Ropes & Gray’s health care partner, David Peloquin, spoke with Bloomberg Law on the additional DOJ instructions regarding the Biden-era Executive Order 14117. DOJ has provided clarity surrounding the effective date for enforcement, with a promise to delay any enforcement efforts until July 8 for companies that show “good faith efforts to comply.” David
State legislatures are advancing existing privacy proposals, with Wisconsin introducing AB 172 and Minnesota proposing significant amendments to its privacy law.
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing sessions.
Key points:🔹 Session replay tools collect a large volume of browsing data, including sometimes sensitive personal data without users being aware.🔹 Session
Keypoint: If signed by the governor, the Arkansas bill will create new obligations for the collection and processing of personal information for Arkansas children and teens under 16 years of age, however, compliance may prove difficult given ambiguity in the bill’s provisions.
On April 15, 2025, the Arkansas legislature passed HB 1717 – the Arkansas
Plaintiffs’ lawyers have continued to bring privacy claims targeting businesses that use vendors to help provide beneficial chat features on their website, as we last reported here. Late last year, a Southern District of California judge dismissed another set of privacy claims challenging the routine use of these vendor services by Tonal, a popular
On April 4, 2025, the California Privacy Protection Agency (CPPA) Board met to discuss the latest draft California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and an assortment of other updates to existing regulations. These revisions come after the CPPA first released draft regulations on these topics
In a decision on immaterial damages under Article 82 of the EU General Data Protection Regulation (GDPR), the Higher Regional Court of Dresden, Germany (case number 4 U 940/24), set out important monitoring and auditing obligations of controllers with respect to their processors.
The controller (defendant) operates an online music streaming service;
On April, 8 2025, the Department of Justice’s final rule, implementing the Biden-era Executive Order 14117 restricting the transfer of Americans’ Sensitive Personal Data and United States Government-Related Data to countries of concern (the “Final Rule”), came into force. The Final Rule imposes new requirements on US companies when transferring certain types of personal
On April 11, 2025, the Department of Justice (“DOJ”) released additional detail regarding the Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”), which went into effect on April 8, 2025. The release included additional
Keypoint: In this post: (1) California considers a “commercial exception” to wiretapping and pen registry laws; (2) a rise in federal wiretapping claims against websites; (3) more courts impose “knowledge or intent” requirement for Section 631(a); and (4) the Ninth and Seventh Circuits limit and expand the VPPA’s application.
This is our twenty-second installment in our data
