Privacy & Cybersecurity in Canada, the US and the EU
This is a monthly bulletin published by the National Privacy and Cybersecurity team at Fasken. The information contained herein includes noteworthy news, topics, discussions and cases in the privacy & cybersecurity landscape. If you have any questions about any of the topics discussed, please reach out to our friendly Fasken Privacy and Cybersecurity team.
Canada
Federal Privacy Commissioner Launches Investigation Into Ticketmaster Breach
On July 31, 2024, the Privacy Commissioner of Canada announced that it has launched an investigation into Ticketmaster Canada following the alleged cybersecurity incident that impacted millions of consumers worldwide. The investigation will examine Ticketmaster’s privacy practices and security safeguards to determine if they complied with breach notification requirements.
United States
Rhode Island Passes a Consumer Privacy Act
On June 25, 2024, Rhode Island passed the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA). The Act will take effect on January 1, 2026. This law follows a similar format to other US consumer privacy laws, but with some differences. Organizations doing business in Rhode Island should take note of the law prior to its effective date to familiarize themselves with any additional compliance obligations.
Senate Passes Kids Online Safety Act and COPPA 2.0
On July 27, 2024, the Senate, by an overwhelming majority, passed a pair of children’s online safety bills, including the Kids Online Safety Act and Children and Teens Online Privacy Protection Act (COPPA 2.0). These bills are labelled as the most significant action the US Congress has taken to regulate social media’s impact on children and teens. The House is yet to decide on the bill, but President Biden has encouraged the House to send the legislation to his desk ‘without delay’. Any online platforms that impact children and teens in the US should keep an eye on the progress of these bills.
New York Attorney General Publishes Guidance on Website Privacy Controls
In July 2024, the New York Attorney General published a guide for businesses on website privacy controls, focusing on technologies used to track individual browsers, such as cookies, pixels and tags. Although New York has not implemented a state consumer privacy law like California and other states, the Attorney General takes the position that a business’s privacy practices and notices are still subject to consumer protection laws. The guide provides some useful tips for any businesses looking to strengthen their website notices and use of cookies.
Minnesota Passes Consumer Privacy Laws
The Minnesota governor passed the Consumer Data Privacy Act on May 24, 2024, joining the six other states that passed consumer privacy laws in 2024. The law takes effect on July 31, 2025, and applies to organizations that conduct business in the state of Minnesota. Businesses have time to prepare for compliance with the law before it comes into effect.
Europe
European Artificial Intelligence Act Takes Effect
On August 1, 2024, the European Artificial Intelligence Act entered into force. It aims to ensure trustworthy AI in the EU and protects fundamental rights. The Act seeks to harmonize the EU's AI market, encouraging innovation and investment. Member states have until August 2, 2025, to designate authorities to enforce the rules. Most rules apply from August 2, 2026, but prohibitions on high-risk AI start after six months, and rules for general-purpose AI models after 12 months.
In Case You Missed It!
The Fasken Privacy and Cybersecurity group published the following articles recently, that might be of interest.
