On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, see our prior advisory. CISA is required to issue a final rule by October 4, 2025. Who is required to report covered […]
Data Protection
FTC Denies an Application to Add a New Verifiable Parental Consent Mechanism Under COPPA Rule Without Prejudice
On March 29, 2024, the Federal Trade Commission (the “FTC”) published a unanimous decision to deny an application by the Entertainment Software Rating Board, Yoti, and SuperAwesome (collectively, the “Applicants”) to add a new verifiable parental consent (“VPC”) mechanism under the Children’s Online Privacy Protection Rule (“COPPA Rule”). The application, which our previous blog post […]
China Releases Updated Regulations on Permits Needed for Transferring Data out of China
On March 22, 2024, the Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flow (the “Regulations”), effective immediately. The Regulations supplement China data protection laws (the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law), and take precedence over previously-issued data transfer rules, such as (a) […]
State AGs and Other Stakeholders Weigh In On Proposed COPPA Rule Update
The Federal Trade Commission (FTC) received over 270 comments to its notice of proposed rulemaking (NPRM) for the amendments to the Children’s Online Privacy Protection Rule (COPPA Rule) during the public comment period that ended on March 11, 2024. The NPRM reflects the FTC’s continued effort to modernize the COPPA Rule, which implements the Children’s […]
California Privacy Protection Agency Board Votes to Advance Proposed Regulations to Formal Rulemaking
On March 8, 2024, the California Privacy Protection Agency (“CPPA”) Board voted to advance to formal rulemaking proposed regulations under the California Consumer Privacy Act, as amended, regarding risk assessments, automated decisionmaking technology, and certain updates to existing regulations. The formal rulemaking action will begin when the CPPA publishes a proposed action in the California […]