Apple recently announced that beginning in spring 2024, developers of certain SDKs and apps that use those SDKs will be required to include a “Privacy Manifest,” which lists all tracking domains used in the relevant SDK or app. To determine whether this is relevant to your company, a list of SDKs that require a Privacy … Continue reading
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors. The CIRCIA was originally enacted in part as a response to recent attacks on … Continue reading
On 11 March the Council of the EU confirmed the provisional agreement reached on the Platform Workers Directive (the Directive). The Directive aims to improve the working conditions of those who work on platforms in the gig economy and will also regulate the use of algorithms by digital labour platforms. Employment protection The EU suggests … Continue reading
Dealing with cert pinning and root detection The privacy area has been white-hot lately, including litigation and investigations involving VPPA; Wiretap/Pen Register/Trap and Trace; and Opt Out Compliance. Furthermore, with the HHS updates on tracking in the HIPAA context, and the new state privacy laws (such as the My Health My Data Act), we can … Continue reading
On 1 March 2024, Singapore’s Personal Data Protection Commission (PDPC) issued the Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems (AI Advisory Guidelines). These AI Advisory Guidelines followed a public consultation which concluded in August 2023. Our blog post on the public consultation for the draft AI Advisory Guidelines … Continue reading
On March 18, 2024, the US Department of Health and Human Services (HHS) issued an updated, 17-page Bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates (the Bulletin). Our readers may recall that HHS had originally issued the Bulletin in December of 2002, which we summarized here. HHS’ changes are generally clarifications … Continue reading
On 7 March 2024, the European Court of Justice (the ECJ) published an important decision in relation to IAB Europe’s Transparency and Consent Framework (the TCF). The judgment of the ECJ is unsurprising given previous case law on the definitions of “personal data” and “controller” under the GDPR and the ECJ’s emphasis that the overarching … Continue reading
Earlier this week the ICO launched a call for views on the “pay or okay” business model. By way of recap, this model gives users of online services the choice to either consent to personalised advertising using their data or to pay a fee to access an ad-free version of the service. In its blog … Continue reading
Approximately at the same time as the Executive Order that we described in Part 1 was issued, the Attorney General (AG) unofficially released 90 pages of Advanced Notice of Proposed Rulemaking (ANPRM), which will become official once published in the Federal Register. The AG has proposed several regulations, and has solicited public comments on over … Continue reading
On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern. The 17-page Executive Order pointed out that “countries of concern” could use bulk sensitive data in a variety of ways that could adversely affect U.S. national security, … Continue reading