Data Privacy Archives

In Data Privacy

U.S. Prohibits Data Brokers from Making U.S. Sensitive Data Available to Foreign Adversaries

April 24, 2024 by Brian Hengesbaugh, Jonathan Tam, Rod Hunter and Callie Lefevre 5 Mins Read

In late April 2024, the U.S. enacted the 21st Century Peace through Strength Act. In addition to approving aid for Israel, Taiwan and Ukraine and advancing other U.S. policy objectives, the 21st Century Peace through Strength Act establishes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (the “Act”), which prohibits “data brokers” from making available personally identifiable sensitive data of U.S. individuals to “foreign adversary countries” — namely, North Korea, the People’s Republic…

In Data Privacy

Kentucky is Off to the Races: Bluegrass state is 15th to Pass Comprehensive Privacy Law

April 10, 2024 by Justine Phillips, Cynthia Cole, Helena Engfeldt, Brian Hengesbaugh, Rachel Ehlers and Jonathan Tam 8 Mins Read

On April 4, 2024, the Kentucky Governor Andy Brashear signed HB 15, enacting the Kentucky Consumer Data Protection Act (“KCDPA” or the “Act”), to make Kentucky the 15th US state to adopt a comprehensive privacy law. Kentucky joins New Hampshire and New Jersey in a trifecta of states that have enacted privacy legislation in the opening months of 2024. In the days since the KCDPA’s signing, the consumer privacy stakes have been raised, with the…

In Artificial Intelligence

M&A, Professional Perspective – AI: Real Money, Light Representations & Light Deal Certainties

April 8, 2024 by Adam Aft, Bill Rowe, Michelle Carr, Elizabeth Barber, Teisha Johnson and Sylwia Lis 16 Mins Read

Copyright 2024 Bloomberg Industry Group, Inc. (800-372-1033) AI: Real Money, Light Representations & Light Deal Certainties. Reproduced with permission. Editor’s note: For additional guidance on practice-specific areas of risk associated with the use of generative and other forms of AI, see our AI Legal Issues Toolkit. For additional information on laws, regulations, guidance, and other legal developments related to AI, visit In Focus: Artificial Intelligence (AI); Data Security, Professional Perspective – Regulation of AI Foundation Models. The wave of…

In California Privacy Law

California moves to disable vehicular data access used in domestic abuse

April 5, 2024 by Cynthia Cole and Helena Engfeldt 2 Mins Read

Background On February 28, 2024, California State Senator Dave Min proposed Senate Bill (SB) 1394, a new measure aimed at preventing vehicular data from being used to perpetuate domestic violence. Under the proposal, automobile manufacturers would be required to disable access to remote vehicle technologies upon the request of a victim of domestic violence. The bill arrives amid increasing reports of incidents of domestic abusers exploiting vehicular location tracking features to stalk and harass victims…

In Data Privacy

The new EU regulation on harmonised rules on fair access to and use of data (“Data Act”)

March 21, 2024 by Simone (Bach) Rieken LL.M., John McGovern and Marilyn Acquah 5 Mins Read

Where can I find the text of the Data Act? The published text can be found here. What is the Data Act about? It requires organisations to make data collected through connected products or related services (including virtual assistants in so far as they interact with a connected product or related service) available to users and, upon a user’s request, to third parties. By mixing concepts of both data and competition law, the Data Act…

In Data Privacy

France introduces new law to enhance the protection of children’s rights in France

March 19, 2024 by Magalie Dansac Le Clerc and Juliette Leportois 5 Mins Read

For the first time, France has adopted a law protecting children’s privacy through the lens of right to their image: the Law n°2024-120 of February 19, 2024 (“Children’s Image Rights Law”). Unlike standards or bills related to the sharing of children’s personal data which may exist in other countries (e.g., UK Age Appropriate Design Code, California bill on collection of personal information of a consumer less than 18 years of age), which apply to data…

In Data Privacy

US Government to Restrict Sharing of US Bulk Sensitive Personal Data With Certain “Countries of Concern”

March 1, 2024 by Rod Hunter, Brian Hengesbaugh, Jonathan Tam and Callie Lefevre 12 Mins Read

On February 28, President Biden issued Executive Order 14117 (the EO) directing the US Attorney General and other agencies to promulgate regulations that restrict and, in some cases, prohibit transactions that might involve the sharing of sensitive personal data and government-related data with “countries of concern” (currently China, including Hong Kong and Macau, Russia, Iran, North Korea, Cuba, and Venezuela). In tandem, the Department of Justice (DoJ) issued an Advance Notice of Proposed Rulemaking (ANPRM)…

In Data Privacy

New EU regulation on digital evidence opens up risk of data misuse

February 9, 2024 by Dr Lukas Feiler, Mark Nemeth, Vinod Bange, Eva-Maria Strobel, Francesca Gaudino and Elisabeth Dehareng 6 Mins Read

The new EU regulation on electronic evidence will enable law enforcement authorities from one EU member state to order service providers in other EU member states to surrender digital evidence. Providers who fail to comply within ten days or, in urgent cases, within eight hours, could face fines of up to two percent of their global group turnover. We manage our calendars online, store photos in the cloud, many of us haven’t seen the inside…

In Data Privacy

Living Free from the Sale of Personal Data: New Hampshire is the 14th US State to Pass Comprehensive Privacy Law

January 30, 2024 by Cynthia Cole, Rachel Ehlers, Helena Engfeldt, Brian Hengesbaugh, Cristina Messerschmidt, Justine Phillips and Jonathan Tam 7 Mins Read

On January 18, 2024, the New Hampshire legislature passed SB255, making the Granite State the 14th US state to pass a consumer privacy law—and the second state to do so in January. Following enrolment—a formality to excise clerical errors—the bill will move to Governor Chris Sununu’s desk for final enactment. If it becomes law, SB255 will go into effect on January 1, 2025, giving businesses less than one year to ensure compliance with the new…

In Cybersecurity

Celebrating Data Privacy Day 2024

January 29, 2024 by Anne-Marie Allgrove, Anne Petterd, Adrian Lawrence, Toby Patten, Caitlin Whale, Liz Grimwood-Taylor, Zhenyu Ruan, Michael Wang, Marcia Lee, Dominic Edmondson, Jennifer Lau, Daniel Pardede, Adhika Wiyoso, Wiku Anindito, Bimo Harimahesa, Kensaku Takase, Daisuke Tatsuno, Andre Gan, Trishelea Sandosam, Bienvenido A. Marquez III, Divina Ilas-Panganiban, Ken Chia, Victoria Wong, H. Henry Chang, Louis Hsieh, Pattaraphan Paiboon, Kritiyanee Buranatrevedhya, Manh Hung Tran, Huyen Minh Nguyen, Huu Tuan Nguyen, Maher Ghalloussi, Dr Lukas Feiler, Beat Koenig, Alexander Hofmann, Elisabeth Dehareng, Caroline Serbanescu, Milena Hoffmanová, Lenka Bešťáková, Dusan Hlavaty, Magalie Dansac Le Clerc, Prof. Dr. Michael Schmidl, Matthias Scholz, Michaela Nebel, Florian Tannen, Simone (Bach) Rieken LL.M., Ines K. Radmilovic, Dr. Csaba Vári, Francesca Gaudino, Annie Elfassi, Kyllian Talbourdet, Remke Scheepstra, Nathalja Doing, Radoslaw Nozykowski, Marcin Fialka, Martyna Czapska, Jakub Falkowski, Janet McKenzie, Fatima Ismail, Patricia Pérez, Pablo Uslé, Peder Oxhammar, Margarita Kozlov, William Höglund, Alessandro Celli, Johanna Moesch (Mösch), Can Sozer, Ecem Elver, Oleksiy Stolyarenko, Dmytro Skydan, Khrystyna Oleniuk, Vinod Bange, Benjamin Slinn, Robbie Downing, Ian Walden, Tamara Mackay-Temesy, Guillermo José Cervio, Roberto Grane, Martin Roth, Valentina Biondi Grane, Catalina Benatena, Flavia Rebello, Ludmila Lago, Theo Ling, Conrad Flaczyk, Nadia Rauf, Diego Ferrada, Carolina Pardo, Carlos Arboleda, Carlos Vela-Trevino, Daniel Villanueva-Plasencia, Paulina Bojalil, Teresa Tovar, Brian Hengesbaugh, Cynthia Cole, Lothar Determann, Justine Phillips, Rachel Ehlers, Helena Engfeldt, Jonathan Tam, Cristina Messerschmidt, Maria Eugenia Salazar-Furiati and Hector Martinez 2 Mins Read

28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…