Health and Human Services (“HHS”) released updated guidance yesterday on the use of online tracking technologies (like cookies, pixels, software development kits (SDKs), etc.) by HIPAA Covered Entities (the “Updated Guidance”). The Updated Guidance amends and supersedes HHS’s original guidance on the use of digital tracking technologies published on December 1, 2022 (the “Prior Guidance”). […]
Privacy Litigation
California Court of Appeals Paves the Way for Enforcement of California Privacy Rights Act Regulations
On February 9, 2024, the California state court of appeals mandated a trial court to vacate its order and judgment prohibiting the California Privacy Protection Agency (the “Agency”) from enforcing the California Privacy Rights Act regulations (the “CPRA Regulations”) until March 29, 2024. The Agency will be able to enforce the CPRA Regulations upon the […]
EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]
California Federal Court Dismisses Data Security-Related Securities Fraud Class Action
A California federal court has dismissed a putative securities fraud class action alleging that a large title insurer that disclosed a data security incident in May 2019 made false and misleading statements related to its data security practices and the incident. The dismissal follows the June 2021 settlement of a related Securities & Exchange Commission […]
The GDPR Reaches the US Supreme Court in Cert Petition
The EU’s General Data Protection Regulation (GDPR) has been raised in a petition for certiorari before the US Supreme Court, apparently for the first time since the GDPR entered into application in 2018. A party in Vesuvius USA Corp. v. Phillips has filed a petition for certiorari in a GDPR-related discovery dispute. Of course, since […]