On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule. The proposed changes, if enacted, would represent the first update
Privacy
Netflix Fined by Dutch Regulator for Privacy Violations
The Dutch Data Protection Authority (the “Dutch DPA”) issued a €4.75 million (approximately $5 million USD) fine on Netflix in connection with a data access investigation that started in 2019. The investigation arose out of a complaint was filed by nonprofit privacy and digital rights organization, noyb, which is run by European privacy campaigner…
Michigan Legislature Introduces Reproductive Health Privacy Bill
On November 7, 2024, Michigan lawmakers in the Senate introduced the Reproductive Data Privacy Act (“RDPA”), also known as Senate Bill 1082 (SB 1082). The bill aims to strengthen privacy protections for sensitive reproductive health data, including information on menstrual cycles, fertility, and contraception.
The RDPA is largely modeled after Washington’s My Health…
BIPA Amendment Enacted
On August 5, 2024, Illinois Governor J.B. Pritzker signed into law SB 2979, significantly amending the state’s Biometric Information Privacy Act (BIPA). This update represents a considerable decrease in the potential for exorbitant financial liabilities for businesses that engage with biometric data while still maintaining the statute’s robust protections for individuals’ biometric data. The…
A Comparison of AI Regulatory Frameworks
CFPB Issues New Rule for Recognizing Open Banking Standards
The Consumer Financial Protection Bureau (CFPB) has launched the process for independent standard-setting bodies to receive formal recognition, as part of its efforts to shift towards open banking in the United States.
On June 5, 2024, the CFPB finalized a rule outlining the minimum attributes that standard-setting bodies must exhibit to issue standards in compliance…
Minnesota Legislature Sends Privacy Bill to Governor
Minnesota becomes the latest state to move to pass legislation regulating the processing and controlling of personal data (HF 4757 / SF 4782). If signed into law by Governor Tim Walz, the Minnesota Consumer Data Privacy Act, or MCDPA, would go into effect on July 31, 2025 and provide various consumer data privacy…
Colorado Passes AI Regulation
Colorado has become the first state to pass legislation (SB24-205) regulating the use of artificial intelligence (AI) within the United States. This legislation is designed to address the influence and implications, ethically, legally, and socially, of AI technology across various sectors.
Any person doing business in Colorado, including developers or deployers of high-risk…
Webinar Recording – Your Data, My Headache: Consumer Health Data Laws
43 AGs Urge FTC to Update Child Online Privacy Rules
On March 7, 2024, a bipartisan coalition of 43 state attorneys general sent to the Federal Trade Commission (“FTC”) a letter urging the FTC to update the regulations (“COPPA Rules”) implementing the Children’s Online Privacy Protection Act (“COPPA”).
Through regulations known as the “COPPA Rule,” state attorneys general are authorized to bring actions as parens…