We are pleased to provide you with our law firm partners newsletter for August, 2023. With Oregon joining the state privacy law patchwork, there are even more updates to Privacy Policies coming for next year (as well as the already-scheduled updates for this year). We also launched a new podcast – Privacy Lawls, which will discuss the latest in privacy as well as explore the history of privacy and many other privacy-related topics with some of the best known names in the field. Make sure to check it out and listen here: https://pod.link/1697952198. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field.
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- FTC fines BetterHelp $7.8 million over sharing data. The Federal Trade Commission has finalized an order that requires BetterHelp, an online therapy tool to stop sharing sensitive health data for the purpose of advertising. The order also requires BetterHelp to pay $7.8 million for using and disclosing customers’ email addresses, IP addresses and health questionnaire information to Facebook, Snapchat, Criteo and Pinterest for advertising purposes despite promising consumers that it would not do so. Learn more here.
- Norway’s DPA banning behavioral advertising by Instagram and Meta. The Data Protection Authority of Norway has banned Instagram and Meta from behavioral advertising, citing that the DPA believes that these practices are illegal. The DPA stated that Meta’s advertising practices affect freedom of expression and information in society and that the tracking is difficult for most people to understand. Learn more here.
- Report shows 15% increase in data breach costs. A recent analysis of 553 data breaches between March 2022 and March 2023 by IBM Security and the Ponemon Institute shows a 15% increase in the costs associated with a breach. The average cost of a data breach spiked to $4.45 million, with breach detection and escalation costs increasing by 42% during three years. Read more here.
- Instagram settles for $68.5 million over alleged BIPA violations. Instagram has recently settled a lawsuit over alleged violations of the Biometric Information Privacy Act, with a total settlement pool of $68.5 million. Residents of Illinois who used Instagram between August 10, 2015 and August 16, 2023 may be eligible to receive a portion of the settlement funds. Read more here.
- EU-US Data Privacy Framework finalized. The Framework for transferring data from the European Union has been finalized. The framework provides a number of safeguards regarding the access to data by US public authorities, limiting data access to what is necessary and proportionate to protect national security. In addition, EU individuals will have access to an independent and impartial redress mechanism regarding the collection and use of their data by US intelligence authorities. Read more here.
- Colorado Privacy Act enforcement begins. The Colorado Attorney General notified businesses that the Colorado Department of Law will begin enforcing the Colorado Privacy Act. The Attorney General stated that “enforcement is a critical tool to protect consumers’ data and privacy.” The Attorney General’s Office is planning on sending out letters to make businesses aware of the law and to help them comply. If the Office becomes aware that organizations are refusing to comply with the law, then enforcement actions will be taken. Learn more here.
- Proposal would ban government entities from purchasing private data. A proposed amendment to the U.S. National Defense Authorization Act would ban government entities from buying private data that would require a police warrant to seize. The proposal focuses on location data, internet search history and web browsing history. Read more here.
- The European Commission proposes rules to increase GDPR enforcement. The European Union is proposing procedural rules that would strengthen GDPR enforcement in cross-border cases. The proposal harmonizes requirements for cross-border complaints and streamlines the dispute resolution mechanism. The Commission stated that these changes would mean quicker remedies for consumers. Read more here.
What privacy bills are we tracking?
As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
- Delaware – DE HB154
- Georgia – GA HB798;
- Hawaii – HI SB1110/HB1497;
- Hawaii – HI SB 974;
- Illinois – IL HB3385;
- Indiana – IN HB 1554;
- Iowa – IA House File 2506;
- Iowa – IA House Study Bill 12;
- Kentucky – KY S 15;
- Louisiana – LA SB199;
- Maine – ME SB807;
- Maine – ME HB1270;
- Maryland – MD HB807;
- Massachusetts – MA HD2281/SB745;
- Massachusetts – MA HD3263/SD1971;
- Mississippi – MS SB 2080;
- Minnesota – MN SF950;
- New Hampshire – NH SB255;
- New York – NY S2277;
- New York – NY SB365;
- New York – NY SB3162;
- New York – NY AB4374;
- New Jersey – NJ S 332;
- New Jersey – NJ A505;
- New Jersey – NJ A 1971;
- North Carolina – NC SB525;
- Oklahoma – OK HB1030;
- Pennsylvania – PA HB708;
- Pennsylvania – PA HB1201;
- Washington – WA HB1616;
- West Virginia – WV HB3453;
- Vermont – VT HB121
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: