Privacy & Information Security Law Blog

On August 7, 2024, the UK Information Commissioner’s Office announced its provisional decision to fine Advanced Computer Software Group Ltd £6.09 million following an initial finding that the company, which acted as a data processor, had failed to implement sufficient measures to protect personal information.

On July 30, 2024, New York Attorney General Letitia James announced the Office of the AG’s publication of two privacy guides, one for businesses and one for consumers, both focused on the use of website tracking technologies.

On August 2, 2024, the UK Information Commissioner’s Office issued a statement confirming that it has identified 11 social media and video sharing platforms that must improve their children’s privacy practices.

On July 5, 2024, the California Privacy Protection Agency  issued a set of proposed regulations to implement the CA Delete Act, a law that imposes requirements on data brokers and grants consumers rights designed to facilitate control over their personal information. 

The U.S. Department of Commerce’s International Trade Administration recently published a notice indicating it is considering revisions to the fee schedule for the Data Privacy Framework Program and seeking public comment, which is open until August 7, 2024.

On August 2, 2024, the U.S. sued ByteDance, TikTok and its affiliates for violating the Children’s Online Privacy Protection Act of 1998 and the Children’s Online Privacy Protection Rule.

On August 1, 2024, the EU AI Act entered into force.

On July 30, 2024, Texas AG Ken Paxton announced that Meta agreed to pay $1.4 billion to settle a lawsuit over allegations that Meta processed facial geometry data of Texas residents in violation of Texas law, including the Texas Capture or Use of Biometric Identifier Act (“CUBI”).