Johanna Skrzypczyk – Debevoise Data Blog

Consent

What the GDPR Can Tell Us About State Privacy Laws

By: Johanna Skrzypczyk, Robert Maddox and Martha Hirst November 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. Recently, a number of U.S.…

Announcement

Webcast: NYDFS New Draft Amendments to Part 500 Cybersecurity Rules

By: Eric Dinallo, Avi Gesser, Erez Liebermann, Caroline Novogrod Swett and Johanna Skrzypczyk November 15, 2022

On Friday, November 18, 2022 at 10:30AM ET, Eric Dinallo, Avi Gesser, Erez Liebermann, Caroline Novogrod Swett, and Johanna Skrzypczyk participated in a webcast examining the new draft amendments to…

Cybersecurity

NYDFS Publishes Official Amendments to Its Cybersecurity Regulation

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Caroline Novogrod Swett, Johanna Skrzypczyk and Mengyi Xu November 10, 2022

On November 9, 2022, the New York Department of Financial Services (“NYDFS”) announced the publication of the official proposed amendments to its 2017 Cybersecurity Regulation 23 NYCRR 500 (“Proposed Amendments”).…

Privacy

Dark Patterns: What Are They and How Can Companies Avoid Regulatory Scrutiny?

By: Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts and Melissa Muse October 12, 2022

There has been significant regulatory attention recently to “dark patterns,” including FTC guidance, state privacy laws, and state and federal enforcement actions. Some of this activity involves new regulations, and…

Enforcement

Lessons from the SEC’s Most Recent Reg S-P Action

By: Avi Gesser, Kristin Snyder, Erez Liebermann, Charu Chandrasekhar, Johanna Skrzypczyk and Scott M. Caravello October 6, 2022

On September 20, 2022, the SEC announced settled charges and the imposition of a $35 million penalty against a dually registered investment adviser and broker-dealer (the “Firm”) for violations of Regulation…

Artificial Intelligence

FTC Proposed Rulemaking Part 4 — Reducing Risks Associated with Artificial Intelligence

By: Avi Gesser, Erez Liebermann, Paul D. Rubin, Johanna Skrzypczyk, Anna Gressel, Michael R. Roberts, Melissa Muse and Melissa Runsten September 29, 2022

As we wrote in previous posts, on August 11, 2022, the Federal Trade Commission (the “FTC”) announced its Advance Notice of Proposed Rulemaking (the “ANPR”) seeking public comment on 95 questions focused on harms…

Privacy

California’s Age-Appropriate Design Code Act Expands Businesses’ Privacy Obligations Regarding Minors

By: Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Michael Bloom, Martha Hirst and Alessandra G. Masciandaro September 19, 2022

On September 15, 2022, California Governor Gavin Newsom signed into law the bipartisan AB 2273, known as the California Age-Appropriate Design Code Act (“California Design Code”). The California Design Code…

CCPA

CCPA Enforcement Actions Take Aim at Sales of Personal Information

By: Avi Gesser, Johanna Skrzypczyk and Michael R. Roberts September 14, 2022

On August 24, 2022, the California Attorney General announced updates to its California Consumer Privacy Act’s (“CCPA”) enforcement case examples. A large number of the examples focused on compliance with…

CCPA

CCPA Will Cover Employee and B2B Data — Amendments Fail to Pass

By: Avi Gesser, Tricia Bozyk Sherno, Johanna Skrzypczyk and Michael R. Roberts September 2, 2022

On August 31, 2022, the legislative session in California came to a close without any amendments that would further extend—or make permanent—existing limited exemptions under the California Consumer Privacy Act…

FTC

The FTC’s Proposed Rulemaking Part 3 — Key Data Security Takeaways

By: Avi Gesser, Erez Liebermann, Paul D. Rubin, Johanna Skrzypczyk, Michael R. Roberts, Melissa Runsten and Anna Gressel August 29, 2022

As we noted in previous posts, on August 11, 2022, the Federal Trade Commission (“FTC”) announced its Advance Notice of Proposed Rulemaking (“ANPR”) seeking public comment on 95 questions focused…