Privacy & Information Security Law Blog

On July 30, 2024, in a 91-3 vote, the U.S. Senate passed two bills aimed at protecting youth online: the Kids Online Safety Act and the Children and Teens’ Online Privacy Protection Act.

On July 22, 2024, Google announced that the company is scrapping its plans to phase out the use of third-party cookies in its Chrome browser. Google previously announced plans in 2020 to phase out third-party cookies, a digital advertising tool that tracks consumers’ Internet activity across websites. The company intended to replace third-party cookies with privacy-protective APIs through its Privacy Sandbox initiative.

In June 2024, the European Union Agency for Fundamental Rights (“FRA”) published a report on the experiences, challenges and practices of data protection authorities (“DPAs”) when implementing the EU General Data Protection Regulation (“GDPR”) (the “Report”). The Report was requested by the European Commission ahead of their 2024 GDPR evaluation report, which was published on July 25, 2024.

On July 23, 2024, the Federal Trade Commission announced that it had launched a study of eight companies’ “surveillance pricing” practices. According to the FTC, “the orders are aimed at helping the FTC better understand the opaque market for products by third-party intermediaries that claim to use advanced algorithms, artificial intelligence and other technologies, along with personal information about consumers—such as their location, demographics, credit history, and browsing or shopping history—to categorize individuals and set a targeted price for a product or service.”

On July 22, 2024, Google announced that the company had scrapped its plan to phase out the use of third-party cookies in its Chrome browser.

On July 18, 2024, in a highly anticipated ruling, U.S. District Judge Paul A. Engelmayer dismissed a substantial portion of the U.S. Securities and Exchange Commission’s case against SolarWinds Corporation and its Chief Information Security Officer, Timothy Brown.

On July 17, 2024, the King’s Speech marked the start of the UK parliamentary year. In the King’s Speech, the Digital Information and Smart Data Bill and Cyber Security and Resilience Bill were announced.

Earlier this month, the Federal Trade Commission, International Consumer Protection and Enforcement Network and Global Privacy Enforcement Network announced the results of a comprehensive review regarding the use of “dark patterns.”

On July 16, 2024, the California Privacy Protection Agency Board held a public meeting and discussed next steps regarding its upcoming Formal Rulemaking for Automated Decisionmaking Technology, Risk Assessments, Cybersecurity Audits, Insurance, and Updates to Existing Regulations.

On July 16, 2024 the bipartisan Healthcare Cybersecurity Act was introduced, designed to improve cybersecurity in the health care and public health sectors.

On July 9, 2024, the Federal Trade Commission issued a proposed order that banned NGL Labs, LLC, and two of its co-founders from offering an anonymous messaging app called “NGL: ask me anything” to children under the age of 18.

On July 12, 2024, the EU Artificial Intelligence Act was published in the Official Journal of the EU.

On June 26, 2024, the California Privacy Protection Agency (“CPPA” or the “Agency”) held a virtual preliminary stakeholder session regarding a data broker accessible deletion mechanism.

On June 29, 2024, Rhode Island enacted the Rhode Island Data Transparency and Privacy Protection Act after Governor Daniel McKee transmitted the act back to the legislature without signature. The RIDTPPA will take effect on January 1, 2026.

On July 2, 2024, the French Data Protection Authority (the “CNIL”) published a new set of guidelines addressing the development of artificial intelligence (“AI”) systems from a data protection perspective (the “July AI Guidelines”).

On June 20, 2024, the U.S. District Court for the Northern District of Texas Fort Worth Division ruled that guidance issued by the U.S. Department of Health and Human Services (“HHS”) relating to online tracking technologies exceeded HHS’ authority and ordered that it be vacated. 

On July 1, 2024, a new agreement between the EU and Japan facilitating data flows between the two jurisdictions entered into force.

On June 27, 2024, the U.S. House of Representatives cancelled the scheduled House Energy and Commerce Committee markup of the American Privacy Rights Act, the latest version of which contains significant changes from earlier drafts.

On June 20, 2024, New York Governor Kathy Hochul signed into law Senate Bill S7694, the Stop Addictive Feeds Exploitation (“SAFE”) for Kids Act. The Act is the first of its kind to regulate the provision of addictive social media feeds to minors.