By Cameron Cantrell and Kate Black
On March 12, 2025, the Fourth Circuit Court of Appeals ruled that (1) the information blocking prohibition in the federal 21st Century Cures Act (“Cures Act”) was plausibly violated when an Electronic Health Record (EHR) provider blocked bot access to its systems without sufficient justification, and (2) this violation may support a Maryland state law unfair competition claim, despite the Cures Act not having its own private right of action. This decision notably appears to be the first Circuit Court decision concerning the information blocking prohibition and, for parties subject to the rule, raises the risk that information blocking may be enforceable through a de facto state privacy right of action.
Read MoreBy Felicity Slater and Kate Black
The Maryland Online Data Privacy Act (“MODPA” or the “Act”), which takes effect October 1, 2025, establishes a set of novel requirements that will have a particular impact for companies operating in the health and wellness sectors.
Read MoreHintze Law and its lawyers have once again been recognized in Chambers & Partners for expertise in Privacy and Data Security in the 2025 Chambers Global Guide. These recognitions include Hintze Law’s fifth year being ranked as an Elite Law Firm for Privacy and Data Security as well as the firm’s second year receiving recognition for Privacy and Data Security: Healthcare.
Read MoreBy Mike Hintze and Felicity Slater
Last year, we wrote about a proposed New York State law that would have significant impacts for entities that process health and wellness related data. That bill failed to pass before the 2024 legislative session ended. But today, in the early days of the 2025 session, the New York State legislature has passed Senate Bill S929 (SB S929), which is essentially unchanged from last year’s bill.
Read MoreBy Jennifer Ruehr
Many of us are returning to work this month with New Year’s resolutions, predictions, and lists top of mind, and top of inbox. As I turn back to work, I’m thinking ahead to how U.S. laws and regulations are going to impact my clients from a workforce perspective. Here’s what is top of mind for me right now:
Fair Credit Reporting Act
State law AI requirements
Biometrics in the workplace
Genetic data risk
Workplace monitoring
Read MoreBy Emily Litka
On December 18th, in response to a request from the Irish Supervisory Authority (“SA”), the European Data Protection Board (the “EDPB”) published an opinion (the “Opinion”) on the application of the GDPR to certain aspects of AI model development and deployment.
Read MoreWe are pleased to share that Hintze Law has been recognized for excellence in Information Technology Law and Technology Law in the 2025 edition Best Law Firms® rankings. The firm has been ranked in these areas both nationally and in the Seattle area.
Read MoreBy Emeka Egwuatu
Our latest snapshot of recent privacy law developments from around the world.
Read MoreBy Charlotte Lunday
On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. The VCDPA, which takes effect January 1, 2023, will look familiar to those who work with the GDPR and California’s Consumer Privacy Act and Privacy Rights Act (CCPA and CPRA, respectively). Companies that have already invested in GDPR and CCPA/CPRA compliance will find that most VCDPA obligations are similar to what they have already addressed in some form for Europe and California. But the new Virginia law also contains some novel provisions, such as excluding a broad range of “publicly available information” from the definition of personal data, contractual requirements for sharing de-identified data, and establishing an appeals process for data rights requests.
Read MoreBy Smriti Chandrashekar
On October 23, 2017, the U.S. Federal Trade Commission (“FTC”) issued guidance on the online collection of certain audio voice recordings from children under the age of 13. The guidance, in the form of an “enforcement policy statement” discusses the application of the Children’s Online Privacy Protection Act (“COPPA”) to such recordings.
Read MoreThe FTC has updated its Children's Online Privacy Protection Act (COPPA) FAQs providing new guidance regarding verifiable parental consent, including an alternative method of verification, clarifying ability of operators to use third parties to obtain consent; and the potential liability of those third parties consent providers.
Read More
