Category

Data Privacy

Category

“Neural data” is the newest addition to the ever expanding California Consumer Privacy Act (CCPA). Signed into law on September 28, 2024, SB 1223 amends the CCPA to add “personal information that reveals neural data” to the categories of personal information that constitute sensitive personal information. It further amends the CCPA to define “neural data” as “information that is generated by measuring the activity of a consumer’s central or peripheral nervous system, and that is…

The California Privacy Protection Agency has issued an Enforcement Advisory on the topic of dark patterns. The California Consumer Privacy Act uses the term “dark patterns” to refer generally to user interfaces that subvert or impair consumers’ autonomy, decisionmaking, or choice when asserting their privacy rights or consenting to personal information processing activities. For example, when businesses provide choices to consumers, such as via cookie banners or in privacy preference centers, choices must be clear…

In recent years, both U.S. state and federal legislatures have intensified efforts to enact laws aimed at safeguarding minors in the digital world. However, several court rulings have found that these legislative actions overstepped constitutional limits. This article highlights key legislative initiatives at the U.S. federal level and in California and Texas to protect children and teenagers online, and lawsuits challenging the legality of the California and Texas measures, as of early September 2024. Federal…

Following the passing of the Personal Data Protection (Amendment) Bill 2024 (“Bill”) by the Malaysian Parliament in July 2024, three public consultation papers have been issued in relation to the implementation of the following impending new legal obligations: The deadline to provide feedback is 6 September 2024 (Friday). Contents: In more detail We have earlier highlighted in our client alert some of the key changes brought by the Bill to the Personal Data Protection Act 2010 (PDPA) and that certain…

Abstract The recently introduced American Privacy Rights Act (APRA) represents the latest attempt to pass a comprehensive federal privacy law in the US that would govern privacy generally across the country. The draft bill proposes novel compromises on controversial topics such as federal preemption and rights of private action, which need refinement and will likely be changed in the legislative process. The attempt to cover not-for-profit entities without accounting for their different purposes seems ill…

This article was originally published by IAPP: How US national security interests may lead to a multilateral treaty on data privacy | IAPP. In Lewis Carroll’s classic Alice in Wonderland sequel “Through the Looking-Glass,” Alice enters a fantastical world by climbing through a mirror. Alice discovers that, like a mirror, everything is reversed in this other world. For observers of global data privacy issues over the past few decades, “Through the Looking Glass” is an…

In Brief The long-awaited EU AI Act was published in the Official Journal of the European Union today, 12 July 2024. The Act regulates activities across the AI lifecycle, as covered in more detail in our previous post, and the countdown for implementation has now started for companies developing or deploying AI technologies, with the Act entering into force 20 days after its publication on 1 August 2024. The Act as a whole is generally…

Baker McKenzie’s North America Privacy Team is excited to present Privacy Bingo: US State Law Edition – offering an interactive way to help you navigate the complexity of the data privacy landscape across the US. With numerous states to date that have now passed comprehensive privacy laws, we developed a set of bingo cards – one per state – that allows you to compare certain features of each state law in a compact format. Each…

In June 2024, New York enacted two laws that will impose extensive new requirements on companies operating in the state to enhance online protections for children. The first is the New York Child Data Protection Act (“NYCDPA”), which imposes data minimization, consent and data processor agreement obligations on online services operators that actually know they collect minors’ personal information or target their services at minors. The second is the Stop Addictive Feeds Exploitation (SAFE) for…

Copyright 2024 International Association of Privacy Professionals. Data minimization: An increasingly global concept. Data minimization requirements are not new but they are becoming more common, and enforcement is on the rise. “Legal basis” requirements for data processing, justifying data processing activities and transfers, and adhering to data minimization principles began hitting organizations’ radars with the EU General Data Protection Regulation. In response to the GDPR, many multinationals are differentiating regionally, or by jurisdiction, how they…