Summary -
A class action lawsuit filed against OpenAI and its primary investor, Microsoft, seeks damages and injunctive relief for the alleged theft and commercial misappropriation of consumer personal data processed by and...more
With its draft rules, Colorado has set forth a new model for state privacy laws. While there are many areas that are interoperable with the California model, the Colorado draft rules include important differences, as well as...more
The Third Circuit recently became the first federal appellate court to address the question of whether the victim of a data breach has Article III standing to bring a claim for damages based on the fear of identity theft...more
In a surprising development, the California Privacy Protection Agency (CPPA) published proposed amendments to the CCPA regulations recently. The proposed amendments were initially made public in a package of materials to be...more
Connecticut is the next in a growing list of states to pass comprehensive data privacy legislation. Last Friday, the Connecticut legislature passed, by large margins, Senate Bill 6 — which we are referring to as...more
On June 4, 2021, the European Commission adopted an updated and long-awaited set of standard contractual clauses (SCCs) for the international transfer of personal data. The previous standard contractual clauses were created...more
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand...more
On September 9, 2020, Washington Senator Reuven Carlyle, D-Seattle, announced via Twitter that the third version of the draft Washington Privacy Act 2021 (“WPA”) was available for public review and comment. The recently...more
On July 16, 2020, the European Court of Justice (Court) ruled in the “Schrems II” case that the one of the most commonly used cross border data transfer mechanisms between the European Union (EU) and the United States (US),...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
While businesses are busy finalizing CCPA preparations, a new privacy initiative in California called the California Privacy Rights Act (CPRA) may be headed to the November 2020 ballot....more
5/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
In light of COVID-19, many organizations are taking advantage of free video conferencing capabilities offered by Zoom. Almost overnight, Zoom has become one of the most popular video conferencing services among businesses and...more
The successful management of COVID-19 relies on the quick analysis and collection of health data, which can raise privacy issues particularly in the European Union. ...more
In the midst of a global pandemic, readers may have overlooked the recent issuance by the California Office of Attorney General (OAG) of a second set of modifications to the California Consumer Privacy Act (CCPA) regulations....more
3/18/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On Friday, February 7, 2020, the California Attorney General’s (AG) Office released modified regulations to the California Consumer Privacy Act (CCPA). The modified regulations incorporate amendments to the CCPA signed into...more
2/11/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Welcome to our latest edition of Retail Rap. From influencer marketing to launching a startup and ensuring digital advertising complies with the latest regulations, retail issues are making news—and presenting legal...more
11/21/2019
/ Advertising ,
Brand ,
California Consumer Privacy Act (CCPA) ,
Cookies ,
Cybersecurity ,
Data Protection ,
Distributors ,
E-Commerce ,
Emerging Growth Companies ,
Entrepreneurs ,
Fashion Industry ,
Influencers ,
Internet Retailers ,
Manufacturers ,
Online Advertisements ,
Online Platforms ,
Personal Data ,
Retail Market ,
Retailers ,
Startups ,
Targeted Digital Advertising ,
Venture Capital ,
Web Tracking
For businesses, one of the more worrisome scenarios under the CCPA occurs when they mistakenly provide personal information of a consumer to the wrong party in response to a consumer request, whether because of fraud or...more
10/22/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Request For Information ,
Rulemaking Process ,
State and Local Government ,
Two-Step Verification ,
Verification Requirements
To the surprise of some, the proposed CCPA Regulations issued last Thursday don’t address many of the well-discussed ambiguities under the law (such as what “valuable consideration” means in the context of a sale of personal...more
10/18/2019
/ Attestation Requirements ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
The California Attorney General’s Office released its long-awaited proposed CCPA Regulations yesterday. The proposed Regulations are 24 pages long, and address a number of important technical compliance issues including...more
10/11/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
On September 13, 2019—the last day of the legislative session—California lawmakers approved five amendments intended to clarify the scope of the California Consumer Privacy Act (the “CCPA”), but rejected several...more
9/17/2019
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
Just two days after the Federal Trade Commission (“FTC”) announced a historic settlement of privacy and security claims against Equifax, the FTC today announced that Facebook has agreed to pay $5 billion in civil fines,...more
7/25/2019
/ Cambridge Analytica ,
Consent Order ,
Corporate Structures ,
Data Management ,
Data Privacy ,
Data Protection ,
Facebook ,
Federal Trade Commission (FTC) ,
FTC Act ,
Online Advertisements ,
Personal Data ,
Settlement Agreements ,
Social Media ,
Unfair or Deceptive Trade Practices
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date. ...more
7/23/2019
/ Consumer Financial Protection Bureau (CFPB) ,
Credit Monitoring ,
Credit Reporting Agencies ,
Cyber Attacks ,
Data Breach ,
Enforcement Actions ,
Equifax ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Hackers ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Qualified Settlement Funds ,
Settlement Agreements ,
Vulnerability Assessments
New York’s proposed data privacy law failed to materialize in the latest legislative session and is now presumed dead. New York was one of a number of states that proposed sweeping privacy legislation after the enactment of...more
7/19/2019
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Duty of Care ,
Duty of Loyalty ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
In April 2019, the California Assembly Privacy and Consumer Protection Committee rejected a proposal known commonly as the “Privacy for All Act” (AB-1760), which among other things would have provided a private right of...more
Following the speedy enactment of the California Consumer Privacy Act (CCPA or Act) in June 2018, business and consumer advocates alike have been pressuring California lawmakers to clarify the many ambiguities raised by the...more
5/16/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Exemptions ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
Following numerous privacy complaints, the State Office for Data Protection Supervision (BayLDA) recently conducted a random audit on 40 companies and found widespread problems with their cookie disclosures....more
3/8/2019
/ Cookie Banners ,
Cookies ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Violations ,
Transparency ,
Vulnerability Assessments