Privacy & Information Security Law Blog

On September 30, 2024, the Federal Communications Commission announced that T-Mobile has entered into an agreement to settle multiple data protection and cybersecurity investigations stemming from data breaches in 2021, 2022 and 2023.

On September 28, 2024, California Governor Gavin Newsom signed into law a pair of bills that amend the California Consumer Privacy Act of 2018 by defining neural data as sensitive personal information and specifying that personal information can exist in various formats.

On September 27, 2024, the Irish Data Protection Commission announced it had issued a fine of 91 million euros and a reprimand against Meta Ireland for inadvertently storing passwords of certain users in plaintext on its internal systems.

In August 2024, the Guangzhou Internet Court in China published its final decision in the case No. (2022) Yue 0192 Minchu 6486 regarding the cross-border transfer of personal information under the Personal Information Protection Law (“PIPL”), which was originally issued on September 8, 2023. It is the first case explaining the reliance on necessity for performance of contract in cross-border data transfer activities.

On September 24, 2024, a federal district court held that New York City’s Customer Data Law violates the First Amendment.

Last week, the House Energy and Commerce Committee advanced the Kids Online Safety Act (H.R. 7891) and the Children and Teen’s Online Privacy Protection Act (H.R. 7890).

On September 19, 2024, the Federal Trade Commission announced the publication of a staff report entitled, A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services. The Report documents the data collection and use practices of major social media and video streaming services and provides recommendations for better protecting users’ data and privacy, with a particular focus on children and teens.

On September 4, 2024, the California Privacy Protection Agency issued an Enforcement Advisory on Avoiding Dark Patterns: Clear and Understandable Language, Symmetry in Choice.

On September 13, 2024, the Colorado Department of Law issued proposed draft amendments to the Colorado Privacy Act (“CPA”) Rules and a notice of proposed rulemaking addressing biometric data, minors’ online privacy, and a framework for opinion letters and interpretative guidance.

On September 12, 2024, the Irish Data Protection Commission announced it had launched a cross-border statutory inquiry into Google Ireland Limited in relation to Google’s data protection impact assessment obligations under the Irish Data Protection Act.