U.S. District Court for the Northern District of Georgia Judge Thomas Thrash Jr. granted a lawsuit against WebMD class-action status after the company allegedly violated the Video Privacy Protection Act, MediaPost reports. The lawsuit claimed WebMD shared user's video-viewing data with Meta without obtaining consumers' consent.Full story
The California Privacy Protection Agency Board will discuss the proposed Delete Request and Opt-Out Platform regulations during its 7 March meeting. The proposed DROP regulations were previously advanced during the CPPA's November board meeting and aim to develop a secure system for data deletion and opt-out requests.Full story
The Transatlantic Privacy Perceptions Panel launched a survey regarding emerging considerations in the professions of privacy, AI governance and data governance. The group aims use results to inform public and private-sector stakeholders as well as policymakers on notable trends cropping up across sectors.Full story
The U.S. District Court for the Southern District of New York dismissed a proposed class-action lawsuit after the court found a website's collection of IP addresses via pen register does not violate the California Invasion of Privacy Act. IAPP Staff Writer Lexie White reports on how the lawsuit's dismissal could reshape the growing trend of pen register litigation under the CIPA.Full story
The European Commission introduced its Cybersecurity Crisis Management blueprint that aims to increase coordinated efforts in the event of a cyber incident. European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy Henna Virkkunen said the framework is a "crucial step forward in reinforcing our collective cyber resilience."Full story
Israel's Privacy Protection Authority published guidelines for the use of privacy-enhancing technologies. The guide offers an overview for data protection officers and legal advisors handling privacy matters of emerging trends in PETs and provides examples of how to integrate them in processes, systems and projects.Full story
Ireland's Data Protection Commission sent its draft decision regarding a 2021 EU General Data Protection Regulation inquiry into TikTok to fellow EU data protection authorities 21 Feb., under its GDPR Article 60 obligations. The inquiry examined if TikTok transferred EU citizens' personal data to China and if the company complied with transparency requirements.
The U.S. District Court for the Southern District of New York blocked the U.S. Department of Government Efficiency from accessing the Department of the Treasury's payment systems until a resolution is reached on a state attorneys general lawsuit regarding the access, The New York Times reports.
U.S. President Donald Trump directed the Office of the U.S. Trade Representative to restart digital service tax investigations opened during Trump's first term, and open new investigations into countries' digital taxes that "discriminate against U.S. companies," Reuters reports. The White House emphasized EU scrutiny over its treatment of U.S.
Amid rulemaking for the U.S. Cyber Incident Reporting for Critical Infrastructure Act of 2022, McDermott Will & Emery Privacy and Cybersecurity Senior Associate Katelyn Ringrose, CIPP/E, CIPP/US, CIPM, FIP, Data Security and Privacy Partner Stephen Reynolds, CIPP/US, and White-Collar Crime and Cybersecurity Partner Sagar Ravi write the more covered organizations prepare now, the better positioned they will be to meet the 72-hour cyber incident and 24-hour ransomware payment reporting requirements.