Both emerging and established companies turn to Brad to assist with data privacy law matters ranging from compliance and risk mitigation to data breaches, including U.S. and international compliance issues; privacy program development, implementation, and maintenance; due diligence, privacy impact assessments, and vendor management; and breach/incident response.

Keypoint: The Minnesota bill contains several unique requirements and provisions, including a novel right to question the result of a profiling decision, privacy policy provisions that increase interoperability with existing state laws, and new privacy program requirements such as a requirement for controllers to maintain a data inventory.

On May 19, the Minnesota legislature passed the Minnesota Consumer Data Privacy Act (HF 4757 / SF 4782). The bill, which is sponsored by Representative Steve Elkins, was passed as Article 5 of a larger omnibus bill. The bill next moves to Governor Tim Walz for consideration.

The Minnesota bill largely tracks the Washington Privacy Act model but with some significant and unique variations. For example, the bill creates a novel right to question the result of a profiling decision and have a controller provide additional information regarding that decision. It also contains privacy policy requirements that are intended to increase interoperability with other state consumer data privacy laws. Further, the bill contains provisions requiring controllers to maintain a data inventory and document and maintain a description of policies and procedures the controller has adopted to comply with the bill’s provisions. We discuss those requirements and provisions, along with others, in the below article.

As with prior bills, we have added the Minnesota bill to our chart providing a detailed comparison of laws enacted to date. Continue Reading Minnesota Legislature Passes Consumer Data Privacy Act

Keypoint: The European Parliament voted to approve the EU’s Artificial Intelligence Act and it will enter force 20 days after publication in the EU Official Journal.

On March 13, 2024, the European Parliament voted to approve the European Union’s Artificial Intelligence Act (commonly referred to as the EU AI Act). The vote, originally scheduled for April of 2024, was moved up by one month after all relevant parties reached agreement on the text of the Act. Following this final vote, the EU AI Act will “enter into force” 20 days after publication in the EU Official Journal, which typically occurs within a few days of an affirmative vote and starts the relevant compliance timelines within the EU AI Act.Continue Reading EU Parliament Approves EU AI Act

Key Point: The European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework, which allows certain businesses to transfer data from the EU to the U.S. without the need for additional transfer mechanisms. 

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“Privacy Framework”). This decision declared that United States companies that self-certify under the Privacy Framework will be deemed to provide an adequate level of data protection, which removes the requirement for those companies to implement additional safeguards when transferring data from the EU to the U.S. These safeguard requirements have been standard for decades but have been most recently required under the General Data Protection Regulation (“GDPR”).Continue Reading Adoption of EU/U.S. Data Privacy Framework

Keypoint: The AI Act is the first legislation of its kind and is expected to have a significant impact on companies globally.

The European Parliament recently voted in favor of the Artificial Intelligence Act (“AI Act”) with overwhelming majority. Once finalized, the AI Act will have widespread impact for entities using artificial intelligence (“AI”) in their business operations. Similar to the European Union’s (“EU”) General Data Protection Regulation, the AI Act will apply extraterritorially to providers placing on the market or putting into service AI systems in the EU, irrespective of whether those providers are established in the EU or in a third country.

The AI Act is dense and expansive. For entities looking for an introduction to the topic, below we provide a brief overview of the current legislation, as well as what you can expect procedurally as the AI Act progresses toward final passage.Continue Reading An Introduction to the EU AI Act