Ropes & Gray, in partnership with Mass Insight Global Partnerships, hosts and presents the Data Insights webinar series. This series focuses on bringing together business people, academics and researchers, and government policy makers to discuss issues associated with the collection and use of data to address significant problems across a broad range of contexts. The
The debate concerning the UK’s controversial Online Safety Bill (OSB) has continued to rumble on in recent days, with the UK Government reportedly again being warned that there is a real risk that certain messaging apps could be withdrawn from the UK if compromises cannot be reached on a number of issues.
The OSB, which is currently being debated in the House of Lords, aims to increase the responsibility of social media platforms for their users’ safety. It is intended to protect both children and adults in various ways. Continue Reading Controversy around the UK’s Online Safety Bill continues
Since 2000, technological advances have transformed how customers interact with financial institutions and how such firms store, process and protect personal information. The proliferation of large-scale hacks and data breaches throughout this time simultaneously demonstrated the difficulty of data protection given the ever-evolving nature of cybercrime. Despite these developments, the SEC has failed to update
Find an umbrella. . . . The recent deluge of state-level privacy legislation continues. Legislatures in three additional states—Indiana, Montana, and Tennessee—have adopted comprehensive privacy laws. The Indiana Consumer Data Protection Act (ICDPA) was signed into law on May 1, 2023, making Indiana the seventh state to adopt such a law, and legislatures in Montana and Tennessee have passed legislation that is expected to be signed into law by their respective governors soon. Only one month ago, Iowa became the sixth state to adopt a comprehensive privacy law, and, of course, California, Colorado, Connecticut, Utah, and Virginia each have laws that either are already in effect or that will go into effect later his year. Meanwhile, on April 27, 2023, the governor of Washington signed into law the My Health My Data Act, a significant development that will impact many businesses that collect or process consumer health data (expect an update on this topic here soon). Continue Reading When It Rains, It Pours (State Privacy Laws)
Tune in to the third episode of Ropes & Gray’s podcast series, The Data Day, brought to you by the firm’s data, privacy & cybersecurity practice. This series focuses on the day-to-day effects that data has on all of our lives as well as other exciting and interesting legal and regulatory developments in the
A number of encrypted messaging services have signed an open letter calling on the UK Government to reconsider various aspects of the Online Safety Bill (OSB) pending its final reading in the House of Lords, over concerns that the bill could threaten end-to-end encryption.
End-to-end encryption currently delivers a strong level of security for electronic messages, meaning that messages can only be read on the apps of the sender and intended recipient. Continue Reading Messaging Apps Call for Re-evaluation of the Online Safety Bill
On March 28, Iowa Governor Kim Reynolds signed Senate File 262 into law, making Iowa the sixth state to adopt comprehensive data privacy legislation. The Iowa Consumer Data Protection Act (ICDPA) is set to take effect on January 1, 2025.
The ICDPA is largely business friendly and mostly comparable to the Utah Consumer Privacy Act. Businesses that are already in compliance with other states’ privacy laws—such as the California Consumer Privacy Act—likely will not need to make any additional changes to their policies or practices to comply with the ICDPA. The ICDPA does not require businesses to conduct risk assessments, practice purpose limitations or data minimization, and businesses have a generous 90-day cure period for suspected violations. Furthermore, as we’ve seen with the other states that have recently passed comprehensive privacy laws, the law does not provide a private right of action for consumers, as enforcement authority sits exclusively with the Iowa Attorney General.Continue Reading Iowa Becomes Sixth State to Pass Comprehensive Data Privacy Law
On February 22, 2023, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Measures for the Standard Contract for Cross-Border Transfer of Personal Information (the “Measures”), along with the final version of the standard contractual clauses for cross-border transfer of personal information stipulated under the Personal Information Protection Law (the “PIPL SCCs”).
On February 17, 2023, the exposure risk of a company found to be violating Illinois’ Biometric Information Privacy Act (BIPA) increased to a potentially crippling amount. What was previously commonly understood to entail a maximum of $1,000 per negligent (or $5,000 for reckless) violation per plaintiff now authorizes a $5,000 fine per instance of collection, turning—for example—the nonconsensual use of an employee’s fingerprint for clocking in and out of work multiple times per day to 1,040 violations of BIPA per year if a full-time employee clocks in and/or out just four times each day, potentially resulting in estimated damages of $1,040,000 for negligent violations or $5,200,000 for reckless violationsContinue Reading BIPA Ahead: A New Ruling Introduces a Staggering Depth Beneath the Tip of the BIPA Iceberg
On Friday, February 3, 2023, the California Privacy Protection Agency (the “CPPA”) Board (the “Board”) approved draft regulations issued under the California Consumer Privacy Act, as amended and expanded by the California Privacy Rights Act (together, the “CCPA”). The draft regulations will now go through review by the Office of Administrative Law (the “OAL”), the final step in the rulemaking process before the regulations are scheduled to take effect. The draft agreed upon by the Board is in substantially the same form as the draft regulations published in November 2022 with only minor grammatical and stylistic changes. As such, the draft regulations will have a significant impact on many businesses if approved, adding specifics around the CCPA’s proportionality requirements, contracts with service providers and other third parties, opt-out preference signals, and processes for responding to data subject rights requests. In the same meeting, the Board also requested public comment on topics that are likely to be covered in a new set of regulations from February 10, 2023, through March 27, 2023.Continue Reading Across the Finish Line (Almost): Revised California Consumer Privacy Act Regulations Approved by California Privacy Board