Category: Regulatory News

The White House Office of Management and Budget issued guidance on Monday giving all federal agencies 30 days to wipe TikTok from employees’ devices. Mandated by Congress, the move follows similar guidance by the Pentagon, Department of Homeland Security, and the State Department, all of which cited alleged data harvesting by the Chinese-developed app. “How unsure of itself can the world’s top superpower be to fear a favorite app of young people like that?” Chinese Foreign Ministry spokeswoman Mao Ning told a press briefing on Tuesday. 

Today, on behalf of the U.S. Environmental Protection Agency (EPA) and in coordination with the U.S. Attorney’s Office for the Eastern District of Louisiana, the U.S. Department of Justice filed a complaint under Section 303 of the Clean Air Act against Denka Performance Elastomer LLC (Denka) to compel Denka to significantly reduce hazardous chloroprene emissions from its neoprene manufacturing facility in LaPlace, Louisiana.

Last week, Canada’s federal privacy watchdog and its provincial counterparts in British Columbia, Alberta and Quebec announced an investigation to delve into whether the app complies with Canadian privacy legislation. Canadian Treasury Board President Mona Fortier said the federal government will also block the app from being downloaded on official devices in the future.

Crypto exchanges Huobi and KuCoin, both based in Seychelles, failed to take steps to prevent sanctioned Russian banks from using their platforms, according to a report from the blockchain analytics firm Inca Digital provided to POLITICO. Both exchanges still allow traders to transact with debit cards issued by sanctioned Russian banks, including Sberbank, on their peer-to-peer platforms, according to the report, which will be published later today.

While neither exchange actually accepts funds from blacklisted banks, letting crypto buyers trade with each other using accounts with sanctioned institutions represents a “direct violation of U.S. and European sanctions with a little bit of a loophole,” Inca CEO Adam Zarazinski said in an interview.

Covered entities under the California Consumer Privacy Act are on the cusp of long-awaited legal certainty regarding updated compliance efforts. The California Privacy Protection Agency Board voted 4-0 at its latest meeting to finalize its first set of proposed California Privacy Rights Act regulations. The final rulemaking package, which consists of the proposed regulations and a draft final statement of…

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies. This is the first enforcement action taken under the…

  Author: Keri Bennett As of February 1, 2023, two new sections of the British Columbia Freedom of Information and Protection of Privacy Act (“FIPPA”) and associated regulations are in force. All public bodies governed by FIPPA in the province of British Columbia (generally speaking all government ministries and the broader public sector) are now required to report privacy breaches to individuals and the Office of…

  The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies. In a first-of-its-kind proposed order, filed by the…

In a complaint first announced in October 2022, the FTC said that Chegg failed to protect the personal information it collected from users and employees. For example, the company stored users’ personal data on its cloud storage databases in plain text and, until at least 2018, employed outdated and weak encryption to protect user passwords. As a result of its poor data security, Chegg experienced four data breaches that exposed the personal information of about 40 million users and employees, including users’ email addresses and sensitive scholarship data such as their dates of birth, sexual orientation and disabilities, as well as financial and medical information about Chegg employees.

The FTC’s order requires Chegg to implement a comprehensive information security program, limit the data the company can collect and retain, offer users multifactor authentication to secure their accounts, and allow users to request access to and deletion of their dat

The U.S. took a big step in the development of a national artificial intelligence strategy with the release of the U.S. Department of Commerce National Institute of Standards and Technology’s Artificial Intelligence Risk Management Framework 1.0, Jan. 26.

Required under the National AI Act of 2020, the framework is the product of 15 months of work by NIST scientists who compiled public comments from more than 240 AI stakeholders through multiple listening sessions and workshops, while producing two previous drafts of the document last year. The framework is voluntary but will help organizations deploying AI systems to enhance their trustworthiness and reduce biases, while protecting individuals™ privacy.

Along with the framework document, the NIST also released the AI RMF Playbook, which is expected to be updated every six months as best practices for navigating the framework develop, according to Under Secretary of Commerce for Technology and NIST Director Laurie Locascio.

The fate of Meta’s data transfers to the U.S. could hinge on an Article 65 dispute resolution mechanism in the EU, after Ireland’s Data Protection Commission was unable to resolve objections from other EU data protection authorities to its draft enforcement decision. Politico reporter Vincent Manancourt originally broke the news, which was then confirmed by the DPC in an email…

The largest companies across the technology sector have been hit by tens of thousands of layoffs in recent months. Unable to maintain major growth experienced during the height of the COVID-19 pandemic, many such companies look to cut back and privacy professionals have not been immune. Just last week, Google announced it is laying off 12,000 employees and Amazon notified…

With 2022 behind us, what will companies need to address for U.S. privacy laws in the first half of 2023? New regulations. The latest regulation drafts for California and Colorado have a number of requirements that differ from the statutes and may require changes to privacy operations and business practices. Here are nine areas that may require changes: 1. Adjusting…

Data anonymization is an important tool for organizations to protect the personal data of individuals, while averting the onerous requirements of the EU and U.K. General Data Protection Regulations. Unfortunately, guidance on this subject is often unclear, with standards for anonymization differing among jurisdictions. This article provides privacy practitioners with a concise guide to understanding these divergent approaches. It further…

On January 4, 2023, the Irish Data Protection Commission (“DPC”) announced the conclusion of two inquiries into the data processing practices of Meta Platforms, Inc. (“Meta”) with respect to the company’s Instagram and Facebook platforms. As a result of the investigations, the DPC fined Meta a combined €390 million for breaches of the EU General Data Protection Regulation (“GDPR”) and,…

On January 3, 2023, an Illinois state court entered a preliminary approval order for a settlement of nearly $300,000 in a class action lawsuit against Whole Foods for claims that the company violated the Illinois Biometric Information Privacy Act (“BIPA”). The plaintiffs alleged that Whole Foods unlawfully collected voiceprints from employees who worked at the company’s distribution centers.  In the…