unanimous endorsement of the California Privacy Protection Agency. Details for each bill are described below followed by actionable guidance businesses can take to prepare…
If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act On October 10, 2023, California Governor, Gavin Newsom, signed Senate Bill 362, referred to as the Delete Act, into law. The Delete Act amends existing data broker laws to subject all data brokers to new registration and disclosure requirements…
According to Article 40.1 of the GDPR, the national supervisory authorities in the European Economic Area shall âencourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, establishes the requirements that…
In Brief On September 11, 2023, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act (HB 154) into law, making Delaware the twelfth US state to pass a consumer privacy law (and the seventh in 2023 alone). Like Connecticut, Colorado and Indiana, Delawareâs new law occupies a middle ground between detailed privacy regimes like the California Consumer Privacy Act (CCPA, as modified by the California Privacy Rights Act) and more business-friendly mandates like…