Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
The following is sufficient consent for the Video Privacy Protection Act and the California Invasion of Privacy Act, according to a recent decision in the U.S. District Court for the Northern District of California....more
If you are “tester” who actively seeks out privacy violations and files lawsuits to ensure legal compliance (as many class action lawsuit plaintiffs are), you do NOT have Article III standing to sue, according to a recent...more
4/8/2025
/ Article III ,
California ,
CIPA ,
Class Action ,
Data Collection ,
Invasion of Privacy ,
Motion to Dismiss ,
Privacy Laws ,
Privacy Policy ,
Standing ,
Websites
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
1/31/2025
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gambling ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
UK ,
UK GDPR
To paraphrase Animal Farm, all pixels are not created equal, but some pixels are more privacy invasive than others. Here are some recent points I made during a presentation to some of my firm’s litigators:...more
I recently sat down with the Restaurant Technology Network to discuss some of the many concerns people have regarding chatbots, and the legislation that governs them. Here are some of the key points we talked about:...more
What are we discussing with our clients who have children-facing products following some new/recent Federal Trade Commission enforcement actions? Here are some key takeaways:...more
There is no exemption for AI when it comes to consumer facing applications, the Federal Trade Commission recently stressed in a blog post. Key points:
•Quietly changing the terms of service agreements could be unfair or...more
U.S. Secretary of Transportation Pete Buttigieg recently announced the Department of Transportation (DOT) would undertake a privacy review of the nation’s ten largest airlines. Specifically, they will look at their policies...more
A cookie is not just a cookie, according to the European Data Protection Board. It’s also similar technologies, and access and Internet of Things (IOT). Here are some key takeaways you need to know from the EDPB’s draft...more
The California Privacy Protection Agency is currently in the middle of multiple, undisclosed investigations, according to the agency’s executive director, Ashkan Soltani....more
Providers in the mobility space take note. The Estonian Data Protection Inspectorate, Andmekaitse Inspektsioon, conducted a short term vehicle rental sweep that could be important in light of a declared connected vehicle...more
The New York State Senate is considering a bill that would restrict employers and employment agencies (collectively referred to as “employers”) from electronically monitoring New York employees or using automated employment...more
8/25/2023
/ Audits ,
Automated Decision Systems (ADS) ,
Bias ,
Data Collection ,
Data Retention ,
Data-Sharing ,
Employee Monitoring ,
Federal Trade Commission (FTC) ,
New York ,
State Attorneys General ,
Transparency
The Consumer Financial Protection Bureau (CFPB) on Tuesday said it intends to propose a rule that would apply the Fair Credit Reporting Act to data brokers and other companies that collect, resell, aggregate, and license...more
The Virginia legislature is considering looking at amending the state’s Consumer Data Protection Act to expand protections related to children’s data. Some key points in the bill:
•Child defined as under 18, not 13-...more
If your website, app or game targets kids (or sort of targets kids) and you haven’t been taking your obligations under the Children’s Online Privacy Protection Act of 1998 seriously, then maybe this will be the wake-up call...more
You need a data retention plan. No really.
And not just in the European Union. In California too.
Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform Discord 800,000 EUR for (non...more
What does the summary judgment granted to Linkedin in the famous Linkedin-HiQ Labs case teach us about data scraping in the US?
Here are some of my thoughts on what the U.S. District Court for the Northern District of...more
Federal Trade Commission Commissioner Alvaro Bedoya wants companies that collect location information to take a hard look at their practices and what they can do to better protect their users....more
“Businesses, service providers, and contractors are to comply with not just the letter of the (California Consumer Privacy Act), but the spirit of the law.”
That is according to a new Initial Statement of Reasons issued...more
6/9/2022
/ Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consent ,
Consumer Privacy Rights ,
Consumer Requests ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Opt-Outs ,
Third-Party Service Provider
California Attorney General Rob Bonta has issued statement about protecting health data in mobile apps in view of the upcoming SCOTUS decision in Dobbs. In the process, he also signaled continued enforcement....more
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce it as part of an employee’s Data Subject Access Request (DSAR), it shouldn’t be...more
What do obscenity and data minimization have in common?
As Justice Potter Stewart famously wrote in his concurring opinion to the U.S. Supreme Court’s decision in the 1964 free speech case Jacobellis v. Ohio, “I know it...more
4/29/2022
/ CafePress ,
California Privacy Rights Act (CPRA) ,
CCTV ,
CNIL ,
Data Collection ,
Data Deletion ,
Data Retention ,
Databases ,
DPA ,
Federal Trade Commission (FTC) ,
Pornography ,
Telehealth
The European Union is gearing up to regulate AI, but what is the U.S. doing?
•There are new Federal algorithmic transparency bills being filed:
•The Algorithmic Accountability Act of 2022, introduced by Senator Ron Wyden...more
The UK’s Information Commissioner’s Office (ICO) has issued guidance on pseudonymisation.
Here are some key points:
What is it?
At a basic level, pseudonymisation starts with a single input (the original data) and...more