Call Us Today! 1.555.555.555 |

Hintze Law Global Privacy Law Updates

Here’s a round up of a few of the privacy developments we followed from the past couple of months between December 2021 and February 2022. If you missed our last post, you can find it here.

United States Privacy Updates:

Adtech: Companies continue to grapple with cookie-less future

  • Google abandoned its plans to replace its third-party marketing cookies with Federated Learning of Cohorts (“FLoC”) following pushback from privacy advocates.  In place of FLoC, Google has announced the “Topics API,” which will assign users interests—or topics—based of their web activity.  Topics will be selected and stored locally and will be reassigned each week.
  • The impact of Apple’s privacy changes in iOS14 became clearer following release of Q4 results in early 2022.  Meta estimated that the changes could result in a $10 billion drop in ad sales this year.

Standards: NIST publishes new assessment framework for security and privacy

Broadband: FCC approves Nutrition Labels for broadband services

FDA: Draft Guidance on Use of Real-World Data Released

FTC: New Guidance on FTC’s Health Breach Notification Rule

 FTC: COPPA Enforcement Against OpenX

  • The FTC required an online advertising platform OpenX Technologies, Inc. to pay $2 million to settle claims the company violated COPPA by allowing child-directed apps to participate in its ad exchange and collected geolocation data from users who had opted-out of such tracking.

U.S. States Privacy Updates:

Biometric Privacy: More States Introducing BIPA-Like Bills

  • Legislators in Kentucky introduced HB32, a BIPA copycat that includes a private right of action.
  • Similarly, legislators in Maryland introduced HB0259.  HB0259 would introduce new compliance obligations on companies as it diverges from the BIPA mold.

Comprehensive Data Privacy Bills Filed Across the Country

New state bills have been introduced in:

States File Suit Against Google

  • Attorneys general from Texas, Washington, D.C., and others filed suit against Google, claiming that the company obtained location information from users through dark patterns.  The suits are based on state consumer protection laws.

California: AG CCPA Enforcement Actions Continue While CPPA Preliminary Rulemaking Takes Shape

  • The California Privacy Protection Agency released comments submitted in response to the Agency’s September 2021 invitation for preliminary comments.
  • On Data Privacy Day 2022, California Attorney General Rob Bonta announced a new round of CCPA warning letters.  The sweep was focused on companies operating loyalty programs that implicated CCPA’s financial incentives requirements.
  • SB 746, if passed and signed by the Governor, would amend the CCPA and CPRA to require that business disclose to consumers whether personal information was used for political purposes and, if so, disclose how that information was used.

District of Columbia: Stop Discrimination by Algorithm Act Introduced

  • Attorney General Karl Racine introduced legislation that would increase transparency around automated decision-making and prohibit use of algorithms that produce discriminatory results in education, employment, housing, and services such as credit, health care, and insurance.

Pennsylvania: Expanded Data Breach Bill

  • The Pennsylvania Senate is considering SB696, which would extend breach notification rules to state agencies.

Virginia: Amendments Proposed to VCDPA

  • 7 amendments to the VCDPA are being considered in the Virginia Legislature.  The amendments touch on topics ranging from the right to delete to the definition of nonprofit.

Asia Privacy Updates:

China: Personal Information Protection Law Takes Effect

  • Following the November 1 implementation date for PIPL, the Ministry of Industry and Information Technology ordered Tencent to pause its roll-out of new apps and updates.

Europe Privacy Updates:

Google Analytics Decision: The Austrian DPA held that international transfers via Google Analytics Violated the GDPR

  • In the continuing saga of international transfers, the Austrian DPA held that an Austrian website violated the GDPR by maintaining Google Analytics on its site.  The parties relied on SCCs, but neither the SCCs nor other measures taken by Google overcame the risk posed by potential US government surveillance.  The DPA made clear that additional measures must be taken specifically to thwart US surveillance activities.  If this decision is followed across Europe and no replacement for Privacy Shield is agreed to, international transfers from the EU to the US will be severely hampered.

IAB Releases New Guides to Connected TV and In-App Advertising

  • The Guide to CTV Targeting and Measurement expands upon the industry group’s existing guidance on connected TVs, including its general guidance, a focus on programmatic opportunities, and a guide to brand safety.
  • The organization also released its new Guide to In-App Advertising, which focuses on an overview of the ecosystem and as well as the key changes taking place.

New Guidelines on Right of Access under GDPR

  • The European Data Protection Board released new guidance on the right of access.  The guidance expands upon the right by providing more information on considerations such as scope, information required to be provided, formatting of requests, and responses to manifestly unfounded or excessive requests.

Emerging Policies on Digital Rights and AI

New CNIL Guidance on Processor Use of Data

New UK Model Clauses Submitted to Parliament

Belgian DPA Issues Fine Against IAB Europe

Irish DPC Publishes Final Guidance on Children’s Privacy

Clearview AI Ordered to Stop Processing in France

  • CNIL ordered Clearview AI to stop collecting and using data from people within the French territory, citing Clearview AI’s lack of legal basis for its original collection of data.  CNIL also found that Clearview AI had failed to respect individuals’ subject access request rights.

Meta and Google Fined Over Cookie Practices

  • Facebook and Google were fined €60M and €150M respectively by CNIL for the companies’ methods for collecting cookie consents.  CNIL, acting under the ePrivacy Directive, said that the companies made accepting cookies easier than rejecting them.

Hintze Law PLLC is a Chambers-ranked, boutique privacy firm that provides counseling exclusively on global data protection. We support technology, ecommerce, advertising, media, retail, healthcare, and mobile companies, organizations, and industry associations in all aspects of privacy & data security.

Go to Top

Thanks you for your interest in having an expert consulation. Place provide the information below and we will be in touch with you shortly to schedule the consulation.

Please Fill All required fields to proceed..

Thank you for contacting us. We will be in touch with you soon.