Photo of Julia Jacobson

Julia Jacobson

In 2023, we analyzed the laws in Arkansas, Texas and Utah that require age verification and parental consent before allowing minors to create accounts on social media and other interactive platforms.  A similar law – Secure Online Child Interaction And Age Limitation (SOCIAL) Act – was passed in Louisiana, which has an in-force date of July 1, 2024.  Ohio legislators also enacted the Parental Notification by Social Media Operators Act (Ohio Act).  All of these laws have requirements that are similar to the proposed federal law titled Kids Online Safety Act” (KOSA), which we explain in a companion post).Continue Reading Protecting Kids Online – Part II

Protection for minors online continues to top the list of U.S. regulatory and legislative priorities in 2024. So far in 2024, legislators in California introduced several bills focused on minors; Congress held hearings and advanced federal legislation protecting minors online; and constitutional challenges to 2023 state laws focused on minors’ social networking accounts advanced in the Courts. Congress and the Federal Trade Commission (FTC) are looking to update the Children’s Online Privacy Protection Act and corresponding Rule, as detailed in another post. However, the proposals explained in this post extend far beyond online privacy concerns, and we believe more focus on minors’ online safety is on the way.Continue Reading Protecting Kids Online: Changes in California, Connecticut and Congress – Part I

Online privacy and safety of children and teens are hot legislative topics this year. In a companion post we provide an update of federal and state legislative efforts to fundamentally change how online content and advertising are delivered to children and teens. We have previously discussed legislation in California and Connecticut to require assessments of online privacy impacts on minors. In this post we focus on proposed regulatory and legislative changes to the 1998 Children’s Online Privacy Protection Act (COPPA) (effective in 2000) and its corresponding regulations (COPPA Rule), which were last updated in 2013.Continue Reading Federal Children’s Privacy Requirements to Be Updated and Expanded

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready

The first month of 2024 brought two new state privacy laws. On January 18, the New Hampshire legislature passed the 15th US state consumer privacy law (notably, still subject to some procedural requirements and signature by Governor Chris Sununu before it is officially law). The New Hampshire law was passed a few days after New Jersey’s new consumer privacy law (Approved P.L.2023, c.266) was signed into law on January 16. 

Both new state consumer privacy laws follow the now-familiar format, offering consumer privacy rights and requiring role-based data processing agreements, but with a few notable differences. A more detailed comparison follows.Continue Reading New Jersey and New Hampshire Pass Consumer Privacy Laws – and 11 Other States Are Considering Similar Laws

Most U.S. public companies are gearing up to prepare and file their annual reports (Forms 10-K) between February 29th and April 1st.  This year’s preparations will be busier because the Regulations on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (Cyber Risk Regulations) issued by the Securities and Exchange Commission’s (SEC) are now in force. Continue Reading FBI and DOJ Issue Guidance on SEC Incident Reporting Delay Requests

On Devil’s Night Day, two significant AI developments were announced. First, the White House’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (“AI EO”)Second, the Group of 7 (“G-7”) announced its International Guiding Principles on Artificial Intelligence (“G-7 Principles”) and companion Code of Conduct for AI Developers (“G-7 Code”). All are three broad strokes – the devil will be in the details. 

Following is a short summary of each but please check back soon for more analysis and key takeaways for businesses and their AI governance programs.Continue Reading Two Significant AI Announcements:  Spooky for AI Developers?

Mr. Philippe Latombe, a French member of Parliament, beat privacy activist Max Schrems to the punch! Despite Mr. Schrems’ many statements against the EU-US Data Privacy Framework (DPF), Mr. Latombe was the first to file a request in the EU’s General Court to seek the annulment of the DPF and, separately, an interim measure to suspend

The UK government has published its “adequacy decision” to allow transfers of personal data from the UK to U.S. businesses that have completed certification to the EU-U.S. Data Privacy Framework (DPF). The UK’s adequacy decision creates a “UK Extension” to the DPF that takes effect on October 12, 2023, a little more than three months after the EU’s adoption of DPF. (Please see our DPF FAQS for more information about DPA.)Continue Reading The UK Adequacy Decision for the EU-U.S. Data Privacy Framework

Since our July 13 post about the European Commission’s formal adoption of the EU-U.S. Data Privacy Framework (EU DPF), members of our Data Privacy, Cybersecurity & Digital Assets Practice have been hard at work helping clients prepare for and complete the certification process. We prepared for our readers answers to some of the most frequently asked questions we have received over the past few months.Continue Reading You have Questions, We have Answers: Data Privacy Framework FAQs