.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
Until the U.S. government passes a federal data privacy law, I expect I’ll have to write several more newsletter introductions like this one:
Two more U.S. states have passed their own data privacy laws!
New Jersey and New Hampshire have become the 13th and 14th states to pass their own privacy laws, although New Hampshire’s law has yet to officially receive the governor’s signature as of this writing. With that, we’re welcoming the NJDPA and SB 225 to the family (once New Hampshire’s law is enacted I’m sure they’ll give it a snappier name like the NHCPA or NHPIA or something along those lines).
We’ve included links to write-ups on both laws in this week’s newsletter, but keep an eye out for our own Osano summaries in the near future. And for those of you wondering why we’re calling these the 13th and 14th state laws respectively rather than the 14th and the 15th—Florida’s data privacy law is targeted to very large enterprises only, so it’s something of a different beast compared to the other state privacy laws. For that reason, we and others typically exclude it from the count of comprehensive state data privacy laws.
Stay tuned!
Arlo
P.S. Have you reserved your seat for our upcoming webinar on CPRA enforcement? The CPRA is finally fully enforceable as of March 29, 2024, so we’re hosting a webinar to clear up any lingering uncertainties around your compliance responsibilities. The webinar takes place next week, Thursday, February 1st @ 1 pm EST, 10 am PST. Reserve your seat here!
.png?width=800&height=450&name=Legalweek%20CTA%20(2).png)
Top Privacy Stories of the Week
New Hampshire Legislature Passes Comprehensive Data Privacy Law
Recently, the New Hampshire state legislature passed Senate Bill 255, nearly making the state the 14th to enact a comprehensive data privacy law. The bill still requires enrollment and action thereafter from Gov. Chris Sununu. Following enactment, SB 255 will take effect 1 Jan. 2025.
New Jersey Becomes 13th State to Enact a Comprehensive State Privacy Law
On January 16, 2024, Governor Phil Murphy signed into law Bill 332, making New Jersey the 13th state with a comprehensive state privacy law. The law is set to take effect in January 2025. Hunton Privacy Blog provides more details on the new law.
EU, U.S. Near Deal on Police Access to Online Data
Despite longstanding concerns over privacy and civil rights, a new agreement may soon give EU police access to personal data from U.S.-based digital platforms. Currently, EU police must go through U.S. authorities to gain digital information from these platforms under a 2010 mutual legal assistance treaty, but law enforcement agencies have complained that the process takes too long (~10 months on average). The new deal would rapidly expedite this process, but privacy advocates worry that some European countries with a poor track record on the rule of law could misuse the new powers in ways that limit freedom of speech or political opinion.
Amazon Fined For 'Excessive' Surveillance of Workers
France's data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), recently fined Amazon France Logistique 32 million euros for allegedly over-surveilling its warehouse employees and keeping data of their actions for longer than was deemed necessary. In a statement to the BBC, the company said CNIL's findings were "factually incorrect" and that its practices are part of an "industry standard.”
Global Data Protection Authorities Plan Dark Patterns Investigation
The Global Privacy Enforcement Network will conduct an investigation of websites with deceptive design models, or so-called dark patterns. The sites will be judged based on the clarity of their texts and the design of their interfaces to see if they are influencing users to make harmful choices with their personal data. (Source in Italian).
Osano Blog: 9 Dark Pattern Examples to Look Out For
What exactly is a “dark pattern” anyhow? How do you know whether you’ve accidentally committed an act of deceptive design? In this blog, we discuss nine, evidence-based dark patterns that are especially relevant when it comes to data privacy and consent.
If you’re interested in working at Osano, check out our Careers page!