On March 22, 2024, the Cyberspace Administration of China issued the Provisions on Facilitation and Regulation of Cross-Border Data Flows, which were effective the same day. The CAC also held a press conference to introduce and explain the Provisions. This blog entry provides a summary of the Provisions.
Continue Reading New Era of Regulation for Cross-Border Transfers in China

Earlier this month, the Virginia legislature passed S.B. 361, which amends the Virginia Consumer Data Protection Act to introduce new protections for children’s privacy. If signed by the Virginia Governor, the new children’s privacy protections will go into effect on January 1, 2025.
Continue Reading Virginia Legislature Passes Children’s Privacy Bill

On March 20, 2024, the U.S. House of Representatives passed legislation that will prohibit data brokers from transferring U.S. residents’ sensitive personal data to foreign adversaries, including China and Russia. The Protecting Americans’ Data from Foreign Adversaries Act of 2024 marks a significant development in executive and legislative action related to foreign access to U.S. data.
Continue Reading House Passes the Protecting Americans’ Data from Foreign Adversaries Act

On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of Endemol Shine (Case C‑604/22). In this case, the CJEU was called upon to assess whether oral disclosure of information could be considered as processing of personal data under the GDPR and to clarify the relationship between personal data protection and public access to documents.
Continue Reading CJEU Rules That Oral Disclosure May Be Considered as Processing of Personal Data Under the GDPR

As reported by Bloomberg Law, on February 27, 2024, at RemedyFest, a conference hosted by Bloomberg Beta and Y Combinator, Federal Trade Commission Chair Lina Khan said that sensitive personal data that is linked to health, geolocation and web browsing history should be excluded from training artificial intelligence models.
Continue Reading FTC Chair Asserts Certain Sensitive Data Should Be Excluded from Training AI Models

On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework