DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.
Cross-Border Data and Transfers
Cross-border data transfers are a flashpoint in global privacy law, particularly between the EU and U.S. Mechanisms like the EU-U.S. Data Privacy Framework and Standard Contractual Clauses face ongoing scrutiny by courts and regulators as global corporate operations must sync with divergent national regulatory environments. This legal uncertainty has pushed companies to adopt more rigorous transfer impact assessments and contractual safeguards. This page tracks regulatory developments, enforcement actions, and emerging requirements for international data flows.
Though many digital health apps and online platforms fall outside the scope of the Health Insurance Portability and Accountability Act (HIPAA), courts and regulators are using other tools to expand enforcement against them when they share sensitive health data without consent, said Sheppard Mullin lawyers in a blog post.
Many industries are sounding the alarm over proposed rules to implement the New Jersey Data Privacy Act. In comments submitted by the Sept. 2 deadline, industry officials said a draft by the attorney general’s Division of Consumer Affairs is too burdensome and exceeds what’s allowed under the NJDPA and other laws. On the flip side, several consumer privacy advocates suggested that the state legislature should overhaul the law itself to make it far stricter.
Brazil ensures a level of data protection comparable to the EU's and merits an adequacy decision to allow cross-border data flows, the European Commission said Friday.
The EU General Court threw out a challenge to the EU-U.S. Data Privacy Framework (DPF) on Wednesday, confirming that the U.S. adequately protects Europeans' personal data and that trans-Atlantic data flows can continue.
Congress should amend the Gramm-Leach-Bliley Act and preempt all state privacy laws from regulating financial services, the Mortgage Bankers Association (MBA) said in comments to the House Financial Services Committee.
As the next deadline nears for DOJ’s bulk data transfer rule, “businesses must continue to take proactive steps to understand and implement the rule’s complex compliance requirements,” said Benesch privacy and tech attorneys in a blog post Friday.
Checking data flows and technologies on the back end to make certain that consumer opt-out requests are honored is a crucial step in compliance, Kelley Drye privacy lawyers said Thursday during the firm's webinar on opt-out compliance.
Colorado's proposed draft amendment on kids' privacy in a rulemaking for implementing changes to the Colorado Privacy Act reflect the ongoing trend of states expanding privacy protections for their constituents beyond federal law, said Morgan Lewis lawyers in a blog post Tuesday.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.