On September 15, 2022, California Governor Gavin Newsom signed into law the bipartisan AB 2273, known as the California Age-Appropriate Design Code Act (“California Design Code”). The California Design Code aims to protect children online by imposing heightened obligations on any business that provides an online product, service, or feature “likely to be accessed by children.” Governor Newsom stated that…

On Thursday, September 22, at 10:00 AM ET, Debevoise’s Avi Gesser will teach the FiscalNote Executive Institute’s CLE class, “Ethical Use of AI and the Emerging Legal Landscape.”  Avi will be joined by Debevoise’s Anna Gressel, as well as Deepa Kairen, Associate General Counsel of AIG’s Innovation Legal Group. More information on the FiscalNote Executive Institute’s CLE class can be…

On August 24, 2022, the California Attorney General announced updates to its California Consumer Privacy Act’s (“CCPA”) enforcement case examples. A large number of the examples focused on compliance with the CCPA’s requirements for “sales” of personal information, including the obligation that businesses honor consumers’ use of a Global Privacy Control (“GPC”) opt-out signals. In a similar vein, the California…

Russia has enacted amendments to its Personal Data Law (the “Amendments”) that may have a significant impact on companies operating in Russia. The Amendments became effective on September 1, 2022, save for certain provisions that will become effective on March 1, 2023. This blog post addresses key aspects of the Amendments that impact multinational companies: (i) expanded extraterritorial effect; (ii) enhanced cross-border…

On August 31, 2022, the legislative session in California came to a close without any amendments that would further extend—or make permanent—existing limited exemptions under the California Consumer Privacy Act (the “CCPA”) for personal information collected from California individuals in context of recruitment and employment (“HR”) or business-to-business (“B2B”) arrangements. Unlike other state privacy laws, some of which exclude individuals…

As we noted in previous posts, on August 11, 2022, the Federal Trade Commission (“FTC”) announced its Advance Notice of Proposed Rulemaking (“ANPR”) seeking public comment on 95 questions focused on harms stemming from “commercial surveillance and lax data security practices” and whether new trade regulation rules under section 18 of the FTC Act are needed to protect people’s privacy…

On 18 July 2022, the UK government published the Data Protection and Digital Information Bill (the “Bill”), which proposes reforms to the UK’s data protection and e-privacy landscape in-line with the National Data Strategy. All companies that conduct business in the UK – whether on the ground or remotely – could be affected by the changes given the regime’s extraterritorial…

On August 11, 2022, the Federal Trade Commission (the “FTC”) announced its Advance Notice of Proposed Rulemaking (the “ANPR”) seeking public comment on 95 questions focused on harms stemming from “commercial surveillance and lax data security practices” and whether new trade regulation rules under section 18 of the FTC Act are needed to protect people’s privacy and information. In Part…

On August 11, 2022, the Federal Trade Commission (“FTC”) announced its Advance Notice of Proposed Rulemaking (“ANPR”) seeking public comment on 95 questions focused on purported harms stemming from “commercial surveillance and lax data security practices.” The ANPR also invites views as to whether new trade regulation rules under Section 18 of the FTC Act, or other regulatory alternatives, are…

On Wednesday, August 17, 2022, at 11:00 AM Eastern, Debevoise’s Avi Gesser and Anna Gressel joined Nicolette Nowak from Beamery to discuss New York City’s Automated Employment Decision Tool Law (“AEDT”), other similar laws and regulations, and what AI application providers can do to best assist their customers’ compliance efforts. More information on Beamery’s webcast, “Impending AI Regulatory Changes in…