On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).

Continue Reading Government Security Assessment on Cross-Border Transfer in China

On June 23, 2022, Italy’s data protection authority determined that a website’s use of the audience measurement tool Google Analytics is not compliant with the EU General Data Protection Regulation, as the tool transfers personal data to the United States, which does not offer an adequate level of data protection.
Continue Reading Italian Garante Bans Google Analytics

On February 6, 2017, the FTC announced that it has agreed to settle charges that VIZIO, Inc., installed software on about 11 million consumer televisions to collect viewing data without consumers’ knowledge or consent. The stipulated federal court order requires VIZIO to pay 2.2 million dollars to the FTC and New Jersey Division of Consumer Affairs.
Continue Reading FTC Announces Settlement Regarding Collecting Consumer TV Viewing Data

On October 19, 2016, the Court of Justice of the European Union issued its judgment in Patrick Breyer v. Bundesrepublik Deutschland, following the Opinion of Advocate General earlier this year. The CJEU followed the Opinion of the Advocate General and declared that the dynamic IP address of a website user is considered personal data.
Continue Reading CJEU Rules That Dynamic IP Addresses Are Personal Data

On October 3, 2016, the Texas Attorney General announced a $30,000 settlement with mobile app developer Juxta Labs stemming from allegations that the company engaged in deceptive practices regarding its collection of personal information from children.
Continue Reading Texas AG Settles Suit with Messaging App Over Children’s Data Practices

On August 1, 2013, a federal district court in Minnesota denied a criminal defendant’s motion to suppress evidence, holding that the defendant had no reasonable expectation of privacy in computer files he had shared on a peer-to-peer network.
Continue Reading Federal Court Finds No Reasonable Expectation of Privacy in Computer Files Shared on a Public Network