Hintze Law, PLLC is delighted to announce that, effective September 2024, Taylor Widawski has been promoted to partner!
Read MoreCongrats to Taylor Widawski for Promotion to Partner
FTC Introduces Novel Ban in Its Settlement with NGL Labs and Scrutinizes AI Representations
By Emily Litka
On July 9, 2024, The Federal Trade Commission (FTC) and the Los Angeles District Attorney’s Office (LA DA) reached a settlement with NGL Labs, the maker of the “NGL: ask me anything” app and its co-founders. The complaint alleged violations of the Federal Trade Commission Act (FTC Act), the Children’s Online Privacy Protection Act (COPPA), the Restore Online Shoppers’ Confidence Act (ROSCA), and similar California state laws. In the complaint, the FTC and LA DA also brought claims against NGL’s cofounders individually.
Read More
Susan and Mike Hintze Recognized in 2025’s Best Lawyers in America
Hintze Law PLLC is delighted to announce that Susan Hintze, Managing Partner, and Mike Hintze, Member Partner, have been recognized by Best Lawyers®.
Susan has been recognized in The Best Lawyers in America® 2025 edition in the practice areas of Advertising Law and Information Technology Law.
Read MoreEmily Litka Joins Hintze Law as a Senior Associate
Hintze Law PLLC is thrilled to announce that Emily Litka has joined the firm as part of our growing team of talented AI, privacy, and cybersecurity attorneys.
Read More
Alex Schlight and Taylor Widawski Recognized as Super Lawyers Rising Stars
We’re happy to announce that Alex Schlight and Taylor Widawski have both been recognized by Super Lawyers as Rising Stars in the Technology Transactions practice areas! Alex and Taylor both specialize in data privacy, data security, and artificial intelligence legal counseling, including in technology transactions for clients.
Read MoreThe Federal Trade Commission’s Revised Health Breach Notification Rule to Take Effect
In one month’s time, on July 29, 2024, the Federal Trade Commission’s (“FTC”) revised Health Breach Notification Rule (“HBNR”) will take effect. The rule obliges regulated entities to disclose breaches of personally identifying health information to consumers, the FTC, and, in some cases, the press. The revisions establish that a broad range of entities operating in the consumer health and wellness space are covered by the rule, and that unauthorized disclosures of personally identifying health information, along with data breaches as traditionally conceived of, trigger the rule’s notification obligations. Violators risk substantial fines.
Read MoreRegulator Insights into the HIPAA Privacy Rule to Support Reproductive Health Privacy
By Cameron Cantrell and Sheila Sokolowski
On Thursday, June 20, 2024, the Department of Health and Human Services’ Office of Civil Rights and Office of Health Information Technology (collectively, “HHS”) jointly presented a webinar on the HIPAA Privacy Rule to Support Reproductive Health Privacy (the “Reproductive Health Privacy Rule” or “Rule”). HHS published the final Reproductive Health Privacy Rule on April 26, 2024, and provided the webinar as part of building out the agency’s guidance on the Rule’s novel requirements.
Read MoreNew CCPA Enforcement Action: Lessons for Tracking Technologies and Child Users
By Cameron Cantrell and Sam Castic
This week the California Attorney General and Los Angeles City Attorney announced a proposed $500,000 settlement to a complaint against mobile app game developer and publisher Tilting Point Media LLC for alleged violations of the California Consumer Privacy Act (“CCPA”), unfair competition law, and federal Children’s Online Privacy Protection Act (“COPPA”). This post summarizes the alleged practices that led to the enforcement action, how it fits with regulatory enforcement priorities including on data sales via tracking technologies and children’s privacy, and steps for companies to consider to reduce risk.
Read MoreHintze Law is the Only Boutique to Make 2024 Legal 500 Cyber Law Rankings
Hintze Law has been recognized as a ranked firm in The Legal 500 2024 US Cyber Law rankings, including for data privacy and data protection. Hintze Law is the only boutique law firm that is ranked in this category for 2024, and we are grateful to our clients for the references and support they provided to make this recognition possible.
Read MoreNew York legislature advances New York Child Data Protection Act
By Sam Castic, Clara De Abreu E Souza, and Charlotte Lunday
On June 7, 2024, the New York legislature passed the New York Child Data Protection Act (S.B. S7695B). Governor Hochul Once celebrated its passage in a recent press release and is expected to sign the Act. Once signed, it will go into effect one year later.
Read MoreHintze Law and Attorneys Recognized in Chambers USA Guide 2024 Rankings
We’re pleased to share that Hintze Law and attorneys at the firm have been recognized once again by Chambers & Partners for expertise in a number of Privacy and Data Security areas in the 2024 Chambers USA Guide. These recognitions include Hintze Law’s fourth year being ranked as an Elite Law Firm for Privacy and Data Security – USA Nationwide. One of Hintze Law’s clients that Chambers interviewed shared that "Hintze's team has unique experience that allows them to dig into complex issues and provide practical, actionable advice."
Read MoreNew York Legislature Considers Dramatically Restrictive Health Data Privacy Bill
By Mike Hintze and Felicity Slater
With just six days left in the state’s 2024 legislative session, the New York Legislature is considering a health data privacy bill that would dramatically impact companies that handle data related to health or wellness. Companies and other organizations should watch this bill carefully and understand its highly disruptive and costly implications should it pass the legislature and be signed by the governor.
Read MoreHintze Global Privacy and Security Updates
Hintze Law continuously tracks privacy and security updates around the world to bring you a regular update of the latest developments. Below is a snapshot of updates from the last month.
Read MoreWashington My Health My Data Act - Part 10: The Purchase of Medication
By Mike Hintze
Last week, the Washington State Office of the Attorney General (OAG) updated its guidance on the Washington My Health My Data Act (MHMDA). Specifically, the OAG added an eighth question and answer addressing whether information about a consumer purchasing non-prescription medication would be considered “consumer health data” subject to the law.
This post explains the shortcomings of this new guidance. And in doing so, it takes a long overdue deep dive into how MHMDA treats personal information related to prescription and over-the-counter medications. It concludes that while this guidance may provide some comfort to entities regulated under MHMDA that process information about the purchase of non-prescription medications like aspirin or vitamins, it is only part of a bigger picture that should be considered along with the statutory text and other factors in determining an appropriately risk-based approach to complaince with this challenging law.
Read MoreHintze Global Privacy and Security Updates
EDPB Adopts Opinion on the Validity of the “Consent or Pay” Model for Behavioral Advertisement
By Destiny Ginn
On April 17, 2024, The European Data Protection Board (‘EDPB’) issued an opinion on whether “consent or pay” models used by large online platform services are valid consent mechanisms under the GDPR. The EDPB stated, “In most cases, it will not be possible for large online platforms to comply with requirements for valid consent if they confront users only with a binary choice between consenting to the processing of personal data for behavioral advertising purposes and paying a fee.” If adopted, this opinion would ultimately change how valid legitimate consent is obtained by large and possibly small businesses.
Read MoreMaryland Legislature Advances Age Appropriate Design Code to Governor’s Desk
On April 6th, the Maryland Legislature passed the Maryland Age-Appropriate Design Code (“MD AADC”), sending the bill to Governor Moore’s desk. If signed, the MD AADC would take effect on October 1, 2024, with data protection impact assessments required by April 1, 2026.
Read MoreAssessing 'necessity' under state health privacy laws
By Felicity Slater and Kate Black in partnership with Future of Privacy Forum’s Jordan Wrigley, and Niharika Vattikonda
Washington state's My Health My Data Act and Nevada's Senate Bill 370 took effect 31 March, prompting entities that collect "consumer health data," as broadly defined by these laws, to assess their data collection, use and sharing through a novel lens. A unique requirement born out of these laws requires that entities analyze which elements of their health data collection, use and sharing are "necessary" to provide products or services requested by their consumers.
Read MoreHintze Global Privacy and Security Updates
HHS OCR Updates Guidance on Tracking Technologies
On March 18, 2024, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) revised its guidance on the "Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates."
Read More