On October 24, 2024, in a long-awaited decision in Vita v. New England Baptist Hospital, Massachusetts’ highest court snuffed out an attempt to use the state’s 1968 Wiretap Act to impose liability on a hospital system for its use of third-party analytics technologies on its website. The case had been closely watched by the business […]
Privacy
EDPB Adopts Opinion on the Use of Processors and Sub-processors
On October 7, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on obligations following from the use of processors and sub-processors (the “Opinion”). The EDPB is the body that seeks to ensure harmonised application of the EU GDPR across the European Economic Area (“EEA”) and is comprised of the heads of the data […]
California Joins the Neural Data Bandwagon
On August 31, the California assembly passed SB1223, which amends the CCPA/CPRA to include “neural data” as a type of sensitive data. SB1223, which is likely to become law, defines “neural data” as “information that is generated by measuring the activity of a consumer’s central or peripheral nervous system, and that is not inferred from […]
EU Data Protection Regulators Publish Additional Guidance On The EU-U.S. Data Privacy Framework
Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data Protection Supervisor (‘EDPS’) – adopted two Frequently Asked Questions (‘FAQ’) documents concerning the EU-U.S. Data Privacy Framework (‘DPF’), aimed at providing […]
New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws
On August 1, 2024, New York Attorney General (“AG”) Letitia James issued two advanced notices of proposed rulemaking (“ANPRs”) for the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (the “SAFE Act”) and the Child Data Protection Act (the “CDPA”), both of which New York Governor Kathy Hochul signed into law on June 20, 2024. […]