So much for tackling consent fatigue. The short version: If unchanged, the new EDPB guidelines on what is known as the “cookie” rule would extend that rule to cover nearly every communication over the Internet and any use of software on a computer. Your business is probably more impacted than you might think, and it
privacy
Youth Online Safety in the Crosshairs with NTIA Comment Request and Joint AG Meta Complaint

Children’s and teen’s online privacy and safety – particularly their mental health – continues to be an area of intense scrutiny for lawmakers, regulators, and enforcers. Last May, the Biden administration announced the creation of a new task force focused on the safety, privacy, and wellbeing of children online, linked to an Advisory on Social…
CA Court Blocks Enforcement of Controversial Children’s Online Privacy Law


On September 18, 2023, the United States District Court for the Northern District of California granted a preliminary injunction to NetChoice, a tech umbrella group, against California Attorney General Rob Bonta from enforcing the California Age-Appropriate Design Code Act (CAADCA). The court found the CAADCA, which was slated to take effect on July 1, 2024…
Ninth Circuit Affirms State Privacy Law Claims Not Preempted by COPPA



On July 13, 2023, a three-judge Ninth Circuit panel denied Google’s challenge of its earlier decision in Jones v. Google, which held that state privacy law claims in a putative class action are not preempted by the federal Children’s Online Privacy Protection Act (COPPA). The December decision reversed a lower court’s dismissal of the…
FTC Seeks Comments on Proposed Facial Age Mechanism under COPPA


The Children’s Online Privacy Protection Act Rule (COPPA Rule) requires that online sites and services directed to children under 13 obtain parental consent before collecting or using children’s personal information and lists existing methods for such consent. Now the Federal Trade Commission (FTC) is seeking comments on whether it should expand its parental consent methods…
EU Seeks Input on Proposed Digital Product Passport Framework


On March 30, 2022, the European Commission (EC) unveiled a proposal for a framework eco-design regulation aimed at creating a policy framework for sustainable products. Among the tools proposed by the EC is the EU Digital Product Passport (DPP), a product-specific data set that would apply nearly to all non-food products sold in the EU…
Contract as Legal Ground? New CJEU Ruling Creates Risks Re Personalisation


What kinds of processing are necessary for the performance or conclusion of a contract?
This is one of the questions the Court of Justice of the European Union (CJEU) was asked to examine in case C-252/21 between Meta Platforms and the German Federal Cartel Office, in which it delivered a judgment on July 4th…
Soon Higher GDPR Fines in Belgium? Court Decision Paves Way for Public Fining Methodology

Until now, fines by the Belgian Data Protection Authority (BDPA) had, compared to its neighbouring countries (France, Luxembourg, and the Netherlands), appeared on the low side in absolute numbers.
Last year we carried out an analysis of over 300 fines related to (alleged) infringements of the General Data Protection Regulation (GDPR), including the top 250…
NetChoice Challenges Constitutionality of California Age-Appropriate Design Code Act


When the California legislature passed the California Age-Appropriate Design Code Act (CAADCA or Act) AB 2273 in September of this year, it generated considerable controversy. Companies, trade associations, and even some non-governmental organizations questioned whether the law’s broad reach was not just counterproductive and likely to invade consumer privacy, but preempted by federal law and…
EU Cyber Resilience Act: Cybersecurity Obligations for Connectable Hardware and Software Products Including IoT

The Internet of Things (IoT) segment has grown, and with it have come many examples of vulnerable products, from babycams whose feeds could be viewed by strangers online to hackable implantable cardiac devices. There are also infamous examples of botnets (i.e., clusters of hacked devices) featuring millions of IoT devices with one common trait: weak…