Earlier this month, the Swiss Federal Council approved the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Beginning September 15, 2024, companies may rely on the Swiss-U.S. DPF as a lawful basis to transfer personal data of Swiss residents to companies in the United States.
Privacy & Data Security Insight
Updates and analysis from Taft Privacy and Data Security attorneys
Blog Authors
Latest from Privacy & Data Security Insight
New Legislation Promises Stronger Privacy Protections and Clearer Guidelines for Businesses
On Aug. 2, 2024, Illinois Governor J.B. Pritzker signed SB 2979 into law, bringing significant reform to the state’s Biometric Information Privacy Act (BIPA). The much-anticipated BIPA amendment took effect immediately and will provide welcome relief to businesses.
The amendment allows written releases to be executed by electronic signature and drastically limits the damages an…
FCC’s 1-to-1 Consent Requirement for Marketing Text Messages
On January 27, 2025, the Federal Communications Commission’s (FCC) new one-to-one consent requirement will go into effect. For background, the FCC published its final rule targeting and eliminating unlawful text messages under the Telephone Consumer Protection Act (TCPA) on January 26, 2024 (the Final Rule). Among other requirements and purposes, this Final Rule sought to…
The EU AI Act – What Businesses Need to Know
Special thanks to Taft summer associate Tanner Wilburn for his significant contributions to this post.
On July 12, 2024, the European Union’s Artificial Intelligence Act (AI Act) was published in the EU Official Journal.
This comprehensive legislation establishes the first risk-based regulatory framework for AI systems, with far-reaching implications for businesses using AI. The AI…
Comprehensive State Privacy Laws – Halfway Through 2024 and Looking Ahead to 2025
Believe it or not, we are now more than halfway through 2024. As of July 1st, we now have additional state privacy laws in effect in Florida (narrow applicability), Oregon, and Texas – with more on the way later this year and into 2025. We thought it would be a good time to provide a…
Federal Court Strikes Down HHS Rule on Website Tracking Technologies… To an Extent
Special thanks to Taft summer associates Tanner Wilburn and Lizzie Dobbins for their contributions to this post.
On June 20, 2024, the U.S. District Court for the Northern District of Texas vacated a portion of guidance issued by the Department of Health and Human Services (HHS) regarding the use of online tracking technologies. This decision…
Six Months to Go: HIPAA Privacy Rule Changes Require Additional Diligence
Special thanks to Taft summer associate Tanner Wilburn for his significant contributions to this post.
Earlier this year, we provided a law bulletin on changes coming to the Health Insurance Portability and Accountability Act (HIPAA). To recap briefly, in April 2024, the Department of Health and Human Services (HHS) issued a final regulation that modified…
Not So Fast: Vermont Governor VETOES Private Right of Action for Consumer Privacy Violations
Last week, Vermont Governor Phil Scott vetoed one of the most-watched pieces of privacy legislation in the United States: the Vermont Data Privacy Act (VDPA). Described in H.121 as “an act relating to enhancing consumer privacy and the age-appropriate design code,” was passed by the Vermont legislature in the early morning hours on May…
Recent Executive Order and DOJ Rulemaking Prioritize the Protection of Sensitive Personal Data from “Countries of Concern”
The U.S. is cracking down on data sharing and export with foreign countries. A clear example of the United States’ position is seen in Executive Order 14117 (EO 14117) issued by President Biden on February 28, 2024.
While You Were Sleeping, Vermont Passed One of the Most Stringent State Consumer Privacy Laws Yet
Just past midnight on May 11, 2024, the Vermont legislature passed the Vermont Data Privacy Act (VDPA). VDPA, if signed by Governor Phil Scott, will take effect on July 1, 2025, and will make Vermont the 18th state to establish consumer privacy rights in the same vein as the California Consumer Privacy Act (CCPA). Although…