Google Play’s “data safety form” is now live. Developers can now submit the form for early review and feedback. Starting in April 2022, Google will require this label and a privacy policy for all new and existing apps. This is similar to Apple. Before, only apps that collected personal and sensitive user data needed to share a privacy policy in Google’s store.

Continue Reading Google’s Privacy “Data Safety” Form Is Now Available

New York recently enacted a law governing employee monitoring. The law applies to New York employers who monitor employees through electronic devices. This includes monitoring of telephone, emails, and internet access or usage. The law takes effect May 7, 2022.

Continue Reading New York Imposes New Requirements for Employee Monitoring

The Food and Drug Administration recently sought comments on the role of transparency for artificial intelligence and machine learning-enabled medical devices. The FDA invited comments in follow up to a recent workshop on the topic.

Continue Reading FDA Joins Other Regulators in Focus on AI and Machine Learning

The Office of the Australian Information Commissioner issued a determination earlier this fall about 7-Eleven’s use of “faceprints.” The OAIC found the convenience store improperly collected faceprint information without getting individuals’ consent in violation of the Privacy Act.

Continue Reading Australia Objects to 7-Eleven’s In-Store Use of Facial Recognition Technology

The SEC’s enforcement action with a leading seller of market data (App Annie Inc.) signals its concern with misleading data use representations. While the data at issue was not “personally identifiable” information, but instead corporate confidential information, the SEC’s concerns mirrored those that we have previously seen from that agency, as well as others, regarding representations made about personal information.

Continue Reading Implications of SEC’s Scrutiny of Data Use Representations

The Chinese agency charged with implementing and enforcing the new Personal Information Protection Law has issued draft measures for cross-border data transfers. Comments are due by November 28. As we detailed previously, the law requires that the Cyberspace Administration of China (CAC) conduct security assessments prior to certain information transfers out of China. Those situations included if the information transferred reached “significant” thresholds. Those thresholds have now been clarified in the draft.

Continue Reading China Draft PIPL Measures Outlines Thresholds for CAC Security Assessments

The Department of Defense (DOD) recently announced several changes to its Cybersecurity Maturity Model Certification program. The program applies to those who serve as contractors and suppliers to the DOD. As described in our sister blog, the new version of the program – “CMMC 2.0” – has several important differences from the original program. CMMC 2.0 is anticipated to go into effect anywhere from nine to 24 months from now.

Continue Reading Updates Announced to Department of Defense Cybersecurity Certification Program

The Federal Trade Commission recently issued a new enforcement policy statement about “dark patterns:” programs that attempt to “trap” consumers into service contracts. These programs usually take the form of negative option marketing programs, according to the FTC, and are regulated under most states’ laws as well as the Restore Online Shoppers Confidence Act (ROSCA).

Continue Reading FTC To Focus Enforcement Efforts on Dark Patterns

The FTC recently announced a final rule updating its GLBA Safeguards Rule to “strengthen the data security safeguards” of consumer financial information. The FTC reported that it was making these changes in response to widespread data breaches and cyberattacks.  As we reported in our sister blog, the changes will mean that a broad range of non-banking financial institutions may need to make updates to their data security policies and procedures. The new requirements go into effect in November 2022.

Continue Reading Non-Banking Institutions Will Want to Review Security Measures in Light of Update to Safeguards Rule

Apple has issued new guidelines for apps that let people create accounts. The guidelines will require these apps to give people a way to delete their accounts. This requirement is broader than CCPA and GDPR deletion rights, as it applies to all users (not just those from specific territories). The requirements go into effect for submissions starting January 31, 2022.

Continue Reading Apple To Require Ability to Delete Accounts In-App