Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe.
To read more issues of Katten's Privacy, Data and Cybersecurity Quick Clicks, please click here.
European Commission Approves the EU-US Data Privacy Framework
By Trisha Sircar
On July 10, the European Commission approved a new adequacy decision on the EU-US Data Privacy Framework. "On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards," as stated in a press release. The much-anticipated decision provides EU companies with an additional mechanism to legitimize their transatlantic data transfers. Read more about the adequacy decision and how it impacts the transfer of personal data from the EU to the US.
Federal Trade Commission Updates Endorsement Guides and Proposes New Rule on Consumer Reviews
By Kristin Achterhof, Christopher Cole, Jessica Kraver and Cynthia Martens
On June 29, the FTC released final revised Endorsement Guides, the first full-scale revision in 14 years that addresses best advertising practices and deceptive pitfalls. The updated Endorsement Guides reflect today's changed media landscape with at least 72 percent of US adults using social media sites, indicating that consumers of all ages regularly interact with advertisers across a variety of platforms. Read how the updated Guides will help advertisers ensure transparency across channels.
California Court Delays Enforcement of CPRA Until March 2024
By Trisha Sircar
The California Superior Court ruled on June 30 that the California Privacy Protection Agency (CPPA) cannot begin enforcement of the California Privacy Rights Act of 2020 until March 29, 2024. Enforcement of the regulations was otherwise slated to commence on July 1. The California Chamber of Commerce filed a lawsuit against the CPPA, arguing the CPPA broke its own law when it didn't pass regulations by July 1, 2022, and that businesses would not have as much time as the law allows for them to prepare. Read more on the recent court ruling and impending draft regulations.
SEC Sends Ominous Warning to CISOs and Cybersecurity Professionals With Wells Notice Concerning SolarWinds Breach
By Danette Edwards, Trisha Sircar and Caron Song
Information technology firm SolarWinds disclosed in its June 23 Form 8-K filing that "certain current and former executive officers and employees," including SolarWinds' Chief Financial Officer and Chief Information Security Officer (CISO), had received Wells Notices from the US Securities and Exchange Commission (SEC) in connection with the major 2020 SolarWinds cybersecurity breach. This is thought to be the first time that a CISO has received a Wells Notice. The notifications to the individuals are likely a harbinger of enhanced SEC scrutiny and greater legal risks for many cybersecurity professionals. Read more about the SolarWinds breach that prompted the Wells Notices.
ICYMI: Emerging Trends in Biometric Data Regulation and Litigation
Presented by Charles DeVore and Geoffrey Young
On July 13, Litigation partners Charles DeVore and Geoffrey Young presented the "Emerging Trends in Biometric Data Regulation and Litigation" webinar. The speakers discussed the rising tide of biometric regulation and litigation as the penalties for companies' missteps regarding the collection and use of biometric information continue to grow in today's changing regulatory landscape.
