Privacy & Information Security Law Blog

On August 26, 2024, the Dutch Data Protection Authority as lead supervisory authority announced it has imposed a fine of 290 Million Euros on Uber related to a violation of international transfer requirements under the EU General Data Protection Regulation. 

As reported on the Hunton Retail Law resource blog, on August 2, 2024, Illinois amended its Biometric Information Privacy Act (“BIPA”), curbing the potential for massive damages and modernizing the law’s written consent provisions. On their face, the amendments are not retroactive.  It remains unclear, however, whether this change in Illinois law will nonetheless be applied retroactively by the courts.

For more information click here.

On August 14, 2024, the Committee on Foreign Investment in the United States disclosed that it had assessed a $60 million penalty against T-Mobile US, Inc. in connection with unauthorized data access incidents following T-Mobile’s 2020 merger with Sprint Corporation.

On August 1, 2024, the Office of the New York State Attorney General released two Advanced Notices of Proposed Rulemaking (“ANPRM”) for the SAFE for Kids Act and the Child Data Protection Act.

On August 7, 2024, the UK Information Commissioner’s Office announced its provisional decision to fine Advanced Computer Software Group Ltd £6.09 million following an initial finding that the company, which acted as a data processor, had failed to implement sufficient measures to protect personal information.

On July 30, 2024, New York Attorney General Letitia James announced the Office of the AG’s publication of two privacy guides, one for businesses and one for consumers, both focused on the use of website tracking technologies.

On August 2, 2024, the UK Information Commissioner’s Office issued a statement confirming that it has identified 11 social media and video sharing platforms that must improve their children’s privacy practices.

On July 5, 2024, the California Privacy Protection Agency  issued a set of proposed regulations to implement the CA Delete Act, a law that imposes requirements on data brokers and grants consumers rights designed to facilitate control over their personal information. 

The U.S. Department of Commerce’s International Trade Administration recently published a notice indicating it is considering revisions to the fee schedule for the Data Privacy Framework Program and seeking public comment, which is open until August 7, 2024.

On August 2, 2024, the U.S. sued ByteDance, TikTok and its affiliates for violating the Children’s Online Privacy Protection Act of 1998 and the Children’s Online Privacy Protection Rule.

On August 1, 2024, the EU AI Act entered into force.

On July 30, 2024, Texas AG Ken Paxton announced that Meta agreed to pay $1.4 billion to settle a lawsuit over allegations that Meta processed facial geometry data of Texas residents in violation of Texas law, including the Texas Capture or Use of Biometric Identifier Act (“CUBI”).