Healthcare and Privacy News

on September 3, 2025 at 10:13 am

In a 2-1 ruling, the U.S. Court of Appeals for the District of Columbia reinstated Federal Trade Commissioner Rebecca Kelly Slaughter to her position after she was removed by the Trump administration, The New York Times reports. The panel of judges noted the administration terminated Slaughter without cause rather than the required threshold of “inefficiency, neglect of duty, or malfeasance in office.” The judges wrote the administration’s attempts to block Slaughter from reassuming her position had “no prospect of success.”Full story

on September 3, 2025 at 10:06 am

A potential threat to the EU-U.S. Data Privacy Framework was turned back by the European General Court, which dismissed a challenge to key aspects of the data transfer agreement. The decision brings stability and reassurance to trans-Atlantic data flows, but U.S. developments concerning the DPF and broader EU-U.S. relations could factor in to a potential appeal. IAPP News Editor Joe Duball has the details.Full story

on September 3, 2025 at 9:44 am

The U.S. District Court for the District of Columbia ruled in Google’s search antitrust lawsuit that the company must share some search data with rival companies, but stopped short of imposing major penalties on the company, such as requiring it to sell off its Chrome browser, The New York Times reports. Meanwhile, closing arguments were made in a USD30 billion U.S. class-action lawsuit, in which plaintiffs alleged Google continued to track their browsing activity after they opted out of app tracking, Courthouse News Service reports.Full story

on September 3, 2025 at 9:42 am

The U.S. Federal Trade Commission announced Disney agreed to pay a USD10 million settlement to resolve claims the company violated the Children’s Online Privacy Protection Act by allowing nonconsensual collection of children’s personal data when they viewed “kid-directed” videos on YouTube. Under the proposed settlement order, Disney will be required to change how it labels children-specific content. A Disney spokesperson told the IAPP the settlement “does not involve Disney owned and operated digital platforms but rather is limited to the distribution of some of our content on YouTube’s platform.”Full story

on September 3, 2025 at 9:40 am

Baptista Luz Advogados Partner Fernando Bousso, CIPP/E, CIPM, CDPO/BR, FIP, and Associate Attorney Matheus Botsman Kasputis analyze a bill passed by Brazil’s Senate to create safeguards for children in digital environments. Bousso and Kasputis outline what the law would entail, including scope and notable requirements, and what sanctions could be imposed if it is enacted.Full story

on September 3, 2025 at 9:12 am

A group of U.S. Senate Republicans are asking Meta CEO Mark Zuckerberg to explain how his company uses its products to target teenagers based on their emotional state and alleged violations of the Children’s Online Privacy Protection Act. The letter requested Meta show it is complying with the law, what safeguards it has to protect teenagers from bullying or providing personal information to adults and other protective measures.Full story

on September 3, 2025 at 9:11 am

Israel’s Privacy Protection Authority is seeking public comment on draft regulations determining when the agency can issue a warning in lieu of a financial sanction when there is a violation of the Protection of Privacy Law. The regulations are part of a greater overhaul of the country’s privacy framework.Full story

on September 3, 2025 at 9:04 am

The potential effect of a U.S. age verification law similar to the U.K. Online Safety Act has raised concerns about free speech and individuals’ ability to remain anonymous online, Rolling Stone reports. Electronic Frontier Foundation Legal Fellow Molly Buckley said, despite warnings to not share personal information online, children’s privacy regulations are “trying to protect kids by asking them to share their face and ID, and possibly their parents’ faces and credit cards, to the biggest tech companies out there.”Full story

on September 3, 2025 at 9:02 am

Denmark’s Western High Court fined furniture company ILVA DKK1.5 million for alleged EU General Data Protection Regulation violations after Denmark’s data protection authority, Datatilsynet, launched an investigation into the company’s data protection standards. Datatilsynet Director Cristina Angela Gulisano said the court’s decision is important “because it establishes that management’s knowledge of actual circumstances — about processing that is in breach of data protection rules — makes it an intentional violation of the rules.”Full story

on September 3, 2025 at 9:00 am

The U.K. Information Commissioner’s Office launched a consultation to obtain feedback on its proposed framework for complaint handling and determining appropriate enforcement actions. The framework aims to help the ICO determine how it should investigate certain complaints and streamline appropriate enforcement measures for organizations. Stakeholders can provide feedback on the framework until 31 Oct. Full story

on September 2, 2025 at 9:50 am

Euractiv reports European Commission Executive Vice President for Tech Sovereignty, Security and Democracy Henna Virkkunen sent an open letter to U.S. Rep. Jim Jordan, R-Ohio, defending EU digital regulations, such as the Digital Services Act and the Digital Markets Act. Jordan scheduled a 3 Sept. House Committee of the Judiciary hearing focused on claims that the DMA and the DSA unfairly target U.S.-based technology companies. In her letter, Virkkunen said the DMA and DSA were “sovereign legislation” of the EU.Full story

on September 2, 2025 at 9:40 am

Australia’s government released its final report on its age assurance technology trial. The report reviewed more than 60 technologies from 48 vendors and found them to be effective at preventing children from accessing harmful content online. The report breaks the potential identity solutions down to three main categories: age verification, age estimation and age inference. Editor’s note: IAPP Staff Writer Alex LaCasse explored approaches to age assurance in Australia and other jurisdictions.Full story

on September 2, 2025 at 9:39 am

The U.K. Information Commissioner’s Office finalized guidance on encryption under the U.K. General Data Protection Regulation. The guidance includes definitions on encryption and data protection, how to store encrypted data and how to securely transfer it. It also offers explanations for how to implement encryption and scenarios that require its application.Full story

on September 2, 2025 at 9:35 am

Denmark’s data protection agency, Datatilsynet, broke down its annual report on personal data breach statistics to include more granular detail on incidents in the public sector and unintended events. The agency also gave the option for the report’s raw data to be downloaded.Full story

on September 2, 2025 at 9:30 am

Oregon Attorney General Dan Rayfield released a report looking at his office’s first year of action under the Oregon Consumer Privacy Act, which took effect last July. The office fielded 214 complaints, most of which focused on online data brokers and challenges around getting requested data deleted. The report spurred reminders to covered entities to honor consumer requests for a list of third parties holding an individual’s data and consider “back end” data that needs to be included in copy or deletion requests.Full story