On September 8, 2022, the Federal Trade Commission (FTC) held a virtual public forum on the agency’s release last month of an Advance Notice of Proposed Rulemaking (ANPR) to regulate the protection of consumers’ privacy and data security, which we covered in a prior Legal Update. In addition to allowing the public the opportunity

On August 11, 2022, the Federal Trade Commission (FTC) voted 3-2 on partisan lines to file an Advance Notice of Proposed Rulemaking (ANPR) that would regulate the protection of consumers’ privacy and data security in a rulemaking titled “Trade Regulation Rule on Commercial Surveillance and Data Security.”

The release of this ANPR—in the midst of

On May 19, 2022, the Federal Trade Commission (FTC) unanimously approved a policy statement on education technology (EdTech) and the Children’s Online Privacy Protection Act (COPPA). Characterized as part of a larger effort to “crack down on companies that illegally surveil children learning online,” the policy statement itself merely highlights pre-existing obligations under

Strengthening the nation’s cybersecurity has been a top priority for the Biden administration, as reflected in its collaboration with industry, regulatory actions, and the legislation it has supported in Congress, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Executive action has been a key tool in the Biden administration’s cyber policymaking toolkit.

On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The

In furtherance of a 2018 request from the Aerospace Industry Association (“AIA”), the Wireless Telecommunications Bureau (“Bureau”) of the US Federal Communications Commission (“FCC”) has resumed its examination as to how best to license unmanned aircraft systems (“UAS”) or drones. On August 20, the Bureau released a Public Notice1 seeking updated public input on

Issued against the backdrop of recent high-profile cyber incidents, President Biden’s Executive Order on Improving the Nation’s Cybersecurity sets forth ambitious initiatives and aggressive timelines for strengthening the cybersecurity of the federal government and the companies with which it does business. Critically, it also seeks to shape cyber practices across the economy more broadly, including

President Biden issued the Executive Order on Improving the Nation’s Cybersecurity (“Cyber EO”) on May 12, 2021. The Cyber EO is ambitious in scope and sets aggressive timelines for its implementation. It seeks to both strengthen the cybersecurity of the federal government and push the private sector to further strengthen its approach to cybersecurity. Indeed,

Virginia has become the second state to enact a comprehensive consumer data privacy statute in the United States. Signed into law by Virginia Governor Ralph Northam on March 2, 2021, the Consumer Data Protection Act (“CDPA”) will take effect on January 1, 2023. While the CDPA shares some key components with the California Consumer Privacy

While most companies are squarely focused on the California Consumer Privacy Act (CCPA), 2019 has seen other major developments on data privacy and security. Several states have reacted to the CCPA by passing or pursuing their own security and privacy legislation, and others will likely follow. Namely, Nevada, New York, Maine and North Dakota have