On May 31, 2024, Colorado Governor Jared Polis signed HB 1130 into law. This legislation amends the Colorado Privacy Act to add specific requirements for the processing of an individual’s biometric data. This law does not have a private right
Latest from Inside Privacy
Council of Europe Adopts International Treaty on Artificial Intelligence
On May 17, 2024, the Council of Europe adopted the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (the “Convention”). The Convention represents the first international treaty on AI that will be legally binding
Italy Proposes New Artificial Intelligence Law
On May 20, 2024, a proposal for a law on artificial intelligence (“AI”) was laid before the Italian Senate.
The proposed law sets out (1) general principles for the development and use of AI systems and models; (2) sectorial provisions,
CNIL Opens Public Consultation on Its Standards for Processing Health Data
On May 16, 2024, the CNIL launched a public consultation on all of its health data standards. Interested stakeholders are encouraged to participate by completing a questionnaire (available in French here) by July 12, 2024.
French law has specific
Italian Legislator and Regulator Update Rules on Processing of Health Data for Medical Research
On May 9, 2024, the Italian data protection authority (“Garante”) published a decision identifying the safeguards that controllers must put in place when processing health data for medical research purposes, in cases where data subjects’ consent cannot be obtained for
SEC Adopts Amendments to Regulation S-P
On May 16, the U.S. Securities and Exchange Commission (“SEC”) adopted amendments to Regulation S-P, which implements the Gramm-Leach Bliley Act (“GLBA”) for SEC-regulated entities such as broker-dealers, investment companies, registered investment advisers, and transfer agents.
Maryland Enacts Age-Appropriate Design Code
On May 9, 2024, Maryland Governor Wes Moore signed the Maryland Age-Appropriate Design Code Act (“AADC”) into law. The AADC will go into force on October 1, 2024. This post summarizes the law’s key provisions.
France Publishes Updated Certification Standard for the Hosting of Health Data
The French Public Health Code requires that certain service providers hosting health data hold a specific “HDS” certification. In order to obtain this certification, providers must comply with the requirements set out in the “HDS” certification standard. On May 16,
Alabama Enacts Genetic Privacy Bill
On May 16, 2024, Alabama enacted a genetic privacy bill (HB 21), which regulates consumer-facing genetic testing companies. HB 21 continues the recent trend of states enacting genetic privacy legislation aimed at regulating direct-to-consumer (“DTC”) genetic testing companies,
FTC Announces Health Privacy Enforcement Action Against Telehealth Company, Cerebral
Last month, the Federal Trade Commission (“FTC”) announced its enforcement action against telehealth firm, Cerebral, Inc. (“Cerebral”), for its alleged unauthorized disclosures of consumers’ sensitive personal health information and other sensitive data to third parties for advertising purposes in violation