On June 17, 2021, Senator Kirsten Gillibrand (D-NY) announced the reintroduction of the Data Protection Act of 2021, which would create an independent federal agency, the Data Protection Agency, to “regulate high-risk data practices and the collection, processing, and sharing of personal data.”
Continue Reading Senator Gillibrand Announces Renewed Data Protection Act 2021

This week, the Federal Trade Commission voted 3 to 1 to accept a settlement agreement with MoviePass, Inc., its parent company, and two of the now-defunct company’s former employees, after allegations of data security issues and deceptive trade practices.
Continue Reading Now Playing at the FTC: MoviePass Data Security Case and ROSCA Settlement

On June 3, 2021, the U.S. Supreme Court in Van Buren v. United States reversed the U.S. Court of Appeals for the Eleventh Circuit’s decision to uphold the conviction of Nathan Van Buren, who was alleged to have violated the Computer Fraud and Abuse Act of 1986.
Continue Reading United States Supreme Court Adopts Narrow Interpretation of Scope of Liability Under the Computer Fraud and Abuse Act

On May 25, 2021, the Office for Civil Rights of the U.S. Department of Health and Human Services announced that it had reached a settlement with a clinical laboratory for violations of the HIPAA Security Rule. As part of this settlement, the company agreed to pay OCR $25,000 and to implement a robust corrective action plan.
Continue Reading HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule

On May 11, 2021, Senators Edward Markey (D-MA) and Bill Cassidy (R-LA) introduced the Children and Teens’ Online Privacy Protection Act. The Bill, which would amend the existing Children’s Online Privacy Protection Act, would prohibit companies from collecting personal information from children ages 13 to 15 without their consent.
Continue Reading Senate Bill Would Expand Federal Children’s Privacy Protections

On April 27, 2021, the Portuguese Data Protection Authority ordered the National Institute of Statistics to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.
Continue Reading Portuguese DPA Orders Suspension of U.S. Data Transfers by Agency That Relied on SCCs

Building upon its April 2020 business guidance on Artificial Intelligence and Algorithms, the FTC has published new guidance focused on how businesses can promote truth, fairness and equity in their use of AI. In the guidance, the FTC recognizes the potential benefits of AI, but stresses the need to harness these benefits without inadvertently introducing bias or other unfair outcomes.
Continue Reading FTC Reiterates AI Best Practices