The California Attorney General and Los Angeles City Attorney last week jointly settled an enforcement action against a mobile gaming company (“the Company”) for alleged violations of the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and the state’s Unfair Competition Law. The city and

On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed in further detail below, the Amendments will require broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and transfer agents registered with the SEC or other

Jena M. Valdetero, Co-Chair of the firm’s Data Privacy and Cybersecurity Practice, and Steven M. Malina, a member of GT’s Litigation Practice, were quoted in a Dark Reading article titled “Orgs Face Major SEC Penalties for Failing to Disclose Breaches.”

Click here to read the full article, published by Dark Reading

Greenberg Traurig Data Privacy & Cybersecurity attorneys Gretchen Ramos, Darren Abernethy, and Zachary Schapiro will present the CLE webinar, “U.S. Consumer Health Data Privacy Laws in 2024: Washington’s My Health My Data Act and Related State and Federal Developments,” Tuesday, Feb. 27, 2024. State legislatures and the Federal Trade Commission have begun

In this episode of Legal Food Talk, host Justin Prochnow welcomes colleague Tyler Thompson from GT’s Data Privacy and Cybersecurity team to discuss the responsibilities of companies to protect data. Tyler breaks down the overall regulation of data collection and the web of different state laws and regulations, making it more difficult for companies to

On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title

Not necessarily. 

Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place. 

If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the

Under the GDPR, controllers are required to provide individuals with information relating to what personal data is processed, and how that processing takes place. Some supervisory authorities have specifically taken the position that organizations which use personal data to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data subjects

Data is typically needed to train and fine-tune modern artificial intelligence (AI) models. AI can use data—including personal information—to recognize patterns and predict results.

The GDPR permits controllers to process personal information if one (or more) of the following six lawful processing purposes applies:[1]

  1. Consent. A company may process personal information if it collects

The term “targeted advertising” is defined relatively consistently between and among modern U.S. data privacy statutes with the notable exception of California which deviates somewhat in the California Privacy Rights Act’s (CPRA) definition of the similar term “cross-context behavioral advertising” by omitting any reference to tracking a person over time or making predictions about a