From the expansion of “general privacy” laws in US states and concerns over cross-border data transfers, to global focus on artificial intelligence, surveillance and dark patterns, 2023 was a busy year. Our privacy team...more
As we begin the new year, many are wondering whether the growing list of US state privacy laws apply to them, and if so, what steps they should take to address them. For companies that gather information from consumers,...more
The FTC is beginning 2024 with a bang. Just a few short days after announcing a settlement with lead-generation company Response Tree, the FTC has announced another decision. In this latest announcement, the FTC has described...more
In anticipation of July 1, 2024, requirements to allow consumers the ability to use “universal opt out mechanisms” in certain circumstances, Colorado has posted its “universal opt out shortlist.” The list is indeed short....more
Continuing its focus on potential dark patterns, the FTC has reached a settlement with the lead generation company Response Tree LLC and its president over allegations that the company ran sites that tricked people into...more
Both Texas and Oregon recently adopted rules that will, among other things, implement a registry required by both states’ data broker laws. The Texas law went into effect September 1, 2023, and the Oregon law will go into...more
12/27/2023
/ Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Sellers ,
New Legislation ,
Oregon ,
Privacy Laws ,
Registration Requirement ,
State and Local Government ,
State Privacy Laws
The CPPA, the California regulatory body charged with enforcing CCPA, recently released draft regulations for use of automated decisionmaking technology. The draft comes under the law’s requirements for the agency to issue...more
12/21/2023
/ Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
Proposed Rules ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
The European Council recently approved a final version of the EU Data Act. The Act applies to manufacturers of connected devices. Among other things, it gives consumers certain rights about the information those devices...more
The FTC recently announced a settlement with Global Tel*Link, a telecommunications company that contracts with prisons and jails to provide communication services to incarcerated individuals and their families. Those who use...more
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance with eight underlying principles. The order, while directed to government agencies, will impact businesses as well. In particular,...more
The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more
11/28/2023
/ CNIL ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Marketing ,
Personal Data ,
Privacy Laws ,
Regulatory Violations
The FTC’s second attempt to pursue the data broker, Kochava, continues to move forward. The amended complaint, which was just unsealed and thus available for the public to review, gives insight into the agency’s perspective...more
The FTC continues its focus and concern on use of technologies that integrate artificial intelligence, this time turning to potential consumer harm with voice cloning technology. Today the commission announced a challenge...more
The Massachusetts Gaming Commission approved data privacy regulations under the 2022 Massachusetts Sports Wagering Act earlier this fall. While directed to a narrow group of companies, the restrictions around use of...more
Beginning today, the UK adequacy decision for US data protection measures goes into effect. As a result, UK companies can transfer personal information to entities in the US that are participants in the EU-US Data Privacy...more
Among the various requirements under US state comprehensive privacy laws, those that relate to loyalty programs may be some of the most confusing. Only three states — California, Colorado and Florida — regulate these...more
The CPPA, the California regulatory body charged with enforcing CCPA, has now issued draft regulations on risk assessments and cybersecurity audits. The draft was released ahead of a public board meeting to discuss those...more
After some delay, Delaware’s governor has at last signed into law the thirteenth state comprehensive privacy law. This is the seventh law passed in 2023, joining Iowa, Indiana, Tennessee, Montana, Florida, and Oregon. The law...more
It’s been a busy summer for US state privacy laws, and companies now need to keep track of a growing list of requirements from these laws. These include many we have written about in the past, including notice, vendor...more
Now that the EU has adopted its adequacy decision for the EU-US Data Privacy Framework (DPF), many companies are assessing whether participation makes sense. Participation by a US entity is a mechanism -but not the only...more
Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will...more
X Corp., the company formerly known as Twitter, recently sued Bright Data over its site scraping activities. Bright Data is a data collection company and advertises—among other services—its “website scraping” solutions....more
As many who are keeping track of generative AI developments are aware, the FTC recently announced that it is investigating OpenAI’s ChatGPT product. For the privacy practitioner this investigation is important given that...more
Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee,...more
The enforcement division of the California Privacy Protection Agency (CPPA) recently announced it intends to review the privacy practices of connected vehicles. The driving force behind the review is the technologies in...more