Privacy

Posted October 11, 2024

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

by Steven Farmer, Scott Morton and Mark Booth

Steven Farmer

Scott Morton

Mark Booth

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing practices. On October, 10, 2024, CNIL fined two companies offering remote clairvoyance services a total of €400,000—€250,000 for Cosmospace and €150,000 for Telemaque—for breaches including excessive data retention, failure to obtain explicit consent for sensitive data processing, and non-compliance with marketing consent rules. These decisions serve as a reminder for businesses to evaluate their data protection policies to avoid costly penalties and maintain consumer trust.

Posted September 30, 2024

CPPA Continues Rulemaking on AI, the New Delete Request and Opt-Out Platform (DROP), Cybersecurity Audits and Privacy Risk Assessments

by Jeewon K. Serrato, Shruti Bhutani Arora and Christine Mastromonaco

Jeewon K. Serrato

Shruti Bhutani Arora

Christine Mastromonaco

The California Privacy Protection Agency (CPPA) has released the agenda for its upcoming public board meeting on October 4, 2024. This meeting is set to cover important regulatory and enforcement matters related to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Here’s a breakdown of the substantive agenda:

Posted June 26, 2024

The UK Introduces Tougher Penalties for Consumer Protection Breaches

by Scott Morton and Mark Booth

Scott Morton

Mark Booth

In May 2024 the UK passed the new Digital Markets, Competition and Consumers Act (DMCC). Amongst other changes, the DMCC grants the UK Competition and Markets Authority (CMA) new powers to directly impose fines of up to 10% of a business’s global turnover for consumer protection breaches and to issue notices requiring changes to online interfaces, significantly enhancing the CMA’s enforcement capabilities.

Posted June 5, 2024

New Report Latest to Cast Uncertainty over EU-U.S. Data Privacy Framework

by Steven Farmer, Shruti Bhutani Arora, Jeewon K. Serrato, Mark Booth and Gabby Torres

A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest development to cause concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will likely fail if challenged before the Court of Justice of the European Union (CJEU).

Posted May 22, 2024

Consumer Protection Dispatch: The Latest Developments in the World of Consumer Protection (5/22/24)

by Christine Mastromonaco, Shruti Bhutani Arora and Jeewon K. Serrato

Christine Mastromonaco

Shruti Bhutani Arora

Jeewon K. Serrato

(The Consumer Protection Dispatch summarizes industry news and updates on emerging issues involving a variety of consumer protection issues including, but not limited to, data and AI.)

This week’s edition includes latest developments relating to AI laws passed by Colorado, Tennessee and Utah, U.S. Senate bipartisan working group on AI, a new privacy bill from Vermont and a new privacy law from Maryland, a new Colorado law protecting neural data, and updates from the California Privacy Protection Agency.