Privacy and Data Protection News for April 2024

It has been a crazy month in privacy. Lots of stories, and several big events are coming up. So, let’s get into it!

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. New Hampshire passes privacy law. On March 7, 2024, the Governor of New Hampshire signed NH SB255, adding a new privacy law that establishes an expectation of privacy when using business websites. This privacy law provides privacy rights to residents of the State such as the right to obtain access to personal data, correct inaccuracies, delete personal data and opt out of certain uses of data such as sales or the use of data for targeted advertising. Learn more here. 
2. Florida man sues G.M. and LexisNexis over the sale of his car data. The lawsuit claims that the data broker LexisNexis shared information collected by the car’s systems with insurance companies without the car owner’s consent. Learn more here. 
3. Utah’s Governor signs HB174 establishing automatic renewal contract requirements. The Governor of Utah has signed a new law that delineates requirements for contracts for subscriptions that automatically renew. The law requires companies that offer such contracts to provide to customers the following information: the renewal date, the renewal cost and options to cancel the contract. If a trial period is offered, the business must disclose the following information to the consumer: the trial period offer expiration date, the price to be charged and options for canceling the contract. The law will go into effect on January 1, 2025. Learn more here.
4. UK ICO fines company £80,000 for spam call campaign. The fine stems from the company making 47,998 unsolicited calls to individuals on the Telephone Preference Service registry that have opted out of marketing calls. The company attempted to sell life insurance products to these individuals and allegedly would become insulting or aggressive during the calls and continued to harass individuals when they asked not to be contacted again. Read more here. 
5. DOT to review US airlines’ privacy practices. The U.S. Department of Transportation will study the privacy practices of the country’s top 10 airlines. The study will focus on how data is being collected, if appropriate security measures are implemented and whether airlines are illegally selling or sharing the information with third parties. Read more here. 
6. Quebec’s Data Protection Authority issues landlord data protection guidance. The DPA has released guidelines regarding personal information collected during the rental agreement process. The guidance provides information on how to verify the identity of a future tenant, how to verify the behavior of the future tenant and what information may be collected from tenants. Read more here. 
7. Collection of consumers’ birthdays may violate GDPR. Germany’s State Commissioner for Data Protection of Lower Saxony has stated that the date of birth of customers may not simply be requested as mandatory information when consumers are making purchases online. The guidance stems from a pharmacy that collected customer birth dates for purchases that did not include prescription medications. Learn more here.
8. Finland’s DPA fines online retailer for data retention issues. Finland’s Data Protection Authority has fined an online retailer €856,000 for violations of GDPR. The violations stem from alleged undefined data retention periods and requiring customers to make an account to purchase items online. Learn more here.
9. UK Parliament Committee to review EU-UK adequacy agreement. The UK House of Lords European Affairs COmmittee has launched a formal inquiry to review the data privacy adequacy agreement between the UK and the EU. The inquiry includes examining potential challenges to the existing regime and understanding the implications if the adequacy agreement was dissolved or disrupted. Read more here. 
10. CPPA releases 2024-2027 strategic plan. The strategic plan of the California Privacy Protection Agency outlines four major goals, strengthening public education, outreach and engagement, enforcing privacy laws, enhancing California privacy rights, and operational excellence. Read more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

• Georgia – GA HB798;
• Georgia – GA S473;
• Hawaii – HI SB1110/HB1497;
• Hawaii – HI SB 974;
• Hawaii – HI S 3018;
• Illinois – IL HB3385;
• Illinois – IL SB3517;
• Kentucky – KY S 15;
• Kentucky – HB24;
• Kentucky – HB15;
• Maine – ME SB807;
• Maine – ME HB1270;
• Maryland – MD HB 567 / SB 541
• Massachusetts – MA HD2281/SB745;
• Massachusetts – MA HD3263/SD1971;
• Massachusetts – MA HD3245
• Michigan – MI SB659
• Minnesota – MN SF950;
• Minnesota – MN HB2309;
• Nebraska LB 1294;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• North Carolina – NC SB525;
• Oklahoma – OK HB1030;
• Pennsylvania – PA HB708;
• Pennsylvania – PA HB1201;
• Pennsylvania – PA HB1947;
• Vermont – VT HB121
• Vermont – VT SB 269
• Washington – WA HB1616;
• West Virginia – WV HB5112;

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. The Intersection of Privacy and Security – April 4, 2024;
2. AI Overview in Hungary – April 9, 2024;
3. Privacy by the Numbers – May 7, 2024;

If you’ve made it this far, you’re one of us (a privacy nerd). If you can’t get enough of talkin’ privacy, be sure to check out our podcast: Privacy Lawls. We bring on the biggest names in privacy to talk about the industry and where it’s headed.

See you next month!