On February 13, 2024, the European Data Protection Board (“EDPB”) adopted Opinion 04/2024 on the notion of the main establishment of a controller in the Union under Article 4(16)(a) of the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).
Continue Reading EDPB Adopts Opinion on the Notion of Main EstablishmentThe European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?
On February 9, 2024, Hunton Andrews Kurth attorneys, David Dumont and Laura Léonard, and Centre for Information Policy Leadership Director of Privacy and Data Policy, Natascha Gerlach, published an op-ed discussing the implications of the European Commission’s proposal for a Regulation laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 (the “Draft GDPR Procedural Regulation”) and the draft report on the Draft GDPR Procedural Regulation by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the “Draft LIBE Report”).
Continue Reading The European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?Court Restores CPPA’s Authority to Enforce CPRA Regulations
On February 9, 2024, a California state court of appeal ruled in favor of the California Privacy Protection Agency (“CPPA”) and vacated the lower court order postponing enforcement of the CPPA’s final regulations under the California Consumer Privacy Act.
Continue Reading Court Restores CPPA’s Authority to Enforce CPRA RegulationsFCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice Calls
On February 8, 2024, the Federal Communications Commission declared that calls using AI- generated, cloned voices fall under the category of “artificial or prerecorded voice” within the Telephone Consumer Protection Act (“TCPA”) and therefore are generally prohibited without prior express consent, effective immediately. Callers must obtain prior express consent from the recipient before making a call using an artificial or prerecorded voice, absent an applicable statutory exemption or emergency.
Continue Reading FCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice CallsCNIL Publishes 2024 Investigation Focus Plan
On February 8, 2024, the French Data Protection Authority (the “CNIL”) announced the priority topics for its inspections in 2024.
Continue Reading CNIL Publishes 2024 Investigation Focus PlanWhat’s Next in Children’s Privacy: An Update on the FTC’s Proposed Changes to the COPPA Rule
Hunton Andrews Kurth is hosting a webinar discussing the Federal Trade Commission’s proposed revisions to the Children’s Online Privacy Protection Rule (i.e., the COPPA Rule) on February 20, 2024, at 12:00 p.m. (ET). Hunton partners Phyllis Marcus and Lisa Sotto will discuss the FTC’s recent proposal to strengthen federal protections for children’s privacy and the implications of the new changes, if enacted, for organizations. Register for the program now.
New Wave of Website Privacy Lawsuits Under the Pen Register and Trap and Trace Device Theory
In the latest evolution of lawsuits challenging technologies that track website users, California class action plaintiffs have begun to file under a new theory—the pen register and trap and trace device theory under Section 638.51 of the California Invasion of Privacy Act (“CIPA”).
Continue Reading New Wave of Website Privacy Lawsuits Under the Pen Register and Trap and Trace Device TheoryUK Government Publishes Response to Consultation on AI Regulation White Paper
On February 6, 2024, the UK government published a response to the consultation on its AI Regulation White Paper, which the UK government originally published in March 2023. The White Paper set forth the UK government’s “flexible” approach to regulating AI through five cross-sectoral principles for the UK’s existing regulators to interpret and apply within their remits (read further details on the White Paper). A 12-week consultation on the White Paper was then held and this response summarizes the feedback and proposed next steps.
Continue Reading UK Government Publishes Response to Consultation on AI Regulation White PaperFTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures
On February 1, 2024, the Federal Trade Commission announced a proposed settlement with Blackbaud Inc. (“Blackbaud”) in connection with alleged security failures that resulted in a breach of the company’s network and access to the personal data of millions of consumers. As part of the settlement, Blackbaud will be required to comply with a variety of obligations, including deleting personal data that the company does not have a need to retain.
Continue Reading FTC Proposes Settlement with Blackbaud in Connection with Alleged Security FailuresUK ICO Warns Organizations to Make Advertising Cookies Compliant Following Call to Action
In November 2023, the UK Information Commissioner’s Office (“ICO”) wrote to organizations operating 53 of the UK’s biggest websites regarding their compliance with data protection laws when using cookies. On January 31, 2024, the ICO released a statement on such action noting that it received “an overwhelmingly positive response” with 38 of those organizations having changed their cookie banners in order to come into compliance. Others have either committed to ensuring compliance within a month, or are exploring other solutions such as contextual advertising.
Continue Reading UK ICO Warns Organizations to Make Advertising Cookies Compliant Following Call to Action