Author

Jonathan Tam

Browsing

In late April 2024, the U.S. enacted the 21st Century Peace through Strength Act. In addition to approving aid for Israel, Taiwan and Ukraine and advancing other U.S. policy objectives, the 21st Century Peace through Strength Act establishes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (the “Act”), which prohibits “data brokers” from making available personally identifiable sensitive data of U.S. individuals to “foreign adversary countries” — namely, North Korea, the People’s Republic…

On April 4, 2024, the Kentucky Governor Andy Brashear signed HB 15, enacting the Kentucky Consumer Data Protection Act (“KCDPA” or the “Act”), to make Kentucky the 15th US state to adopt a comprehensive privacy law. Kentucky joins New Hampshire and New Jersey in a trifecta of states that have enacted privacy legislation in the opening months of 2024. In the days since the KCDPA’s signing, the consumer privacy stakes have been raised, with the…

On February 28, President Biden issued Executive Order 14117 (the EO) directing the US Attorney General and other agencies to promulgate regulations that restrict and, in some cases, prohibit transactions that might involve the sharing of sensitive personal data and government-related data with “countries of concern” (currently China, including Hong Kong and Macau, Russia, Iran, North Korea, Cuba, and Venezuela). In tandem, the Department of Justice (DoJ) issued an Advance Notice of Proposed Rulemaking (ANPRM)…

On January 18, 2024, the New Hampshire legislature passed SB255, making the Granite State the 14th US state to pass a consumer privacy law—and the second state to do so in January. Following enrolment—a formality to excise clerical errors—the bill will move to Governor Chris Sununu’s desk for final enactment. If it becomes law, SB255 will go into effect on January 1, 2025, giving businesses less than one year to ensure compliance with the new…

28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…

Sending a clear message, the Federal Trade Commission (FTC) announced the settlement of two separate enforcement actions against data brokers for selling precise location data that may be used to reveal sensitive information. On January 9, the FTC settled with Outlogic, LLC (formerly X-Mode Social) over allegations that it failed to obtain meaningful consent from consumers before collecting and selling data that could be used to track visits to sensitive locations like clinics and places of…

New Jersey is the 13th US State to Pass Comprehensive Consumer Privacy Legislation Consistent with our prediction that 2024 will bring a significant crop of new state consumer privacy laws, the New Jersey legislature recently became the 13th state to pass a comprehensive privacy statute. On January 8—the final day of its 2022-2023 legislative session—the Senate passed bill S332. Once enacted—either with Governor Phil Murphy signing the bill or after 45 days if he takes…

Chapter 22.8 of the California Business and Professions Code imposes requirements on social media companies with annual gross revenues of $100 million or more to submit “terms of service reports” to the California Attorney General, with the first report due by January 1, 2024. The statute is currently the subject of a constitutional challenge, but covered companies should not delay preparing reports in case the lawsuit drags on or is unsuccessful. The law applies to…

On October 30, 2023, President Biden issued a 63-page Executive Order to define the trajectory of artificial intelligence adoption, governance and usage within the United States government. The Executive Order outlines eight guiding principles and priorities for US federal agencies to adhere to as they adopt, govern and use AI. While safety and security are predictably high on the list, so too is a desire to make America a leader in the AI industry including…

If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act On October 10, 2023, California Governor, Gavin Newsom, signed Senate Bill 362, referred to as the Delete Act, into law. The Delete Act amends existing data broker laws to subject all data brokers to new registration and disclosure requirements…