Much like the state privacy legislation that have come before it, the Maryland Online Data Privacy Act of 2024 (MODPA) includes its own unique provisions that will add additional complexities to an organization's compliance efforts and data use strategy.
International firms, particularly those big Tech firms with operations in major markets such as China, EU and the US, are facing an increasingly challenging task in the evolving data security and personal information protection regulatory environment.
Aimed at restricting the flow of sensitive American data to "countries of concern" like China and Russia, this new executive order, signed by President Biden in February, has been framed by some as a step toward safeguarding the personal data of U.S. citizens from foreign threats.
A new report gave almost half of the 14 states that have laws on the books a failing grade and notes that industry lobbying influence on state data privacy laws has been very strong. California is the only state with a model that was not originally drafted by a big tech outfit.
As more states pass not just comprehensive privacy laws, but narrow legislation that focuses on children’s privacy, data brokers, and hopefully, the emerging trend of privacy-for-profit, the pressure to find solutions that support compliance, while saving resources in an unsettled market, is only going to grow.
In addition to five new state privacy laws, 2024 is expected to bring not only an amplified number of cyberattacks but also increasingly sophisticated attacks, including using emerging technologies such as artificial intelligence (AI), in what is a quickly and continuously evolving threat landscape.
The FTC’s new COPPA amendments would bolster children's privacy by further restricting how companies can collect, use and monetize the data of underage users, shifting a greater deal of responsibility for privacy online to service providers.
Washington’s My Health My Data Act (“MHMDA”) broad scope and definitions will undoubtedly expand its reach to data not normally considered health data and businesses who do not traditionally consider themselves to be health care providers or to be collecting consumer health data.
Approaching privacy and data protection with ethics beyond regulations means assessing its potential to harm people and society, generate negative behavior, or reflect discriminatory patterns. This needs to extend not only to data management but also to account security and transactions.
A press release from the Department of Science, Innovation and Technology (DSIT) framed the new UK GDPR draft as a "common sense" reduction of "pointless paperwork" that would save billions of dollars annually.