On March 6, 2024, Governor Chris Sununu signed into law SB 255, making New Hampshire the 15th state with a comprehensive state privacy law. This blog entry provides a summary of the new law.
Continue Reading New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law
Data Controller
CJEU Rules on IAB Europe’s Transparency and Consent Framework
On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework
EDPB Adopts Opinion on the Notion of Main Establishment
On February 13, 2024, the European Data Protection Board (“EDPB”) adopted Opinion 04/2024 on the notion of the main establishment of a controller in the Union under Article 4(16)(a) of the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).Continue Reading EDPB Adopts Opinion on the Notion of Main Establishment
French DPA Issues Guidelines on Data Protection and AI
On October 11, 2023, the French Data Protection Authority (the “CNIL”) published a new set of guidelines addressing the research and development of AI systems from a data protection perspective. …
Continue Reading French DPA Issues Guidelines on Data Protection and AI
India Poised to Enact Digital Personal Data Protection Bill
On August 9, 2023, India’s upper house (i.e., Rajya Sabha) passed the Digital Personal Data Protection Bill, two days after India’s lower house (i.e., Lok Sabha) passed the legislation. The DPDPB now heads to India President Droupadi Murmu for signature.
Continue Reading India Poised to Enact Digital Personal Data Protection Bill
European Data Protection Board Issues Information Note on Data Transfers under the Data Privacy Framework
On July 19, 2023, the European Data Protection Board issued an Information Note regarding data transfers to the U.S. following the adoption of an adequacy decision on the EU-U.S. Data Privacy Framework on July 10, 2023.
Continue Reading European Data Protection Board Issues Information Note on Data Transfers under the Data Privacy Framework
Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act (H.B. 154), a day after the Delaware Senate passed the legislation. The DPDPA heads to Governor John Carney for a final signature. …
Continue Reading Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
Oregon Consumer Privacy Act
On June 22, 2023, the Oregon House of Representatives passed the Oregon Consumer Privacy Act (S.B. 619), which was previously passed by the Oregon Senate on June 20, 2023. The OCPA has been sent to the Oregon governor’s desk for signature. If signed, the OCPA would make Oregon the 12th state to have enacted comprehensive privacy legislation.
Continue Reading Oregon Consumer Privacy Act
New Washington State Geofencing Ban Set to Take Effect in July
On April 27, 2023, Washington adopted the My Health My Data Act. Most of the law’s provisions are not effective until March 31, 2024 (or June 30, 2024 for small businesses). The law’s geofencing prohibition, however, is set to take effect on July 23, 2023.
Continue Reading New Washington State Geofencing Ban Set to Take Effect in July
Texas Senate Passes Texas Data Privacy and Security Act
On May 10, 2023, the Texas Senate passed H.B. 4, also known as the Texas Data Privacy and Security Act. …
Continue Reading Texas Senate Passes Texas Data Privacy and Security Act