On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events.
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

On June 23, 2022, Italy’s data protection authority determined that a website’s use of the audience measurement tool Google Analytics is not compliant with the EU General Data Protection Regulation, as the tool transfers personal data to the United States, which does not offer an adequate level of data protection.
Continue Reading Italian Garante Bans Google Analytics

On June 21, 2022, the Colorado Attorney General’s Office announced it is seeking informal input from the public on its rulemaking related to the Colorado Privacy Act (“CPA”). Before starting its formal rulemaking process, the Office has indicated it wants to better “understand the community’s thoughts and concerns about data privacy.”

Continue Reading Colorado AG Seeks Public Input on CPA Rulemaking

On June 10, 2022, CIPL published a white paper entitled “Local Law Assessments and Online Services – Refining the Approach to Beneficial and Privacy-Protective Cross-Border Data Flows A: Case Study from British Columbia.”
Continue Reading CIPL Publishes New White Paper on the Approach of British Columbia, Canada to Cross-Border Data Transfers by Public Sector Bodies

On June 3, 2022, House Energy and Commerce Chair Rep. Frank Pallone, Ranking Member Rep. Cathy McMorris Rodgers and Senate Commerce, Science and Transportation Committee Ranking Member Sen. Roger Wicker released a new comprehensive federal privacy bill, the American Data Privacy and Protection Act.
Continue Reading House and Senate Release a Bipartisan U.S. Federal Privacy Bill