Privacy News for February 2024

We’ve had some exciting privacy news this month, including the passage of New Jersey’s privacy law on January 16th. In addition, we have recorded a new episode of Privacy Lawls that discusses Data Privacy Week with Lisa Plaggemeier (Executive Director of the National Cybersecurity Alliance). You can check out the episode and learn more about Data Privacy Week here. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field!

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. New Jersey passes privacy law. On January 16, 2024, the Governor of New Jersey signed NJ SB 332, passing a comprehensive privacy law. The law will go into effect on January 16, 2025 and will provide privacy rights to residents of New Jersey and will require companies that need to comply with the law to provide a comprehensive and up to date Privacy Policy with certain disclosures. Read our Compliance Guide here. 
2. Amazon fined for employee surveillance privacy violations. France’s Data Protection Authority, CNIL, has fined Amazon 32 million euros for allegedly over-surveilling its warehouse employees and keeping data for longer than was deemed necessary. Amazon’s employees were equipped with a scanner which recorded the execution of their tasks and CNIL found that such surveillance was excessive. Learn more here. 
3. United Kingdom’s Information Commissioner’s Office fines two companies 250,000 GBP. The company Poxell was fined 150,000 GBP for allegedly making more than 2.6 million marketing calls without consumer consent. Skean Homes was fined 100,000 GBP for allegedly making over 60,000 unsolicited marketing calls. Learn more here. 
4. European Commission upholds adequacy decisions. The European Commission has published a report reviewing 11 of the 16 data adequacy decisions. The report found that Andorra, Argenta, Canada, the Faroe Islands, Guernsey, The Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay all satisfy equivalency to the EU’s General Data Protection Regulation and that data transfers to these countries from the EU may continue. Read more here. 
5. Denmark’s Data Protection Authority lists priorities for 2024. The list of priorities for 2024 for the authority include the use of AI, monitoring of employees, data subject rights, online and physical shopping, municipal web archives, private schools and more. Read more here. 
6. Yahoo fined 100 million Euros for cookie consent violations. France’s Data Protection Authority, CNIL, has fined Yahoo over 10 million Euros for alleged violations of the ePrivacy Directive. CNIL found that Yahoo placed over 20 cookies on a user’s device without their consent and made it difficult to withdraw consent. Read more here.
7. 26 billion record leak. Security researchers have found a database that contains approximately 26 billion records that were leaked.  Records include information from users of Twitter, Dropbox, LinkedIn, Adobe, Canva, Telegram and more. Learn more here. 
8. California Privacy Protection Agency launches privacy information website. The CCPA has launched a new website that is a resource hub for residents of the State to learn more about their privacy rights and how they can protect their privacy. The website also includes information resources for businesses. Visit the website here.
9. General Data Protection Regulation Fines and Data Breach Survey Results published. DLA Piper has released its annual report on the GDPR. The survey found that EU authorities have issued 1.78 billion Euros in fines since January 2023, which is a 14% increase from 2022. Learn more here.
10. California Attorney General issues privacy law violation notices to streaming services. The Attorney General of California has announced that his office is issuing noncompliance notices to streaming service providers, alleging violations of CCPA/CPRA. The letters state that noncompliance stems from failure to offer users easy opt-out mechanisms for the sale of their personal information. Read more here.   

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog. 

• Georgia – GA HB798;
• Hawaii – HI SB1110/HB1497;
• Hawaii – HI SB 974;
• Hawaii – HI S 3018;
• Illinois – IL HB3385;
• Kentucky – KY S 15;
• Kentucky – HB24;
• Maine – ME SB807;
• Maine – ME HB1270;
• Maryland – MD HB 567 / SB 541
• Massachusetts – MA HD2281/SB745;
• Massachusetts – MA HD3263/SD1971;
• Massachusetts – MA HD3245
• Michigan – MI SB659
• Minnesota – MN SF950;
• Nebraska LB 1294;
• New Hampshire – NH SB255;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• North Carolina – NC SB525;
• Oklahoma – OK HB1030;
• Pennsylvania – PA HB708;
• Pennsylvania – PA HB1201;
• Pennsylvania – PA HB1947;
• Vermont – VT HB121
• Vermont – VT SB 269
• Washington – WA HB1616;
• West Virginia – WV HB5112;

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. TIPS Cybersecurity Data Privacy Conference – March 14, 2024 to March 15, 2024.
2. Explore SciTech: A Virtual Fireside Chat with the ePrivacy Law Committee – March 19, 2024; 
3. Cloud/Privacy/AI: Trends and Legal Implications: March 14, 2024. 

That’s it, you’re all caught up on the news to kick off your February! Looking for more information? Check out the Termageddon blog.