Listen to this post

On February 13, 2024, the European Data Protection Board (“EDPB”) adopted Opinion 04/2024 on the notion of the main establishment of a controller in the Union under Article 4(16)(a) of the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).

Continue Reading EDPB Adopts Opinion on the Notion of Main Establishment
Listen to this post

On February 9, 2024, Hunton Andrews Kurth attorneys, David Dumont and Laura Léonard, and Centre for Information Policy Leadership Director of Privacy and Data Policy, Natascha Gerlach, published an op-ed discussing the implications of the European Commission’s proposal for a Regulation laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 (the “Draft GDPR Procedural Regulation”) and the draft report on the Draft GDPR Procedural Regulation by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the “Draft LIBE Report”).

Continue Reading The European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?
Listen to this post

On February 9, 2024, a California state court of appeal ruled in favor of the California Privacy Protection Agency (“CPPA”) and vacated the lower court order postponing enforcement of the CPPA’s final regulations under the California Consumer Privacy Act.

Continue Reading Court Restores CPPA’s Authority to Enforce CPRA Regulations
Listen to this post

On February 8, 2024, the Federal Communications Commission declared that calls using AI- generated, cloned voices fall under the category of “artificial or prerecorded voice” within the Telephone Consumer Protection Act (“TCPA”) and therefore are generally prohibited without prior express consent, effective immediately. Callers must obtain prior express consent from the recipient before making a call using an artificial or prerecorded voice, absent an applicable statutory exemption or emergency.

Continue Reading FCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice Calls
Listen to this post

Hunton Andrews Kurth is hosting a webinar discussing the Federal Trade Commission’s proposed revisions to the Children’s Online Privacy Protection Rule (i.e., the COPPA Rule) on February 20, 2024, at 12:00 p.m. (ET). Hunton partners Phyllis Marcus and Lisa Sotto will discuss the FTC’s recent proposal to strengthen federal protections for children’s privacy and the implications of the new changes, if enacted, for organizations. Register for the program now.

Listen to this post

In the latest evolution of lawsuits challenging technologies that track website users, California class action plaintiffs have begun to file under a new theory—the pen register and trap and trace device theory under Section 638.51 of the California Invasion of Privacy Act (“CIPA”).

Continue Reading New Wave of Website Privacy Lawsuits Under the Pen Register and Trap and Trace Device Theory
Listen to this post

On February 6, 2024, the UK government published a response to the consultation on its AI Regulation White Paper, which the UK government originally published in March 2023. The White Paper set forth the UK government’s “flexible” approach to regulating AI through five cross-sectoral principles for the UK’s existing regulators to interpret and apply within their remits (read further details on the White Paper). A 12-week consultation on the White Paper was then held and this response summarizes the feedback and proposed next steps.

Continue Reading UK Government Publishes Response to Consultation on AI Regulation White Paper
Listen to this post

On February 1, 2024, the Federal Trade Commission announced a proposed settlement with Blackbaud Inc. (“Blackbaud”) in connection with alleged security failures that resulted in a breach of the company’s network and access to the personal data of millions of consumers. As part of the settlement, Blackbaud will be required to comply with a variety of obligations, including deleting personal data that the company does not have a need to retain.

Continue Reading FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures
Listen to this post

In November 2023, the UK Information Commissioner’s Office (“ICO”) wrote to organizations operating 53 of the UK’s biggest websites regarding their compliance with data protection laws when using cookies.  On January 31, 2024, the ICO released a statement on such action noting that it received “an overwhelmingly positive response” with 38 of those organizations having changed their cookie banners in order to come into compliance. Others have either committed to ensuring compliance within a month, or are exploring other solutions such as contextual advertising.

Continue Reading UK ICO Warns Organizations to Make Advertising Cookies Compliant Following Call to Action