The EU AI Act was entered into the EU’s statute books on July 12, 2024. A transition period will begin from 1 August when it enters into force. The geographic scope is very broad, with obligations falling on organisations using
CCPA compliance is not child’s play—but network traffic testing can help
On June 18, 2024, the California Attorney General and Los Angeles City Attorney filed a complaint and stipulated final judgment (including a $500,000 settlement) with Tilting Point Media LLC (“Defendant” or “Tilting Point”), resolving allegations that the video game developer…
Anonymizing personal information – how to comply
Since the adoption in September 2021 of the Act to modernize legislative provisions as regards the protection of personal information (Law 25), several new concepts and mechanisms have been introduced to the Quebec legislation.
These new concepts include anonymization…
Minnesota enacts comprehensive privacy law
On May 24, 2024, the Minnesota Governor signed the Minnesota Consumer Data Privacy Act (“MCDPA”), making Minnesota the eighteenth state to enact a comprehensive privacy law. The new law takes effect on July 31, 2025, for most regulated entities, with…
SEC statement clarifies material cybersecurity incident disclosure requirement
SEC final rule on reporting material cybersecurity incidents
In July 2023, the US Securities and Exchange Commission (SEC) finalized its rule requiring public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K. Though materiality is not a…
UK regulators’ strategic approaches to AI: a guide to key regulatory priorities for AI governance professionals
Background – white paper response on the UK’s approach to AI regulation
In February 2024, the UK Department for Science, Innovation, and Technology (DSIT) set out the government’s proposed approach to AI regulation. It published a response to its…
Is your Texas data protection assessment started?
As we have previously written, the Texas comprehensive privacy law, known as the Texas Data Privacy and Security Act (TDPSA), goes into effect on Monday, July 1, 2024. As a reminder, unlike other states’ comprehensive privacy laws that are…
The US government, privacy, and security – recent developments
The United States Federal Government is turning its attention to privacy and cybersecurity laws, and the result has been several recent legal developments that may have an impact on your business. Keeping up with these developments is not easy, so…
$10,000,000 civil penalty for disclosing personal data without consent
On April 15, 2024, the U.S. Department of Justice, upon referral from the Federal Trade Commission, filed a complaint and stipulated order against telehealth company Cerebral, Inc. The claims related to the company’s sharing personal data without consumer consent and…
FCA sets out plans to make Big Tech a priority and provides update on its approach to AI
On 22 April 2024, the Financial Conduct Authority (FCA) published a speech by its chief executive, Nikhil Rathi, entitled ‘Navigating the UK’s Digital Regulation Landscape: Where are we headed?’. In the speech, Mr Rathi announced the FCA’s plans…