Connecticut Attorney General William Tong recently announced his office’s first enforcement action for violations of the Connecticut Data Privacy Act. “This law has now been in effect for two years,” Tong said in a...more
7/11/2025
/ Attorney General ,
Compliance ,
Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Fines ,
Penalties ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
New Jersey recently released draft privacy regulations, and there is a lot to unpack and process.
In this three-part series, I will break down the regulations -
Part 1: The New Personal data:
• Scraping is carved...more
6/27/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Retention ,
New Jersey ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Proposed Rules ,
State Privacy Laws
The Attorney Generals of California, Connecticut, Delaware, New Jersey, Oregon and Vermont wrote a letter June 23, 2025 to Senate Majority Leader John Thune and Senate Minority Leader Chuck Schumer, objecting to a proposed AI...more
6/25/2025
/ Algorithms ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Enforcement Actions ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Reform ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws ,
Technology Sector
Vermont recently adopted the Vermont Age-Appropriate Design Code Act, which goes into effect on January 1, 2027. The law is enforceable by the Vermont Attorney General as an unfair or deceptive act or practice. The Attorney...more
6/18/2025
/ Algorithms ,
Biometric Information ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Duty of Care ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Transparency ,
Unfair or Deceptive Trade Practices ,
Vermont
Businesses should expect to see “increased enforcement” from the California Privacy Protection Agency now that the agency has had four years to staff up and implement rules, the CPPA’s executive director said in an interview...more
6/9/2025
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement ,
Enforcement Actions ,
Enforcement Priorities ,
New Regulations ,
Personal Information ,
Privacy Laws ,
State Privacy Laws
For the second installment of this series on the new California Consumer Privacy Act (CCPA) Regs, we are looking at consumer request processes.
One major eye opener: Tracker opt-outs must be immediate and you may not be...more
5/8/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Data Requests ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Disclosure Requirements ,
New Regulations ,
Opt-Outs ,
Privacy Laws
New California Consumer Privacy Act (CCPA) Regs are here, with comments open until June 2.
There are a lot of issues to address, and a lot of work for companies to implement. We are talking about billions of dollars in...more
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
The following is sufficient consent for the Video Privacy Protection Act and the California Invasion of Privacy Act, according to a recent decision in the U.S. District Court for the Northern District of California....more
If you are “tester” who actively seeks out privacy violations and files lawsuits to ensure legal compliance (as many class action lawsuit plaintiffs are), you do NOT have Article III standing to sue, according to a recent...more
4/8/2025
/ Article III ,
California ,
CIPA ,
Class Action ,
Data Collection ,
Invasion of Privacy ,
Motion to Dismiss ,
Privacy Laws ,
Privacy Policy ,
Standing ,
Websites
The office of the Oregon Attorney General recently releases a six-month enforcement report regarding the Oregon’s Consumer Privacy Act (OCPA). What are we discussing with our clients?...more
3/12/2025
/ Compliance ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Nonprofits ,
Oregon ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
Is the EU AI Act a Jenga piece that can easily be removed from the regulatory tower? Here are some key points from the “AI Regulation – a critical comment” workshop at the Alpine Privacy Days Conference, courtesy of Florent...more
On the heels of the formation of the House Privacy Working Group, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (PA-13), Vice Chairman of the House...more
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and use of Generative AI....more
2/18/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Hawaii ,
Information Security ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
1/31/2025
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gambling ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
UK ,
UK GDPR
The old saying goes, “Don’t mess with Texas.” The same can be said of the Texas Privacy Act. The Texas Department of Information Resources recently issued an implementation status for the act....more
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
1/17/2025
/ CNIL ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws ,
Privacy Policy
The European Data Protection Board’s recent opinion on AI models can be useful in several ways. Last week, I covered EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
Here are eight recent developments in privacy law you should consider as you get ready for the holidays. Don’t Lie on Your AI -
•The U.S. Federal Trade Commission recently issued a new enforcement action on AI...more
To paraphrase Animal Farm, all pixels are not created equal, but some pixels are more privacy invasive than others. Here are some recent points I made during a presentation to some of my firm’s litigators:...more
The Office of the Australian Information Commissioner recently issued practical guidance on how to deploy tracking technologies (pixels) in a privacy compliant manner under the Australian Privacy Law....more
These are the top 10 things you need to know from from the world of privacy last month, as compiled by me.
•Texas means business when it comes to biometrics. The Texas Attorney General recently secured a $1.4 billion...more
8/5/2024
/ Biometric Information ,
CNIL ,
COPPA ,
Deep Fake ,
Department of Health and Human Services (HHS) ,
Facebook ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Latvia ,
Metaverse ,
Privacy Laws ,
State Attorneys General ,
Texas ,
Web Tracking ,
Websites
What are the top 5 data privacy concerns for my clients the past couple of months? Here are some notes I recently compiled for a meeting of Fox Rothschild’s national Privacy Law Practice Group.
Patchwork Paralysis -
•How...more
U.S. companies thinking about falling back on “disproportionate” effort for access requests under the new U.S. privacy laws because they require compiling too many documents should think again.
The Berlin Administrative...more
The state of Oregon has passed a comprehensive data protection law (SB0619), which will go into effect in July 2024. What do you need to know about SB0619, also known as the Oregon Consumer Privacy Act?...more
12/4/2023
/ Biometric Information ,
Data Controller ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Oregon ,
Personal Data ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws