On April 11, the Department of Justice issued an extensive set of FAQs on its Bulk Data Access Rule and advised that it “will not prioritize civil enforcement actions against any person for violations” of the Rule through...more
It’s been a week since the Trump administration fired FTC Commissioners Slaughter and Bedoya because their “continued service on the FTC is inconsistent with . . . administration priorities.” In the days since, we’ve been...more
On March 12, 2025, the California Privacy Protection Agency (CPPA) announced a settlement with American Honda Motor Co., resolving allegations that the company violated the California Consumer Privacy Act (CCPA) and requiring...more
3/17/2025
/ Automotive Industry ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Enforcement Actions ,
Honda ,
Personal Information ,
Statutory Violations
In recent months, the California Privacy Protection Agency (CPPA) has stepped firmly into a role as the nation’s leading data broker regulatory and enforcement agency....more
As its first policy initiative under Chair Andrew Ferguson, the FTC announced a Request for Information (RFI) “to better understand how technology platforms deny or degrade users’ access to services based on the content of...more
2/24/2025
/ Antitrust Provisions ,
Big Tech ,
Enforcement Actions ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Online Platforms ,
Request For Information ,
Rulemaking Process ,
Section 5 ,
Social Media ,
Unfair or Deceptive Trade Practices
A New York health privacy law has moved quickly through both chambers of the state legislature and is up for review by Governor Kathy Hochul. The New York Health Information Privacy Act (“NYHIPA”) bears striking resemblance...more
Data brokers who are registering with the California Privacy Protection Agency (CPPA) this month should prepare to provide full metrics about their responses to privacy rights in calendar year 2023....more
The California Privacy Protection Agency’s (CPPA) new data broker regulations took effect on December 27, 2024. They are now in effect during the CPPA’s annual data broker registration period, which lasts from January 1 to...more
With the new year just around the corner and eight new privacy laws coming online next year, December is an excellent time for companies to assess their data collection and processing practices, and take stock of any changes...more
On November 8, the California Privacy Protection Agency (CPPA) voted 5-0 to approve new regulations to implement the DELETE Act of 2023. The most noteworthy development was the agency’s adoption of a new definition of...more
Join Kelley Drye privacy attorneys for an upcoming webinar, "Privacy and AI in the Trump 2.0 Era." This session will explore the potential shifts in privacy regulation and AI oversight with the new administration, including...more
The California Privacy Protection Agency (CPPA) has signaled it will advance rulemaking at its upcoming November 8 board meeting to place restrictions on the use of automated decision-making technology (ADMT) and impose new...more
On July 29, 2024, the FTC’s revised Health Breach Notification Rule (HBNR) takes effect. The Rule requires vendors of personal health records (PHRs) and related entities not covered by HIPAA to notify individuals, the FTC,...more
U.S. privacy developments are moving quickly, but health data privacy is racing forward. Companies that come into contact with consumers’ health data need to track and respond to a variety of developments. Most notably, these...more
New Jersey and New Hampshire are the first states out of the gate in what promises to be another busy year in state privacy legislation.
On January 16, New Jersey Governor Phil Murphy signed the New Jersey Data Privacy...more
While the California Privacy Protection Agency (CPPA) Board’s attention during its December 8 public meeting was mainly focused on preliminary draft regulations on automated decisionmaking technology (ADMT), risk assessments,...more
With the continuing onslaught of state privacy laws, it’s easy to become overwhelmed by the number of new legal obligations while also trying to stay focused on identifying and mitigating the most pressing legal and business...more
Two years ago this month, the state of Colorado joined California and Virginia in the passage of broad consumer protection legislation when the Colorado Privacy Act (CPA) was signed into law....more
Google updated its privacy terms earlier this month, shifting away from offering many of its advertising services on a “service provider” basis. With the change, Google states that its Customer Match, Audience Partner API,...more
The FTC took unprecedented action yesterday when it moved to impose what it describes as a “blanket prohibition” preventing the company from monetizing young people’s data. The FTC contends that this prohibition is warranted...more
Absent a veto by Governor Jay Inslee, My Health My Data (MHMD) will become law and go into effect on March 31, 2024. While the 2023 state legislative season may see the addition of four comprehensive privacy laws (Iowa,...more
Indiana’s Consumer Data Protection Act advanced in the state legislature last week and now heads to Governor Eric J. Holcomb’s desk. The bill mirrors comprehensive privacy legislation enacted in Virginia, Utah, and Iowa,...more
If Iowa Governor Kim Reynolds signs Senate File (SF) 262, the Hawkeye State will become the sixth state to adopt a comprehensive consumer privacy law. Iowa’s House and Senate have both passed Senate File 262 unanimously. If...more
For the second time in as many months, the Federal Trade Commission (FTC) last week announced a settlement alleging that a company’s the use and disclosure of consumers’ health information for online advertising violated the...more
The Federal Communications Commission (“FCC” or “Commission”) is seeking comments on a Notice of Proposed Rulemaking (NPRM) to refresh its customer proprietary network information (“CPNI”) data breach reporting requirements...more