Photo of Jake Barr

On April 24, President Biden signed a sweeping foreign aid bill into law, which included a critical provision covering privacy and data transfers known as the Protecting Americans’ Data from Foreign Adversaries Act (“PADFA”). This Act is separate from the TikTok divestment portion of the legislation, which has received far greater attention in the press. 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued its Notice of Proposed Rulemaking (NPRM) to establish the first cross-sectoral federal cybersecurity incident and ransomware payment reporting system.

As noted in an alert in March 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) into law just over two

On February 28, 2024, President Biden announced an Executive Order (“EO”) directing the Department of Justice (“DOJ”) to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. As directed by the EO, on February 28, the DOJ published an Advance Notice of Proposed Rulemaking (“ANPRM”) on topics related to the implementation of the EO. The Ropes & Gray team provided detailed analysis on both the EO and ANPRM here.Continue Reading Lawmakers Pass Milestone Privacy Bill Overshadowed by TikTok Fever

On February 28, 2024, President Biden announced an Executive Order directing the Department of Justice to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. The DOJ’s initially identified countries are China (including Hong Kong and Macau), Russia, Iran

As laid out in our earlier blogpost, part of Ropes & Gray’s Data, Privacy & Cybersecurity Group’s “12 Days of Data” series, one thing to look out for in 2024 is an update from the Federal Trade Commission (FTC) on its Children’s Online Privacy Protection Act Rule (COPPA Rule) review. Well, we did not have to wait until 2024. On December 20, 2023, the FTC announced proposed changes to the COPPA Rule.

The Notice of Proposed Rulemaking (NPRM) is the culmination of a process that began on July 25, 2019, when the FTC first solicited comments on the COPPA rule promulgated in 2013. The NPRM is seeking comments on the proposed changes as well as some related questions within 60 days of publication in the Federal Register (the deadline will likely fall in late February).Continue Reading FTC Proposes Amendments to the COPPA Rule as Part of Continued Attention to Children’s Privacy

Last holiday season, we were looking under the tree to see if President Biden and the U.S. Congress would leave the gift of a new national children’s online privacy and safety law—and whether it would turn out to be a welcome surprise or a lump of coal. It was widely reported that a group of senators were pushing to include the Children and Teens’ Online Privacy Protection Act (“COPPA 2.0”) and the Kids Online Safety Act (“KOSA”) in the fiscal year 2023 funding bill. However, once everything was unwrapped, the bills were pulled from the funding package.Continue Reading Naughty or Nice: Children’s Online Privacy and Safety Developments and Expectations