The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal rulemaking process, the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations will serve as the foundation for the process moving forward. Discussion
California’s Proposed “Delete Act” Would Create a ‘Do Not Sell’ List for Data Brokers
California continues to be at vanguard of data privacy rights. The latest effort by California legislators to protect consumer privacy rights focuses on data brokers, who under the proposed California Senate Bill 362, aka the “Delete Act,” would be required to recognize and honor opt-out signals from Californians. The law seeks to expand on
SEC Adopts New Cybersecurity Reporting Rules, Setting Up Various Compliance Challenges
After an extensive comment period, the SEC announced on July 26 that it was formally adopting new rules for public companies governing cybersecurity disclosures. The rules had generated significant backlash from public companies, who criticized the new reporting deadlines for data security incidents as well as the mandatory cyber-risk disclosures the Rules mandate.
Adoption of
Ruling Delaying Enforcement of CPRA Regulations Raises Complicated Legal Questions
Shortly before the July Fourth holiday, the California Superior Court issued an important, but subtly complex ruling that pushes back the date when the California Privacy Protection Agency (CPPA) may begin enforcing the latest round of privacy regulations. These regulations were finalized in March 2023 and enforce provisions of the California Privacy Rights Act (CPRA)
The Practical and Legal Complexities of Online Age Verification
One of the most significant trends in privacy law this year has been the surge in online child protection laws in U.S. states. In a recent article for the Cybersecurity Law Report , Ballard Spahr privacy attorneys Phil Yannella, Greg Szewczyk, Tim Dickens and Emily Klode explore the legal and practical complexities associated with these
EU AI Act Clears Another Hurdle
The European Parliament has approved a revised version of the EU Artificial Intelligence Act (AIA), which appears to be on a path to adoption by the EU later this year. The AIA is the most comprehensive legislation in the world to address the risks associated with the use of artificial intelligence. A final version of
Texas Adds a Wrinkle to State Privacy Law Patchwork
On May 28, Texas became the sixth state this year to pass a comprehensive data protection law. Although the Texas Data Privacy and Security Act (“TDPSA”) is largely in line with the Virginia Consumer Data Protection Act and other recently passed state privacy laws, it has a few key distinctions that may cause
Senator Bennet Proposes Federal Commission to Regulate Artificial Intelligence
Following recent Senate testimony in which OpenAI CEO Sam Altman proposed additional Congressional oversight for the development of artificial intelligence (AI), Colorado Senator Michael Bennet has re-introduced the Digital Platform Commission Act, a bill that would enable the creation of a federal agency to oversee the use of AI by digital platforms. The proposed
Washington State Poised to Pass Consumer Health Privacy Law
The State of Washington appears close to enacting a new law that regulates the privacy of consumer health information. If passed, the new law – the My Health My Data Act (MHMDA) –would take effect March 31, 2024 and apply to non-governmental entities that collect, process, share, or sell health information that can be linked
Webinar Recording – Artificial Intelligence: An Overview of the U.S. and EU Regulatory Landscape
The emergence of tools like ChatGPT has demonstrated the tremendous business potential for artificial intelligence. At the same time, businesses need to be aware of the growing patchwork of laws and regulations in the U.S. and EU governing the development and use of AI. In this webinar, Ballard Spahr privacy & data security lawyers