Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe.
To read more issues of Katten's Privacy, Data and Cybersecurity Quick Clicks, please click here.
Key Highlights of India's Draft Digital Personal Data Protection Rules, 2025
By Trisha Sircar and Catherine O'Brien
On January 3, India's Ministry of Electronics and Information Technology (MeitY) released the Draft Digital Personal Data Protection Rules, 2025 (Draft Rules), for public comment. The primary aim of these Draft Rules is to operationalize the 2023 Digital Personal Data Protection Act (the Act) and ensure robust protection and privacy of personal data in the digital realm. Read more about the most notable provisions of the Draft Rules.
CFPB Issues Order for Financial Data Exchange to Issue Standards under CFPB's Personal Financial Data Rights Rule
By Trisha Sircar
On January 8, the Consumer Financial Protection Bureau (CFPB) issued an order recognizing Financial Data Exchange, Inc. (FDX) as a standard-setting body under the CFPB's Personal Financial Data Rights rule. The order of recognition is the first to be issued under the rule. The Personal Financial Data Rights rule, released in October 2024, requires financial institutions, credit card issuers and other financial providers to unlock an individual's personal financial data and transfer it to another provider at the consumer's request for free. The CFPB established a formal application process outlining the qualifications to become a recognized industry standard-setting body, which can issue standards that companies can use to help them comply with the CFPB's rules. The CFPB also issued updated procedures for companies seeking special regulatory treatment, such as through "no-action letters." Read more about FDX and the qualifications it needed to demonstrate to become a recognized industry standard-setting body.
FTC Finalizes Changes to Children's Privacy Rule
By Trisha Sircar
On January 16, the Federal Trade Commission (FTC) issued a press release confirming that it has finalized changes to the Children's Online Privacy Protection Rule (COPPA Rule). These changes will set new requirements around the collection, use and disclosure of children's personal information and give parents new tools and protections to help them control what data is provided to third parties about their children. Read more about the amendments to the COPPA Rule, which will soon be published in the Federal Register.
DORA Takes Effect: Key Next Steps for Firms
By Nathaniel Lalone and Ciara McBrien
After a two-year implementation period, the EU Digital Operational Resilience Act (DORA) takes effect on January 17. DORA is part of the European Union's Digital Finance Package and aims to strengthen the financial sector's ability to withstand and recover from operational disruption. Despite DORA coming into effect, many financial entities and information communication and technology (ICT) third-party service providers (TPPs) continue to work towards DORA compliance. Read more about the requirements that financial entities will need to comply with following January 17.
