Author

Rachel Ehlers

Browsing

On January 18, 2024, the New Hampshire legislature passed SB255, making the Granite State the 14th US state to pass a consumer privacy law—and the second state to do so in January. Following enrolment—a formality to excise clerical errors—the bill will move to Governor Chris Sununu’s desk for final enactment. If it becomes law, SB255 will go into effect on January 1, 2025, giving businesses less than one year to ensure compliance with the new…

28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…

Sending a clear message, the Federal Trade Commission (FTC) announced the settlement of two separate enforcement actions against data brokers for selling precise location data that may be used to reveal sensitive information. On January 9, the FTC settled with Outlogic, LLC (formerly X-Mode Social) over allegations that it failed to obtain meaningful consent from consumers before collecting and selling data that could be used to track visits to sensitive locations like clinics and places of…

On January 7, 2024, China’s Cyberspace Administration (“CAC”) closed the public consultation period for its new cybersecurity incident reporting rules, which were released in December. If the draft rules are adopted as written, companies would be required to report certain cybersecurity incidents to the relevant Chinese regulator within one hour. The relevant regulator depends on the nature of the IT system compromised, the industry, and other factors and may be the local CAC, the public…

On December 21, 2023 the Federal Communications Commission (FCC) issued updates to its Data Breach Notification Rule, which applies to telecommunications carriers, as well as to voice over internet protocol (VoIP) and telecommunications relay service (TRS) providers. The updated Data Breach Notification Rule marks the most significant changes to the Rule since its adoption 16 years ago and modernizes the FCC requirements by bringing them more closely in line with other breach reporting obligations. The…

This past year brought the rapid rise of ChatGPT and other generative AI platforms, accompanied by several noteworthy legal and regulatory developments. 2024 promises to continue with technology advances, making it a pivotal year for businesses navigating global data privacy and cybersecurity risks. Our Baker McKenzie Top 10 predictions for 2024 follow. AI-enhanced cyber threats will increase globally. Threat actors will continue to leverage AI for increasingly sophisticated attacks, exploiting new technologies to enable highly-personalized…

In Brief On September 29, 2023, China’s primary data protection regulator, the Cyberspace Administration of China (“CAC”), proposed new rules for cross-border data transfers from China (the “Draft Rules”). If implemented as written, the Draft Rules, which are currently subject to public comment through mid-October, will significantly roll back requirements for many US and multinational organizations. There is no specific deadline for adoption, but it is expected prior to November 30, 2023, which is the…

In recent years, China has adopted a series of complex regulations around cybersecurity and privacy. In 2022, it issued rules for cross-border transfers of data, and its version of Standard Contractual Clauses (“China SCCs”) in February 2023. The China SCCs became effective in June, but there was a six month grace period for filing, until November 30, 2023. Any company that has a presence in China or processes or transfers Chinese resident data outside of…

On August 9, India’s Digital Personal Data Protection Bill, 2023 (“DPDP Bill”) passed both houses of the Indian Parliament and now awaits Presidential assent. In 2017, India’s Supreme Court mandated that privacy is a fundamental human right. Since that time, India has been working to pass data protection legislation. The DPDP Bill is India’s fifth draft of the bill. The DPDP Bill only applies to the processing of digital personal data in India, where the personal…

There has been an incredible volume of discussion around generative AI (GAI) in 2023, including products like ChatGPT and GitHub Copilot, and the potential impact these tools have on every corner of the business world. This is not surprising given that GAI has demonstrated powerful functionality, making it easy to hypothesize about use cases. Unfortunately, on top of the fervor, the use of GAI presents a multitude of risks. Some companies have banned GAI use…