The DPSA Blog

  • On April 18, 2024, Legislative Bill 1074 for the Data Privacy Act was approved by the Governor of Nebraska. In particular, the Act lays down consumer rights, controller and processor obligations, and grants the Nebraska Attorney General power to enforce the provisions of the Act. ...

  • On April 11, 2024, Legislative Bill 1074 for the Data Privacy Act passed its final reading in the Nebraska State Legislature and was signed by the President/Speaker of the Legislature on the same date. This follows the bill's introduction on January 9, 2024. ...

  • On April 2, 2024, the California Privacy Protection Agency's (CPPA) Enforcement Division published enforcement advisory No. 2024-01 titled 'Applying Data Minimization to Consumer Requests.' The enforcement advisory addresses data minimization as a foundational principle of the California Consumer P...

  • On April 2, 2024, the California Privacy Protection Agency's (CPPA) Enforcement Division published enforcement advisory No. 2024-01 titled 'Applying Data Minimization to Consumer Requests.' The enforcement advisory addresses data minimization as a foundational principle of the California Consumer P...

  • On March 21, 2024, Jamaica’s Prime Minister, Andrew Holness, in his 2024 Budget Debate speech, indicted that Jamaica’s Data Protection Act is a key element in the rollout of Jamaica’s national ID program. “A functional Data Protection Act and operational body is a prerequisite for the rollout of th...

  • On February 28, 2024, President Biden signed Executive Order 14117 (the Order) aimed at protecting Americans’ sensitive personal data and U.S. Government-related data from exploitation by “countries of concern.” This move constitutes a transformative overhaul in the U.S. approach to data regulation ...

  • On February 28, 2024, the European Data Protection Board (EDPB) launched its 2024 coordinated enforcement action, which will focus on the right of access. In particular, the EDPB explained that in order to gauge how organizations are complying with the right of access....

  • The cybersecurity framework was originally aimed at critical infrastructure organizations, but it has been widely used and widely recommended and NIST highlighted that CSF 2.0 is designed to help all organizations reduce risks, regardless of sector, size, or level of security sophistication. ...

  • The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that...

  • The California Attorney General (AG), Rob Bonta, announced, on February 21, 2024, that they had reached a $375,000 settlement with DoorDash, Inc. (DoorDash), in relation to allegations that the company violated the California Consumer Privacy Act (CCPA) and California Online Privacy Protection Act (...

  • US Privacy Law Updates Nebraska: Legislative Bill 308 which concerns an Act to adopt the Genetic Information Privacy Act passed the final reading in the Nebraska State Legislature and was presented to the Governor of Nebraska for signature. Virginia: House Bill 707 to amend Consumer Data Protectio...

  • On February 9, 2024, the Third Appellate District of California vacated a trial court’s decision that held that enforcement of the California Privacy Protection Agency’s (CPPA) regulations could not commence until one year after the finalized date of the regulations.  As DPSA previously reported, th...

  • In a shocking turn of events, a Superior Court for the County of Sacramento issued a ruling on June 30, 2023, enjoining the enforcement of the California Privacy Protection Agency’s (the “Agency’s”) California Privacy Rights Act (CPRA) modifications to the California Consumer Privacy Act (CCPA) regu...

  • The Dutch Data Protection Authority (AP) is imposing a fine of €10 million on Uber Technologies, Inc. and Uber B.V. (‘Uber’). The fine is in response to the company's failure to disclose the full details of its retention periods for data concerning European drivers, or to name the non-European count...

  • UK ICO warns organizations to proactively make advertising cookies compliant after positive response to November call to action...

  • On January 23, 2024, the French data protection authority (CNIL) published Decision No. SAN-2023-021, as issued on December 27, 2023, in which it imposed a fine of €32 million on Amazon France for violation of the General Data Protection Regulation (GDPR) following an investigation....