The Personal Data Protection (Amendment) Bill 2024 (“PDPB”) was at last passed by the Malaysian Parliament at the end of July. After Royal Assent and publishing, it will become law (on a date to be determined by the Minister of Digital to be specified in the Gazette). The PDPB introduced several changes intended to better align Malaysia’s 2010 Personal Data Protection Act with global standards.
Continue Reading Malaysian Parliament Passes Personal Data Protection (Amendment) Bill 2024Illinois Legislative Update: BIPA Reform Bill Reducing Damages Approved by Illinois House, Awaiting Governor’s Signature

This blog post was cross-posted from Seyfarth’s Consumer Class Defense site.
In a significant legislative development, the Illinois House of Representatives has overwhelmingly approved Senate Bill 2979, with a vote of 81 to 30, which amends the Illinois Biometric Information Privacy Act (BIPA) to limit damages to one violation per individual, rather than each instance their biometric information is captured, collected, disclosed, redisclosed, or otherwise disseminated. The bill also amended the definition of “written release” to include an electronic signature.
Last month, we reported on the Illinois Senate’s passage of the bill by a vote of 46 to 13. This legislative move is a direct response to the Illinois Supreme Court’s 2023 decision in Cothron v. White Castle. The Court ruled that under BIPA, a claim accrues each time an individual’s biometric information is captured or collected. This decision highlighted the urgent need for legislative clarity, as White Castle argued that it could face damages exceeding $17 billion if each of its employee’s time clock scans were found to recklessly or intentionally violate BIPA. Recognizing the potential for such devastating liability, the Court called on the Illinois legislature to act.
In its original form, BIPA stated that an individual may be entitled to $1,000 or actual damages for each negligent violation, or $5,000 or actual damages for each reckless or intentional violation. The newly passed bill amends Sections 15(b) and 15(d) of BIPA to state that an “aggrieved person is entitled to, at most, one recovery under this Section.”
Having cleared both legislative chambers, the bill is now headed to Governor Pritzker for his signature.
If you have any questions about how this BIPA amendment may impact your business practices, please do not hesitate to contact your trusted Seyfarth Shaw advisor.
Practical Insights from China on the Newly Issued Provisions on Cross-Border Data Transfer
On March 22, 2024, following nearly six months after the publication of the Provisions on Promoting and Regulating Cross-border Data Flows (Draft for Solicitation of Comments), the Cyberspace Administration of China (“CAC”) officially released the Provisions on Promoting and Regulating Cross-border Data Flows (“the Provisions”), which came into immediate effect. In accordance with the Provisions, CAC has also issued the “Guidelines for Data Export Security Assessment Declaration (Second Edition)” and the “Guidelines for Filing Standard Contracts for Personal Information Export (Second Edition).”
Continue Reading Practical Insights from China on the Newly Issued Provisions on Cross-Border Data TransferUpcoming Event! Seyfarth Privacy Salon: Roundtable on Cross-Border Data Transfers, Privacy, and Cybersecurity
Address
Seyfarth Shaw Hong Kong Office
Suite 3701 & 3708-3710, 37F
Edinburgh Tower, The Landmark
15 Queen’s Road Central
Central, Hong Kong
Tuesday, 21 May 2024 (HKT)
8.30 – 9.00 a.m. Check-in and Breakfast
9.00 – 10.00 a.m. Roundtable
10.00 – 10.30 a.m. Refreshments
Breakfast will remain available during the roundtable
Cost
There is no cost to attend, but registration is required.
About the Programme
In recent years, privacy and cybersecurity consistently hit the top of legal leaders’ lists of their biggest concerns. In fact, a recent Association of Corporate Counsel Chief Legal Officers Survey found that, when rating a list of items on their importance to the business, CLOs placed cybersecurity, regulation and compliance issues, and data privacy as the top three most critical issues for the business.
Continue Reading Upcoming Event! Seyfarth Privacy Salon: Roundtable on Cross-Border Data Transfers, Privacy, and CybersecurityHHS Strengthens HIPAA Rules to Protect Reproductive Health Privacy
Seyfarth Synopsis: This past Monday, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) issued its final rule aimed at strengthening the HIPAA Privacy rules as they are applied to reproductive health data.
On the heels of the release of the 2022 US Supreme Court decision in Dobbs v. Jackson Women’s Health Organization, the Biden Administration directed the Federal agencies to examine what they could do to protect women’s health and privacy. Shortly thereafter, HHS released guidance under HIPAA related to reproductive health care services under a health plan, focusing on information required to be disclosed by law, for law enforcement purposes, and to avert a serious threat to health or safety (see our earlier Alert here). Then, in April 2023, HHS issued proposed modifications to the HIPAA Privacy Rule aimed at these concerns. A year later, the agency finalized those rules on April 22, 2024 – the Final Rule.
Continue Reading HHS Strengthens HIPAA Rules to Protect Reproductive Health PrivacyUpcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital Age
Tuesday, May 28
1:00 p.m. to 2:00 p.m. Eastern
12:00 p.m. to 1:00 p.m. Central
11:00 a.m. to 12:00 p.m. Mountain
10:00 a.m. to 11:00 a.m. Pacific
About the Program
In today’s ever-evolving and interconnected world, trade secret protection demands proactive measures against both technological vulnerabilities and human threats. Join us for the fourth installment of our 2024 Trade Secrets Webinar Series, where our panel of seasoned trade secrets and cybersecurity attorneys will equip you with practical strategies to bolster your defenses.
Continue Reading Upcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital AgeSurprising Plot Twist: The European Data Protection Supervisor Reprimands the European Union for its use of Microsoft 365
The European Union (EU)’s government organizations are just like any another entity trying to function in a world where global companies and even government entities are reliant on digital platforms for messaging and collaboration. For years, there has been debate about how platforms like Microsoft 365, formerly Office 365, could be deployed in a way that complies with the GDPR processing and transfer restrictions. And it turns out that even the European Commission (EC) itself can apparently get it wrong. In a surprising turn of events earlier this month, the European Data Protection Supervisor (EDPS) concluded its nearly three year investigation into the Commission’s own deployment and use of Microsoft 365, signaling a pivotal moment in the conversation about the GDPR privacy and security requirements for cloud-based messaging and document collaboration platforms.
Continue Reading Surprising Plot Twist: The European Data Protection Supervisor Reprimands the European Union for its use of Microsoft 365Privacy In Focus: BIPA’s Current Landscape and the Crucial Role of Statutory Exemptions

This blog is cross-posted on the Consumer Class Actions blog site as well.
Throughout much of 2023, businesses found themselves in a challenging position as they continued to grapple with defending against Illinois Biometric Information Privacy (BIPA) class action lawsuits. The year began on a somber note with the Illinois Supreme Court delivering unfavorable decisions on two pivotal threshold matters. However, rays of hope emerged when the same court issued two favorable decisions, one affirming union preemption, and another concerning medical exemptions under BIPA. These welcomed developments provided a reprieve for businesses contending with the longstanding challenges posed by the statute. As we navigate the complexities of BIPA, it becomes crucial for businesses to recognize and consider the various exemptions embedded within the legislation—many of which have proven effective in legal defenses over the past few years.
Continue Reading Privacy In Focus: BIPA’s Current Landscape and the Crucial Role of Statutory ExemptionsIs the Video Privacy Protection Act Losing its Allure?
This blog has been cross-posted on the Consumer Class Defense site.
Anyone following trends in consumer class action litigation will know that consumer privacy was a primary focus of the plaintiff’s bar in 2023. And there are no signs this uptick in consumer privacy claims is slowing any time soon. Although the claims center around use of tracking technology or analytics functions on consumer facing websites, several different statutes and claims have been asserted, including violations of state wiretap statutes and the Video Privacy Protection Act (“VPPA”).
Although these cases are largely at the motion to dismiss stage, and therefore there is little insight into how certain key defenses will play out, some recent decisions surrounding VPPA claims have shifted the landscape in certain defendant’s favor.
Continue Reading Is the Video Privacy Protection Act Losing its Allure?Wellness Apps and Privacy
Employers looking to enhance their suite of employee benefit programs, and focused on lessons learned during the pandemic on wellbeing, are interested in providing greater access to wellness tools. And, the vendors who support those tools are more than happy to provide them. Global spend in the health and wellness market would be around $24.8 billion in 2023 according to a study by Kilo Health. Wellness apps and wearables abound in all sorts of areas — from counting steps to nutrition to mental health to physical fitness to financial fitness. These tools are relatively inexpensive to provide and easily accessible to the workforce – many times with just a simple download to a smartphone. And, best of all they’re completely private with no middle man, and only the employee seeing their own data and progress. Right? Well — not so fast.
Continue Reading Wellness Apps and Privacy