Government Regulation, Legislation & Enforcement

Mass. SJC Limits Website Tracking Technology Claims Under Wiretap Act

Nov 04 2024

By: Christopher Valente and Michael Stortz

In a critical new decision, the Massachusetts Supreme Judicial Court has confirmed that the state’s anti-wiretapping statute does not extend to website tracking technologies. In Vita v. New England Baptist Hospital, the Court held that the state’s 1968 Wiretap Act (Mass. G.L. c. 272, § 99) does not apply to the deployment of online software that collects and transmits information regarding user interactions with websites to third parties.

Australian Privacy Reform Series Refresher: What Are These Reforms?

Aug 13 2024

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.

Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming

Aug 12 2024

By Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis

A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.

Modern Adtech Regulated Under Antiquated Law: How Video Killed the Internet Star

Jul 29 2024

By Cameron Abbott and Rob Pulham

In their recent article available here, Katie Staba and Corey Bieber from our Chicago office discuss emerging advertising technology issues, including new applications of the California Invasion of Privacy Act and the Video Privacy Protection Act.

Security of Critical Infrastructure – Adoption of Cyber Security Framework and Mandatory Reporting Deadline Approaches While the Regulator Moves From “Education” to “Enforcement” Mode

Jul 26 2024

By Cameron Abbott, Rob Pulham, Damien Timms, Dadar Ahmadi-Pirshahid and Adam Asadurian

Some key compliance dates approach for responsible entities of critical infrastructure assets under the Security of Critical Infrastructure Act (SOCI Act).

ASIC and OAIC’s New Information Sharing MoU: What You Need to Know

Jul 24 2024

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Lauren Hrysomallis

ASIC has further focused its attention on the duties of companies and directors with regards to cyber resilience with the signing of a Memorandum of Understanding (MoU) with the Office of the Australian Information Commissioner (OAIC).

Decree No. 2024-388 and Its Implications for Intermediation Platforms

Jun 11 2024

By Claude-Étienne Armingaud and Kenza Berrada

Digital intermediation service platforms within the sectors of chauffeur-driven transportation and goods delivery have new responsibilities since the enactment of Decree no. 2024-388 on 25 April 2024. Operating under the framework established by Article L. 7345-1 of the French Labor Code, this Decree has initiated a systematic collection and transmission protocol for data concerning platform workers’ activities to the French Employment Platforms Social Relations Authority (ARPE).

Anticipated Tightened Data Privacy Regulations: Raid on Worldcoin

Feb 26 2024

By Paul Haswell and Sarah Kwong

In late January 2024, Hong Kong’s privacy watchdog, the Personal Data Privacy Commission (“PCPD”) raided six premises of Worldcoin, a cryptocurrency initiative co-founded by Sam Altman, that requires an iris scan from clients for identification purposes and also for earning tokens. The PCPD conducted an investigation into Worldcoin’s operations, suspecting that its sensitive personal data (i.e. iris information) collection practices might infringe the Personal Data Privacy Ordinance (Cap. 486).

ICO Introduces Consultation Series on Data Protection and Generative AI

Feb 13 2024

By Claude-Étienne Armingaud & Sophie Verstraeten

The Information Commissioner’s Office (ICO) recently launched a consultation series on how data protection laws should apply to the development and use of generative AI models (“Gen AI”). In the coming months, the ICO will publish further views on how to interpret specific requirements of UK GDPR and Part 2 of the DPA 2018 in relation to Gen AI. This first part of the consultation focusses on whether it is lawful to train Gen AI on personal data scraped from the web. The consultation seeks feedback from stakeholders with an interest in Gen AI.

“Grandma, I have [not] been kidnapped”: The FCC Bans AI-Generated Robocalls

Feb 12 2024

By Andrew Glass, Gregory Blase, and Joshua Durham

Effective immediately, the Federal Communications Commission (FCC) banned AI-generated phone calls with its recent Declaratory Ruling (the Ruling). Known as audio or voice “deepfakes,” AI can be trained to mimic any person’s voice, resulting in novel scams such as grandparents receiving a call from their “grandchild” and believing they have been kidnapped or need money for bail. FCC Commissioner Starks deemed such deepfakes a threat to election integrity, recalling that just recently, “potential primary voters in New Hampshire received a call, purportedly from President Biden, telling them to stay home and ‘save your vote’ by skipping the state’s primary.”

Catagory:Government Regulation, Legislation & Enforcement