Hintze Law continuously tracks privacy and security updates around the world to bring you a regular update of the latest developments. Below is a snapshot of updates from the last month. If you missed our last round of updates, you can find those here.
Read MoreEDPB Adopts Opinion on the Validity of the “Consent or Pay” Model for Behavioral Advertisement
By Destiny Ginn
On April 17, 2024, The European Data Protection Board (‘EDPB’) issued an opinion on whether “consent or pay” models used by large online platform services are valid consent mechanisms under the GDPR. The EDPB stated, “In most cases, it will not be possible for large online platforms to comply with requirements for valid consent if they confront users only with a binary choice between consenting to the processing of personal data for behavioral advertising purposes and paying a fee.” If adopted, this opinion would ultimately change how valid legitimate consent is obtained by large and possibly small businesses.
Read MoreMaryland Legislature Advances Age Appropriate Design Code to Governor’s Desk
On April 6th, the Maryland Legislature passed the Maryland Age-Appropriate Design Code (“MD AADC”), sending the bill to Governor Moore’s desk. If signed, the MD AADC would take effect on October 1, 2024, with data protection impact assessments required by April 1, 2026.
Read MoreAssessing 'necessity' under state health privacy laws
By Felicity Slater and Kate Black in partnership with Future of Privacy Forum’s Jordan Wrigley, and Niharika Vattikonda
Washington state's My Health My Data Act and Nevada's Senate Bill 370 took effect 31 March, prompting entities that collect "consumer health data," as broadly defined by these laws, to assess their data collection, use and sharing through a novel lens. A unique requirement born out of these laws requires that entities analyze which elements of their health data collection, use and sharing are "necessary" to provide products or services requested by their consumers.
Read MoreHintze Global Privacy and Security Updates
HHS OCR Updates Guidance on Tracking Technologies
On March 18, 2024, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) revised its guidance on the "Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates."
Read MoreHintze Law Privacy CLE Series with the WSBA
We’re excited to announce our four-part privacy CLE series with the Washington State Bar Association! Over the next few weeks, the upcoming sessions will be:
Read MoreHintze Global Privacy and Security Updates
“C” is for “Cookie” …and Sometimes for “Class Action:” Steps to Help Reduce Your Company’s CIPA Litigation Risk
By Jennifer Ruehr, Sam Castic, and Felicity Slater
There has been a recent uptick in class action litigation brought under the California Invasion of Privacy Act (“CIPA”) (Cal. Penal Code §§ 630 et seq). Recent litigation has focused on three sections of CIPA.
Read MoreHintze & Partners Recognized by Chambers in 2024 Global Rankings
Hintze Law PLLC is pleased to announce that Chambers & Partners has once again recognized Hintze Law in its 2024 Global USA Privacy & Data Security rankings. Hintze’s Health + Biotech Group was also recognized in Chamber’s 2024 Global USA Privacy & Data Security Healthcare.
Read MoreFelicity Slater Joins Hintze Law as an Associate
Hintze Law PLLC is thrilled to announce that Felicity Slater has joined the firm as part of our growing team of talented AI, privacy, and cybersecurity attorneys. Felicity brings deep experience and knowledge of privacy law, legislation, and policy to the firm.
Read MoreNavigating the Privacy Implications of AI: Insights from the FTC Tech Summit
On January 25, 2024, the Federal Trade Commission’s Office of Technology hosted a Tech Summit on Artificial Intelligence, which offered insights into the evolving landscape of AI. The discussions highlighted the current challenges and future direction of AI regulation, especially concerning consumer protection and privacy.
Read MoreHintze Global Privacy and Security Updates
Congrats to Alex Schlight for Promotion to Partner
Seattle, January 16, 2024: Hintze Law, PLLC announced today that, effective January 2024, Alex Schlight has been promoted to partner.
Read MoreAI Lang Syne: A Lookback on 2023 and Considerations for 2024
By Alex Schlight & Jevan Hutson
2023 marked a significant shift in AI technology and ushered in a flood of laws and standards to help regulate it. In this article, we recap the major AI events of 2023, explore what may come in 2024, and provide some practical tips for responding to the challenges and opportunities that lie ahead.
Read MoreAdapting Privacy Programs for New Challenges: Your H1 2024 Roadmap
By Sam Castic
This past year has been a busy year for privacy leaders and professionals, and the pace of change underscores that reactive approaches to new laws, regulations, and enforcement actions are not effective ways to build or scale privacy programs. Laws and risks will continue to evolve, and strategically planning and evolving existing privacy programs may be the best way to keep them effective.
Read MoreHintze Global Privacy and Security Updates
Draft California Automated Decisionmaking Technologies Regulations to Be Revised Before Formal Rulemaking
On December 8, 2023, the CPPA met to discuss these and other proposals they are considering for formal rulemaking in 2024. The December 8th meeting produced lively discussions and ultimately concluded with a motion (which passed) to provide CPPA staff more time to solicit individual feedback from Board members to revise the current draft of ADMT and risk assessment regulations.
Read MoreEmerging trends in fintech privacy: 5 key areas to watch in 2024
By Amy Lanchester and Sam Castic
Over the past decade, financial technology companies have transformed how consumers think about banking and financial services with user-centric technologies and practices. The innovative products and services they offer are facing increased scrutiny from state and federal regulators.
Read MoreCalifornia Issues Discussion Draft of Regulations on Automated Decision-Making Technology Ahead of Board Meeting
On November 27, 2023, the California Privacy Protection Agency (“CPPA”) issued a discussion draft of regulations on automated decisionmaking technology (“Discussion Draft on ADT”) and amended regulations on risk assessments (“Discussion Draft on Risk Assessments”) (collectively, “the Discussion Drafts”). The Discussion Drafts include requirements related to (1) notice, (2) opt-outs, and (3) access rights, which are discussed below. Importantly, the CPPA has not initiated the formal rulemaking process and the Discussion Drafts are intended only to “facilitate Board discussion and public participation.” The CPPA’s announcement of these Discussion Drafts indicates that formal rulemaking will not begin until 2024, although the exact timing is still unknown.
Read More