Data Privacy & Cybersecurity

On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title

Not necessarily. 

Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place. 

If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the

Under the GDPR, controllers are required to provide individuals with information relating to what personal data is processed, and how that processing takes place. Some supervisory authorities have specifically taken the position that organizations which use personal data to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data subjects

Data is typically needed to train and fine-tune modern artificial intelligence (AI) models. AI can use data—including personal information—to recognize patterns and predict results.

The GDPR permits controllers to process personal information if one (or more) of the following six lawful processing purposes applies:[1]

  1. Consent. A company may process personal information if it collects

Join Greenberg Traurig attorneys and in-house counsel Sept. 20, 2023, for a day of CLE panels and lectures focused on the latest risks companies should focus on. Each session will present practical guidance on cutting-edge issues to help counsel materially reduce risk right now, while discussing what’s next. This in-person summit will address a

Most modern U.S. state data privacy laws exempt from their definition of personal information “publicly available information.” What constitutes publicly available information differs between state privacy laws and may not correlate to the lay definition understood by many businesses and individuals. For example, while some businesses may consider information that is available on the internet

Most modern U.S. data privacy statutes require companies to allow data subjects to opt out of having their personal information (PI) used for targeted advertising. As the following chart indicates, the term “targeted advertising” is defined consistently between and among most state statutes with the notable exception of the California Consumer Privacy Act (CCPA) and

The term “targeted advertising” is defined relatively consistently between and among modern U.S. data privacy statutes with the notable exception of California which deviates somewhat in the California Privacy Rights Act’s (CPRA) definition of the similar term “cross-context behavioral advertising” by omitting any reference to tracking a person over time or making predictions about a

In September 2021, Quebec’s Parliament passed Law 25 (formerly Bill 64), which significantly overhauled the Act Respecting the Protection of Personal Information in the Private Sector. Law 25 imposes several new obligations on enterprises who do business in Quebec, which obligations have periodically gone into effect since the enactment of Law 25.

Click here for