On July 24, 2025, the California Privacy Protection Agency (CPPA) unanimously adopted a comprehensive rulemaking package under the California Consumer Privacy Act (CCPA) that primarily addresses automated decisionmaking...more
7/31/2025
/ Algorithms ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Employee Rights ,
Job Applicants ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology
Companies should brace for another surge in California Invasion of Privacy Act (CIPA) claims after two federal court decisions may encourage plaintiffs to file even more claims relating to website analytics tools. No industry...more
9/6/2024
/ Analytics ,
Appeals ,
California ,
California Consumer Privacy Act (CCPA) ,
CIPA ,
Class Action ,
Demand Letter ,
Invasion of Privacy ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Legislatures ,
Websites
Welcome to the latest edition of Updata!
Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity...more
5/11/2023
/ Adequacy Requirement ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
China ,
Consent ,
Cookies ,
Cybersecurity ,
Czech Republic ,
Disclosure Requirements ,
EU ,
EU Data Protection Laws ,
Germany ,
International Data Transfers ,
Member State ,
New Guidance ,
New Legislation ,
NIST ,
Privacy Laws ,
Singapore ,
South Korea ,
State Privacy Laws ,
UK
On March 27, 2023, the California Privacy Protection Agency (CPPA) will close its second phase of rulemaking on automated decision-making (ADM) systems under the California Privacy Rights Act (CPRA)— but not before giving...more
The year 2023 will continue to have cybersecurity and data privacy front of mind for General Counsels. With sweeping new US and global laws and regulations coming online and the California Privacy Protection Agency (CPPA)...more
3/3/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
On Wednesday February 1, 2023, the NAIC Privacy Protections Working Group (the Working Group) released a draft of a new model law for comment, the Insurance Consumer Privacy Protection Model Law (#674) (the Proposal), which...more
2/10/2023
/ California Consumer Privacy Act (CCPA) ,
Data Security ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
NAIC ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Rules ,
Working Groups
In a groundbreaking decision, the Federal Trade Commission (FTC) announced it was diagnosing GoodRx’s use of tracking pixel codes and analytics, its digital strategy, as not only an unfair or deceptive act or abusive practice...more
2/9/2023
/ Behavioral Advertising ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Data Breach ,
Data-Sharing ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internal Controls ,
Microsoft ,
Personal Information ,
Pharmacies ,
PHI ,
Sensitive Personal Information ,
Social Networks ,
UDAP ,
Unfair or Deceptive Trade Practices
Recently, US companies are experiencing a surging wave of consumer class action lawsuits alleging businesses and their software providers are violating state anti-wiretapping statutes and invading consumers’ privacy rights...more
There are many similarities between the Colorado Privacy Act (ColoPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data privacy Act (VCDPA), and Europe’s GDPR,...more
7/15/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Protection ,
Data Subjects Rights ,
Enforcement Authority ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
Standard Contractual Clauses ,
State Privacy Laws ,
Statutory Violations
Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity regulatory and legal developments from the...more
3/11/2021
/ California Consumer Privacy Act (CCPA) ,
China ,
Coronavirus/COVID-19 ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Privacy ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Hong Kong Monetary Authority (HKMA) ,
Popular ,
Schrems I & Schrems II ,
State Privacy Laws ,
Surveillance ,
Virus Testing
On March 2, 2021, Governor Northam signed the Virginia Consumer Data Protection Act (CDPA or the Act) making it the country’s second comprehensive data privacy legislation following California’s Consumer Protection Act of...more
3/5/2021
/ California Consumer Privacy Act (CCPA) ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Governor Northam ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
State Data Privacy Laws
It was a tumultuous year for privacy and cybersecurity, and further uncertainty is all but guaranteed. The key to navigating this volatility, as 2020 proved, is to develop and maintain a proactive, agile and holistic data...more
2/10/2021
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cryptocurrency ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
NAIC ,
Popular
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA), by approximately 56-44%. This act will amend and supersede the still recent California Consumer Privacy Act (CCPA), once...more
11/10/2020
/ Administrative Agencies ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cybersecurity ,
Enforcement Authority ,
Minors ,
New Legislation ,
Opt-Outs ,
Personal Information ,
Popular ,
Private Right of Action ,
Sensitive Personal Information
Hopes that privacy regulators and litigants would grant a reprieve to businesses during the COVID-19 pandemic may prove ill-founded. On July 21, 2020, the New York Department of Financial Services announced its first...more
On May 5, 2020, the NAIC’s Privacy Protections (D) Working Group met via conference call. The Working Group was formed on October 1, 2019, under the Market Regulation and Consumer Affairs (D) Committee on a referral from...more
In the scramble to come into compliance before the January 1, 2020 deadline, companies may have overlooked a key - and potentially costly - requirement in the California Attorney General draft regulations to the California...more
On February 10, 2020, the California Attorney General published revisions to the proposed regulations (Revised Regulations) to implement the California Consumer Privacy Act of 2018 (CCPA). The changes largely clarify and...more
With companies increasingly worried about what the California Attorney General, and private litigants, will do once the California Consumer Privacy Act comes into effect, they should not lose sight of what the Federal Trade...more
In the run-up to January 1, 2020, the California legislature and Attorney General are rushing to provide clarity to the California Consumer Privacy Act of 2018 (CCPA) - and businesses are rushing to interpret and implement...more
11/18/2019
/ Amended Legislation ,
Anti-Discrimination Policies ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Deletion ,
Data Privacy ,
Data Security ,
E-Commerce ,
Fair Credit Reporting Act (FCRA) ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Proposed Amendments ,
State Data Breach Notification Statutes ,
Subject Access Request (SAR)
On October 11, 2019, the California Attorney General issued long-awaited draft Regulations to the California Consumer Privacy Act (CCPA). The draft Regulations provide helpful clarity on some core aspects of California’s...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete ,
State Attorneys General
While many breathed a sigh of relief when the California legislature provided only a limited private right of action for data breaches under its sweeping new privacy law - the California Consumer Privacy Act (CCPA) -...more
9/5/2019
/ Arbitration ,
California Consumer Privacy Act (CCPA) ,
Civil Code ,
Consumer Privacy Rights ,
Data Breach ,
Enforcement Authority ,
Federal Arbitration Act ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Risk Management ,
Statutory Damages ,
Unfair Competition Law (UCL)
While the California Consumer Privacy Act (CCPA) and its potential amendments are still a top concern for businesses, other states are showing that they will not be left behind when it comes to enhanced privacy legislation....more
6/7/2019
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Pending Legislation ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Proposed Amendments ,
Proposed Legislation
As this eventful year for new privacy and cybersecurity regulations winds down, multinational companies still need to look ahead to new regulations that will come online in 2019, including Vietnam’s Law on...more
12/5/2018
/ Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Corporate Counsel ,
Covered Entities ,
Cybersecurity ,
Foreign Corporations ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Pending Legislation ,
Personal Data ,
Popular ,
Vietnam