Starting January 2025, five state privacy laws will take effect, providing consumer privacy rights to a new swath of individuals across the country. Delaware, Iowa, Nebraska, and New Hampshire’s laws will go into effect on...more
As state-level privacy laws continue to expand in the absence of federal legislation, businesses must prepare to meet a growing patchwork of requirements or risk penalties and reputational harm. In 2025, eight additional...more
On December 20, 2023, the Federal Trade Commission (FTC) published a Notice of Proposed Rulemaking (Proposed Rule) seeking to update the Children’s Online Privacy Protection Act (COPPA), which would place new restrictions on...more
The Colorado Department of Law has published its Universal Opt-Out Shortlist under the Colorado Privacy Act (“CPA”). This is eagerly awaited guidance for organizations who are subject to the CPA as the guidance provides...more
Generative artificial intelligence (“GenAI”) and GenAI tools like ChatGPT have a significant opportunity to revolutionize how many organizations do business. GenAI tools allow users to brainstorm ideas, quickly generate...more
In March of this year, we wrote about “secondary use” consent requirements under the CCPA and Colorado’s CPA. Since that post, the number of U.S. state privacy laws has roughly doubled. Determining consent requirements under...more
The pace of privacy developments in 2023 has been breathtaking. Since our recent alert regarding Iowa’s comprehensive data privacy law and Colorado’s finalized rules, there have been a number of key developments in data...more
One internet search of the CCPA or the CPA reveals a plethora of articles outlining standard data protection requirements under those laws, from privacy notice requirements to new mandatory contractual provisions. But the...more
Website session replay technology continues to fuel class action litigation alleging violations of anti-wiretap laws in all-party consent states. In 2021, we issued an alert highlighting that session replay lawsuits were...more
We warned you last summer that California Consumer Privacy Act (“CCPA”) enforcement was heating up! The California Attorney General (“CAG”) announced a settlement with cosmetics retailer, Sephora. That, among other penalties,...more
In our second installment of what privacy professionals should know before they start the summer, we provide you with highlights from the draft regulations from the California Privacy Protection Agency (“CPPA”) and...more
Efforts to Delay the LGPD Fail -
As noted by our firm earlier this spring, Brazilian authorities have considered delaying the General Personal Data Protection Law’s (“Lei Geral de Proteção de Dados” or “LGPD”) effective...more
Any organization that relies on certification under the EU-U.S. Privacy Shield framework and/or entering into the Standard Contractual Clauses (“SCCs” or “Model Clauses”) to effectuate personal data transfers from the...more
7/22/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
Don’t worry about the new Nevada privacy law, SB 220 signed by the Governor last month, unless you’re selling personal information to a data broker, said no law firm whatsoever in its legal alert. At best they bury the lead,...more
After almost four years of the largest and most ambitious effort in history to transform a nation with technology, India is looking ahead to protecting the data that it is generating. ...more