Spanish data protection authority, AEPD, imposes 10 Million EUR fine on a company, AENA for deploying a facial recognition system without an adequate DPIA. What does this mean for companies subject to US laws?
The decision clarified that the data protection impact assessment (DPIA) lacked key required components like the…
Continue Reading 10 Million EUR Fine Demonstrates Scope of Effort Needed for DPIAsA new draft Federal Executive Order released yesterday says: Maybe.
While the EU is busy…
Continue Reading Big Beautiful AI Bill: Is the US State AI law ban back on the horizon?EU Regulator Cookie Sweep Shows Importance of Website Tracking Compliance in the EU and US
New enforcement sweep on cookie banners, conducted by Netherlands privacy regulator, shows both EU and…
Continue Reading EU Regulator Cookie Sweep Shows Importance of Website Tracking Compliance in the EU and USState AG’s Ramping Up Enforcement of Student Data Privacy with new Landmark Settlement
The Attorney’s General of Connecticut, California and New York reached a $5.1 million settlement with…
Continue Reading State AG’s Ramping Up Enforcement of Student Data Privacy with new Landmark SettlementSubscribe to Privacy Compliance & Data Security
The Latest
New bill, proposed by Bill Cassidy (R-LA), Chair of the Senate Health, Education, Labor and Pensions Committee (HELP), purports to apply the privacy and security practices under the HITECH Act…
Continue Reading HIPAA, but for non-Covered Entities?Philippines Data Protection Authority: Biometric Data Is Not for Sale: Lessons for U.S. Privacy Law
The Philippines’ National Privacy Commission (NPC) has directed Tools for Humanity (Worldcoin) to stop processing biometric data, emphasizing that biometric information is not a commodity for trade.
“Biometric data is…
Continue Reading Philippines Data Protection Authority: Biometric Data Is Not for Sale: Lessons for U.S. Privacy LawA Bavarian court held that a store’s private security guard lawfully used a body-worn camera under Article 6(1)(f) GDPR to protect property, maintain order, and ensure staff safety, in a…
Continue Reading “Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail contextThe U.S. Department of Justice’s Sensitive Data Bulk Transfer Rule is in effect. That includes, as of Oct. 6, 2025, the requirements on due diligence and compliance.
What does this…
Continue Reading The Sensitive Data Bulk Transfer Rule: What You Need to KnowThe California Privacy Protection Agency (CPPA) recently issued a $1.35 million fine against a California business for privacy law violations. They also issued a detailed multi-year compliance plan.
These are…
Continue Reading CPPA Issues $1.35 Million Fine: What You Need to KnowThe European Data Protection Supervisor (EDPS) recently issued a TechDispatch on Automated Decision Making.
Here is what you need to know:
Part 1: 12 Myths About Automated Decision-Making (ADM) Systems…
Continue Reading Effective Human Oversight of Automated Decision-Making SystemsThe European Data Protection Supervisor (EDPS) recently issued a TechDispatch on Automated Decision Making.
Here is what you need to know:
Part 1: 12 Myths About Automated Decision-Making (ADM) Systems…
Continue Reading 12 Myths About Automated Decision-Making Systems, per the EDPSThe California Privacy Protection Agency recently published materials in advance of its upcoming discussion of the Delete Act Regulations, which regulate the centralized data broker Delete Request and Opt-out Platform…
Continue Reading What the CPPA Has to Say About the Delete Act and the DROPWhat California Employers Need to Know About the Use of High-Risk Automated Decision Systems
California may soon regulate the use of high-risk automated decision systems (ADS) by California employers. The state’s legislature recently sent SB-7 to Governor Gavin Newsom.
What do you need to…
Continue Reading What California Employers Need to Know About the Use of High-Risk Automated Decision SystemsAbout this Blog
There is a complex web of federal and state statutes and regulations that govern the gathering, use, and retention of private information. Yet many companies and institutions often have only a vague understanding of their rights, obligations, and potential liability. Fox Rothschild attorneys have the necessary experience to address investigations, claims, and lawsuits alleging violations in the privacy arena.