Inside Privacy

Updates on developments in data privacy and cybersecurity

On May 9, 2024, the Italian data protection authority (“Garante”) published a decision identifying the safeguards that controllers must put in place when processing health data for medical research purposes, in cases where data subjects’ consent cannot be obtained for ethical or organizational reasons.

The Garante’s decision follows a recent legislative development, enacted by Law

The French Public Health Code requires that certain service providers hosting health data hold a specific “HDS” certification.  In order to obtain this certification, providers must comply with the requirements set out in the “HDS” certification standard.  On May 16, 2024, France officially published an updated version of this “HDS” certification standard.

  • Key Changes
  • The

    Last month, the Federal Trade Commission (“FTC”) announced its enforcement action against telehealth firm, Cerebral, Inc. (“Cerebral”), for its alleged unauthorized disclosures of consumers’ sensitive personal health information and other sensitive data to third parties for advertising purposes in violation of the FTC Act.  The complaint also alleges that Cerebral violated the Opioid Addiction Recovery

    Yesterday, both houses of Illinois’ legislature passed S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA). The bill states that an entity that, in more than one instance, obtains the same biometric identifier or biometric information from the same person using the same method of collection, in violation of BIPA’s notice

    On April 26, 2024, the Office for Civil Rights (“OCR”) at the U.S. Department of Health & Human Services (“HHS”) published a final rule that modifies the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) under the Health Insurance Portability and Accountability Act (“HIPAA”) regarding protected health information (“PHI”) concerning reproductive health. We

    In 2020, Illinois residents whose photos were included in the Diversity in Faces dataset brought a series of lawsuits against multiple technology companies, including IBM, Facefirst, Microsoft, Amazon, and Google alleging violations of Illinois’ Biometric Information Privacy Act.[1] In the years since, the cases against IBM and FaceFirst were dismissed at the agreement of

    On April 24, 2024, President Biden signed into law H.R. 815, which includes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“the Act”), a bill that passed the House 414-0 as H.R. 7520 on March 20.  The Act is one of several recent actions by the U.S. government to regulate transfers of