A federal court in Illinois has dismissed a class action suit filed under the Illinois Biometric Information Privacy Act (BIPA), finding that Hyundai did not “collect, capture, or otherwise obtain” biometric data by use of...more
In a significant win for the defense, a California federal judge denied class certification in a California Invasion of Privacy Act (CIPA) suit alleging that AddShoppers and Peet’s Coffee unlawfully tracked website visitors...more
7/2/2025
/ California ,
CIPA ,
Class Action ,
Class Certification ,
Cookies ,
Data Collection ,
Data Privacy ,
Invasion of Privacy ,
Litigation Strategies ,
Privacy Laws ,
Web Tracking ,
Websites
The New Jersey Division of Consumer Affairs has released proposed rules to implement the New Jersey Data Privacy Act (NJDPA). For covered businesses, these proposed rules demand close attention—not only for their substantive...more
The California Privacy Protection Agency (“CPPA”) Board released newly modified draft regulations addressing automated decision-making technology (“ADMT”), risk assessments, and cybersecurity audits under the California...more
On April 7, 2025, Arkansas passed the Arkansas Children and Teens’ Online Privacy Protection Act (HB 1717) - a state law modeled closely after the federal Children and Teens’ Online Privacy Protection Act (widely referred to...more
Kilpatrick’s John Brigagliano recently spoke at the Association of Corporate Counsel (ACC) DFW Annual In-House Symposium in Frisco, Texas. John spoke on the topic of “Privacy in a Flash: Keeping Up with Rapid Changes in State...more
The U.S. Department of Justice (DOJ) has issued a final rule that significantly restricts the transfer of bulk sensitive personal data and government-related data to certain foreign entities deemed countries of concern....more
Starting January 2025, five state privacy laws will take effect, providing consumer privacy rights to a new swath of individuals across the country. Delaware, Iowa, Nebraska, and New Hampshire’s laws will go into effect on...more
As state-level privacy laws continue to expand in the absence of federal legislation, businesses must prepare to meet a growing patchwork of requirements or risk penalties and reputational harm. In 2025, eight additional...more
On May 16, 2024, the Illinois Legislature passed Senate Bill 2979 (SB2979), clarifying how damages are calculated under the Illinois Biometric Information Privacy Act (BIPA). 740 ILCS 14/1, et seq. This amendment confirms...more
On July 1, 2024, three more U.S. state privacy regulations will take effect. While these laws align with many of the principles established by other state privacy laws, they also introduce unique compliance requirements...more
The United States privacy landscape becomes more cluttered by the week. While most of the legal media is focusing on federal legislation coming out of Washington, the most significant privacy development in the United States...more
This year is proving to be just as an important year for privacy professionals as 2023. In our third installment of what privacy pros should know, we provide you with some highlights about the following important developments...more
The California Privacy Protection Agency (the “Agency”) may start enforcing privacy regulations according to a recent decision from the California Third District Court of Appeal. The privacy regulations at issue stem from the...more
On December 20, 2023, the Federal Trade Commission (FTC) published a Notice of Proposed Rulemaking (Proposed Rule) seeking to update the Children’s Online Privacy Protection Act (COPPA), which would place new restrictions on...more
You may be feeling overwhelmed with the thought of having to comply with yet another state privacy law. However, New Jersey’s privacy bill is chock-full of significant exemptions that may ease your organization’s compliance...more
The Colorado Department of Law has published its Universal Opt-Out Shortlist under the Colorado Privacy Act (“CPA”). This is eagerly awaited guidance for organizations who are subject to the CPA as the guidance provides...more
On December 19, 2023, Rite Aid Corporation (Rite Aid) agreed to settle Federal Trade Commission (FTC) charges that it failed to take reasonable measures to prevent harm to consumers from its use of facial recognition...more
The California Privacy Rights Act (“CPRA”), also known as Proposition 24, became effective on January 1, 2023. Rather than acting as a complete overhaul of the California Consumer Privacy Act (“CCPA”), the CPRA further...more
Given the increasing number of data privacy laws in the U.S., entering into appropriate data processing agreements (“DPAs”) with vendors has now become a critical component of vendor management. It can also be one of the most...more
In March of this year, we wrote about “secondary use” consent requirements under the CCPA and Colorado’s CPA. Since that post, the number of U.S. state privacy laws has roughly doubled. Determining consent requirements under...more
The pace of privacy developments in 2023 has been breathtaking. Since our recent alert regarding Iowa’s comprehensive data privacy law and Colorado’s finalized rules, there have been a number of key developments in data...more
Since 2021, the administrative code of the City of New York requires commercial establishments in New York City to post conspicuous signs by their entrances if these businesses are collecting customers’ biometric information...more
On March 28, 2023, Iowa became the sixth state to enact a comprehensive consumer privacy law. If the thought of having to comply with yet another state privacy law is causing a sense of panic, fret not. Iowa’s bill is largely...more
One internet search of the CCPA or the CPA reveals a plethora of articles outlining standard data protection requirements under those laws, from privacy notice requirements to new mandatory contractual provisions. But the...more