New Jersey is the 13th US State to Pass Comprehensive Consumer Privacy Legislation Consistent with our prediction that 2024 will bring a significant crop of new state consumer privacy laws, the New Jersey legislature recently became the 13th state to pass a comprehensive privacy statute. On January 8âthe final day of its 2022-2023 legislative sessionâthe Senate passed bill S332. Once enactedâeither with Governor Phil Murphy signing the bill or after 45 days if he takes…
On December 22, 2023 the EU Regulation on harmonised rules on fair access to and use of data, also known as the Data Act, was published in the Official Journal of the European Union. It shall enter into force on the twentieth day following that of its publication, namely on January 11, 2024, and become applicable on September 12, 2025. The Data Act affects manufacturers of connected products and also providers of related services, including virtual…
In the classic movie “The Wizard of Oz,” Dorothy, Scarecrow and Tinman walk through the forest while expressing great concern about the “lions and tigers and bears, oh my!” they may face on their journey to Oz. Companies experiencing global ransomware and cyberattacks can experience similar emotions as they grapple with increasingly complex global legal risks. Across the globe, local legislatures and regulatory authorities have established a multitude of different and sometimes conflicting legal obligations…
On December 21, 2023 the Federal Communications Commission (FCC) issued updates to its Data Breach Notification Rule, which applies to telecommunications carriers, as well as to voice over internet protocol (VoIP) and telecommunications relay service (TRS) providers. The updated Data Breach Notification Rule marks the most significant changes to the Rule since its adoption 16 years ago and modernizes the FCC requirements by bringing them more closely in line with other breach reporting obligations. The…
The SDPA and the CNMC, among other institutions, launch a series of coordinated actions related to the age verification of minors online, aimed at reinforcing their protection and preventing their access to harmful content. As in the rest of the European Union, the protection of minors online is one of the main areas of concern of Spanish authorities such as the Spanish Data Protection Agency (“SDPA”), the National Commission for Markets and Competition (“CNMC”) and…
This past year brought the rapid rise of ChatGPT and other generative AI platforms, accompanied by several noteworthy legal and regulatory developments. 2024 promises to continue with technology advances, making it a pivotal year for businesses navigating global data privacy and cybersecurity risks. Our Baker McKenzie Top 10 predictions for 2024 follow. As is evident, 2024 will be a critical year for global data privacy and cybersecurity. We welcome your thoughts and predictions. Please feel…
If your organization does business across the U.S. and collects consumer health data (broadly defined, health inferences generated from non-health data count), compliance with U.S. state consumer health privacy laws is just around the corner. Consumer health privacy laws in Nevada (Senate Bill 370) and Washington (the My Health My Data Act) become fully operative for regulated entities on March 31, 2024. Requirements specific to consumer health data are already operative in Connecticut. Here are…
The UKâs Information Commissionerâs Office (ICO) has launched a public consultation on its draft guidance on data privacy transparency in the health and social care sector. The proposed guidance emphasises the importance of going beyond the legal requirements of the GDPR in order to build trust with patients, and builds on themes of openness, honesty and patient engagement. The consultation is open until 7 January 2024, and is essential reading for tech companies providing services…
The Information Commissioner’s Office (ICO) has released its ICO Audit a Year in Focus. This report outlines the ICO’s regulatory activities and rulings over the last year and provides crucial insights for data protection officials. The takeaways below make clear the current Commissioner approach to setting priorities to areas where the most impact to individuals will be felt. As we will see for the outgoing year, it is protection of children’s data. Here are the key points…
The World Health Organization (WHO) has released a publication outlining key considerations for regulation of artificial intelligence for health. This follows the EMAâs Consultation on the use of Artificial Intelligence (AI) in the medicinal product lifecycle, which is open for public consultation until 31 December 2023 (see our post here for more information). This aims to promote dialogue among stakeholders, including developers, regulators, manufacturers, health workers and patients. The WHO focuses on six key regulatory considerations on…