Employers are increasingly monitoring and filtering the web browsing habits of employees.
The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
7/28/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Disclosure Requirements ,
Employee Rights ,
Employees ,
EU ,
Personal Data ,
Websites
New Jersey recently released draft privacy regulations, and there is a lot to unpack and process.
In this three-part series, I will break down the regulations -
Part 1: The New Personal data:
• Scraping is carved...more
6/27/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Retention ,
New Jersey ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Proposed Rules ,
State Privacy Laws
For the second installment of this series on the new California Consumer Privacy Act (CCPA) Regs, we are looking at consumer request processes.
One major eye opener: Tracker opt-outs must be immediate and you may not be...more
5/8/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Data Requests ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Disclosure Requirements ,
New Regulations ,
Opt-Outs ,
Privacy Laws
New California Consumer Privacy Act (CCPA) Regs are here, with comments open until June 2.
There are a lot of issues to address, and a lot of work for companies to implement. We are talking about billions of dollars in...more
The following is sufficient consent for the Video Privacy Protection Act and the California Invasion of Privacy Act, according to a recent decision in the U.S. District Court for the Northern District of California....more
The Commission Nationale de l’Informatique et des Libertés in France recently took action against misleading cookie banners as subverting true consent. This is not a new issue, though, with the Federal Trade Commission, the...more
Here are eight recent developments in privacy law you should consider as you get ready for the holidays. Don’t Lie on Your AI -
•The U.S. Federal Trade Commission recently issued a new enforcement action on AI...more
I recently had the pleasure of speaking with the Atlantic County Bar Association. Here are some of the key takeaways from my presentation: Employees are “consumers” under the California Consumer Privacy Act. It requires:...more
The Superior Court of California, County of Sacramento recently issued an order delaying the enforcement of newly enacted California Privacy Rights Act (CPRA) regulations until March 29, 2024, one year from the date they were...more
The California Privacy Protection Agency (CPPA) has issued a Final Statement of Reasons for amended California Consumer Privacy (CCPA) regulations.
Key Points:
The amendments were “necessary” (used 135 times), just...more
What do you need to know about the changes in the new, new, new, new, new CPRA Regs?
1.your good faith efforts to comply count-
2.data minimization (reasonably necessary and proportionate) for the win, in almost any...more
Yes, your privacy notice does need to be “that good.” If it isn’t, the California Attorney General’s Office might come knocking.
Here are some key points from the AG’s second year enforcement report:...more
“Businesses, service providers, and contractors are to comply with not just the letter of the (California Consumer Privacy Act), but the spirit of the law.”
That is according to a new Initial Statement of Reasons issued...more
6/9/2022
/ Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consent ,
Consumer Privacy Rights ,
Consumer Requests ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Opt-Outs ,
Third-Party Service Provider
During a recent webinar hosted by The Chicago Bar Association, some other panelists and I made some predictions about the future of data privacy.
What is on the horizon?...more
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce it as part of an employee’s Data Subject Access Request (DSAR), it shouldn’t be...more
Datatilsynet Norway has issued a helpful guide on the data protection aspects of employee monitoring, which are helpful for GDPR, but also for California employers with CPRA bringing employee rights into play in 2023....more
Your rights of access under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) include inferences derived from the your personal information, California Attorney General Rob Bonta said in...more
Many EU companies have their own ideas on what US Privacy laws mean for the, Here are three of the more common myths out there, busted.
Myth 1:
I don’t have physical presence in the US so the laws don’t apply to me....more
Maine is stepping into the privacy mix with a possible biometric law, and a possible CCPA-like law.
The biometric law, proposed by State Representative Maggie O’Neil, is generally similar to Illinois’ BIPA, even...more
The Commission Nationale de l’Informatique et des Libertés, the French Data Protection Agency, has issued a 150M Euro fine against Google and a 60M Euro fine against Facebook/Meta for cookie consent violations...more
U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.
Some of the bill’s key differentiators from CCPA, CDPA and CPA:...more
I had the pleasure of speaking during the Restaurant Technology Network Town Hall about a variety of privacy issues confronting restaurants and food delivery apps, including CCPA, CPRA, CDPA and CPA...more
What are practical lessons learned from the $85 million Zoom settlement?
•You can have big ticket enforcement dollars even without GDPR or CCPA.
•When you integrate a third party feature – including via a Software...more
Have you been leisurely following California Consumer Privacy Act (CCPA) litigation thinking, “That’s only for data breaches, not ‘soft’ violations.”
Think again...
...more
First we take Sacramento, then we take Berlin: How do US data protection laws affect how you do business.
The webinar is aimed at in-house or outside counsel, as well as data protection and compliance officers. In this...more
4/28/2021
/ Adtech ,
Analytics ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Chief Compliance Officers ,
Consumer Privacy Rights ,
Cookies ,
COPPA ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Sellers ,
Do Not Sell ,
E-Commerce ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multinationals ,
OEM ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
State Privacy Laws ,
Suppliers ,
Third-Party Service Provider ,
Webinars