The next steps in Australia’s long bubbling reform of the privacy regime has been announced, with draft legislation expected to be tabled by August 2024. The reform is being presented as part of the Federal Government’s efforts to improve online safety, particularly for women, but it’s not clear how broad its remit will be at

Continue Reading Australia: Privacy Act Updates Expected in August 2024

On Monday 29 April, new cyber security requirements entered into force in the United Kingdom.  They apply to connected products sold to consumers and place obligations on the manufacturers, importers and distributors of those products.

Background

The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Regulations) are the

Continue Reading UK: New cyber security requirements for consumer products

On April 4, 2024, Kentucky Governor Andy Beshear signed House Bill 15, an act related to Kentucky consumer data privacy (“KCDPA”). Kentucky now joins the expanding list of states with comprehensive state privacy legislation, with the KCDPA set to take effect January 1, 2026.

Scope

The KCDPA applies to entities conducting business in Kentucky

Continue Reading US: Kentucky Legislature Passes Comprehensive State Privacy Law

The Federal Trade Commission (“FTC”) is taking bold actions to challenge business’s collection and monetization of consumers’ personal data—particularly sensitive personal data. This month, the FTC reached settlements with a data broker, X-Mode Social and its successor Outlogic LLC (“X-Mode”), and an alcohol addiction treatment firm, Monument Inc. (“Monument”), for, among other things, allegedly selling

Continue Reading US: The FTC Cracks Down on Sensitive Personal Information Disclosures

Disclaimer: The blogpost below is based on a previously published Thomson Reuters Practical Law practice note (EU AI Act: data protection aspects (EU)) and only presents a short overview of and key takeaways from this practice note. This blogpost has been produced with the permission of Thomson Reuters, who has the copyright over the

Continue Reading Europe: The EU AI Act’s relationship with data protection law: key takeaways

The California Privacy Protection Agency (“CPPA”) has been active since the start of the year.  In this blog post we summarize some key activities of the CPPA to date in 2024, including:

  • On April 2, 2024, the CPPA Enforcement Division issued its inaugural advisory, emphasizing the importance of data minimization.  (Read more about
Continue Reading US: CCPA and California Privacy Protection Agency Updates: 2024 to Date

The European Data Protection Board (“EDPB”) has adopted an Opinion (“EDPB Opinion”) on the validity of consent to process personal data for the purposes of behavioural advertising in the context of ‘consent or pay’ models deployed by large online platforms. The EDPB concludes that “in most cases”, the requirements of

Continue Reading Europe: EDPB issues Opinion on ‘consent or pay’ models deployed by large online platforms

Data classification and grading is an obligation that each data handler must comply with under the Chinese data protection laws. Data handlers have been waiting for clear requirements and standards on how to carry out the relevant work. The newly published national standard GB/T 43697-2024 Data Security Technology – Rules for Data Classification and Grading

Continue Reading CHINA: New national data classification and grading standard is released

This month, the Department of Homeland Security (“DHS”) Cybersecurity and Infrastructure Security Agency (“CISA”) released its long-awaited proposed draft regulations pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA” or the “Act”).

The Act was enacted on March 15, 2022, following several significant and disruptive cyberattacks on critical infrastructure in the

Continue Reading US CIRCIA Update: CISA Proposed Regulations Released  

On March 6, 2024, the New Hampshire Governor signed into law Senate Bill 255 (the “NH Act”), making New Hampshire the 15th state to adopt a comprehensive state privacy law. The NH Act will take effect January 1, 2025. This post explores how the NH Act stacks up against the other comprehensive state privacy

Continue Reading US: New Hampshire Enacts 15th Comprehensive State Privacy Law