On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
Enforcement
California AG Announces CCPA Enforcement Sweep Aimed at Mobile Apps and Authorized Agent Requests
Posted on
On January 27, 2023, California Attorney General Rob Bonta announced a new enforcement sweep aimed at businesses with mobile apps and other businesses that fail to comply with the California Consumer Privacy Act.
Continue Reading California AG Announces CCPA Enforcement Sweep Aimed at Mobile Apps and Authorized Agent Requests
CIPL Publishes Discussion Paper on Digital Assets and Privacy
Posted on
On January 20, 2023, The Centre for Information Policy Leadership at Hunton Andrews Kurth published “Digital Assets and Privacy,” a discussion paper compiling insights from workshops with CIPL member companies that explored the intersection of privacy and digital assets, with a particular focus on blockchain technology. …
Continue Reading CIPL Publishes Discussion Paper on Digital Assets and Privacy
Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context
Posted on
On January 4, 2023, the Irish Data Protection Commission announced the conclusion of two inquiries into the data processing practices of Meta Platforms, Inc. on the Instagram and Facebook platforms. …
Continue Reading Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context
New Cybersecurity Directives (NIS2 and CER) Enter into Force
Posted on
On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union and the Directive on the resilience of critical entities entered into force.
Continue Reading New Cybersecurity Directives (NIS2 and CER) Enter into Force
Whole Foods Settles BIPA Voiceprint Class Action
Posted on
On January 3, 2023, an Illinois state court entered a preliminary approval order for a settlement of nearly $300,000 in a class action lawsuit against Whole Foods for claims that the company violated the Illinois Biometric Information Privacy Act. …
Continue Reading Whole Foods Settles BIPA Voiceprint Class Action
Colorado AG Publishes Second Draft of Colorado Privacy Act Rules
Posted on
Posted in Enforcement, U.S. State Law
On December 21, 2022, the Colorado Attorney General published an updated version of the draft rules to the Colorado Privacy Act.
Continue Reading Colorado AG Publishes Second Draft of Colorado Privacy Act Rules
Five Guys Hit with BIPA Class Action
Posted on
On December 20, 2022, a former employee in Illinois, brought a class action suit against Five Guys Enterprises, LLC, alleging that Five Guys violated the Illinois Biometric Information Privacy Act. …
Continue Reading Five Guys Hit with BIPA Class Action
Irish Data Protection Commission Fines Meta €265 Million for Privacy Violations
Posted on
On November 25, 2022, Ireland’s Data Protection Commission released a decision fining Meta Platforms, Inc. €265 million for a 2019 data leak involving the personal information of approximately 533 million Facebook users worldwide.
Continue Reading Irish Data Protection Commission Fines Meta €265 Million for Privacy Violations
CPPA Announces Meeting to Discuss CPRA Rulemaking and Other Updates
Posted on
On December 6, 2022, the California Privacy Protection Agency announced that it will hold a virtual public meeting to discuss the status of the California Privacy Rights Act of 2020 rulemaking process and other topics.
Continue Reading CPPA Announces Meeting to Discuss CPRA Rulemaking and Other Updates